```
Program terminated with signal SIGSEGV, Segmentation fault.
144 struct wlr_layer_surface_v1 *layer_surface = surface->layer_surface;
[Current thread is 1 (Thread 0x7f1f7c5b3ac0 (LWP 2473))]
(gdb) bt
```
Add a NULL check in `find_mapped_layer_by_client` like the one in `arrange_surface`.
This allows for layer shell surfaces to receive focus while the surface is explicitly focused, i.e allowing
text fields to receive keyboard input just like a regular surface.
Our layer shell implementation assigns every layer surface to an output
on creation. It tracks this output using the output field on the
underlying wlr_layer_surface_v1 structure. As such, much of the existing
code assumes that output is always non-NULL and omits NULL checks
accordingly.
However, there are currently two cases where we destroy a
sway_layer_surface and output is NULL. The first is when we can't find
an output to assign the surface to and destroy it immediately after
creation. The second is when we destroy a surface in response to its
output getting destroyed, as we set output to NULL in
handle_output_destroy() before we call wlr_layer_surface_v1_destroy(),
which is what calls the appropriate unmap and destroy callbacks.
The former case doesn't cause any problems, since we haven't even
allocated a sway_layer_surface at that point or registered any
callbacks. The latter case, however, currently triggers a crash (#6120)
if a popup is visible, since our popup_handle_unmap() implementation
can't handle a NULL output.
To fix this issue, keep output set until right before we free the
sway_layer_surface. All we need to do is remove some of the cleanup
logic from handle_output_destroy(), since as of commit c9060bcc12
("layer-shell: replace close() with destroy()") that same logic is
guaranteed to be happen later when wlroots calls handle_destroy() as
part of wlr_layer_surface_v1_destroy().
This lets us remove some NULL checks from other unmap/destroy callbacks,
which is nice. We also don't need to check that the wlr_output points to
a valid sway_output anymore, since we unset that pointer after disabling
the output as of commit a0bbe67076 ("Address emersions comments on
output re-enabling") Just to be safe, I've added assertions that the
wlr_output is non-NULL wherever we use it.
Fixes#6120.
This commit makes sure the extents are kept up-to-date, fixes not
damaging the surface if its layer shell-specific state didn't change,
and adds a check if the layer shell-specific state didn't change but the
surface got mapped/unmapped, which could affect keyboard focus.
When a layer surface shrinks we need to damage the area it previously
occupied, but we don't know the location of all its subsurfaces in the
previous state, so instead damage a rectangle that encloses the entire
previous extent.
With these changes, sway will respect positive exclusive zones of layer
surfaces anchored to one or three sides.
This matches the protocol, which states that a positive exclusive zone
should be respected, "if the surface is anchored to one edge or an
edge and both perpendicular edges". If the surfaces is "anchored to
only two perpendicular edges (a corner), anchored to only two
parallel edges or anchored to all edges a positive value will be
treated the same as zero".
This fixes the following crash:
#0 0x00007f7daac3af25 in raise () at /usr/lib/libc.so.6
#1 0x00007f7daac24897 in abort () at /usr/lib/libc.so.6
#2 0x00007f7daac24767 in _nl_load_domain.cold () at /usr/lib/libc.so.6
#3 0x00007f7daac33526 in () at /usr/lib/libc.so.6
#4 0x0000555bfbc35029 in seat_set_focus_layer (seat=0x555bfd76d860, layer=0x555bfdda2ff0)
at ../sway/input/seat.c:1164
__PRETTY_FUNCTION__ = "seat_set_focus_layer"
__PRETTY_FUNCTION__ = "seat_set_focus_layer"
#5 0x0000555bfbc35029 in seat_set_focus_layer (seat=seat@entry=0x555bfd76d860, layer=0x555bfdda2ff0)
at ../sway/input/seat.c:1164
__PRETTY_FUNCTION__ = "seat_set_focus_layer"
#6 0x0000555bfbc25899 in handle_output_destroy (listener=0x555bfdb90688, data=<optimized out>)
at ../sway/desktop/layer_shell.c:263
layer = 0x555bfdd6b040
sway_layer = 0x555bfdb90610
seat = 0x555bfd76d860
client = 0x555bfdb76d70
set_focus = <optimized out>
#7 0x0000555bfbc5b669 in wl_signal_emit (data=0x555bfd795930, signal=0x555bfd795ae0)
at /usr/include/wayland-server-core.h:472
l = <optimized out>
next = 0x555bfdb6a3e8
__PRETTY_FUNCTION__ = "output_disable"
index = <optimized out>
#8 0x0000555bfbc5b669 in output_disable (output=output@entry=0x555bfd795930)
at ../sway/tree/output.c:263
__PRETTY_FUNCTION__ = "output_disable"
index = <optimized out>
#9 0x0000555bfbc3b890 in apply_output_config (oc=0x555bfd7d73d0, output=output@entry=0x555bfd795930)
at ../sway/config/output.c:321
wlr_output = 0x555bfd7afaf0
scale = <optimized out>
output_box = <optimized out>
#10 0x0000555bfbc28309 in handle_output_manager_apply
(listener=0x555bfbc7f148 <server+488>, data=0x555bfdca6eb0) at ../sway/desktop/output.c:936
wlr_output = <optimized out>
output = 0x555bfd795930
oc = <optimized out>
server = 0x555bfbc7ef60 <server>
config = 0x555bfdca6eb0
config_head = 0x555bfdb79350
ok = true
#11 0x00007f7dab4fbf7c in wlr_signal_emit_safe (signal=<optimized out>, data=0x555bfdca6eb0)
at ../subprojects/wlroots/util/signal.c:29
pos = 0x555bfbc7f148 <server+488>
l = 0x555bfbc7f148 <server+488>
cursor =
{link = {prev = 0x555bfbc7f148 <server+488>, next = 0x7fff238a8390}, notify = 0x7f7dab4fbef0 <handle_noop>}
end =
{link = {prev = 0x7fff238a8370, next = 0x555bfd7419f8}, notify = 0x7f7dab4fbef0 <handle_noop>}
#12 0x00007f7daa45469a in ffi_call_unix64 () at /usr/lib/libffi.so.6
#13 0x00007f7daa453fb6 in ffi_call () at /usr/lib/libffi.so.6
#14 0x00007f7daae6f82f in () at /usr/lib/libwayland-server.so.0
#15 0x00007f7daae6c193 in () at /usr/lib/libwayland-server.so.0
#16 0x00007f7daae6d7f2 in wl_event_loop_dispatch () at /usr/lib/libwayland-server.so.0
#17 0x00007f7daae6c39c in wl_display_run () at /usr/lib/libwayland-server.so.0
This crash happens because focus can only be set on mapped surfaces.
When arranging layer-shell layers, verify that the currently focused
layer, if any, for each seat is still keyboard interactive. If the layer
is no longer keyboard interactive and there is not a keyboard
interactive overlay or top layer to change the focus to, refocus the
focus inactive node for the seat.
If a layer is focused by any seat, it needs to be unfocused on unmap. If
the unmap was due to an output being disabled, there would not be a
sway_output and unmap would do an early return. This results in a
use-after-free if the layer was focused by any seat prior to being
unmapped. This change just moves the refocusing code above the early
returns.
Popups are positioned relative to local surface coordinates of the
parent surface. There's no need to consider values set with
xdg_surface.set_window_geometry for parent surfaces.
Focused layers are not cleared when destroyed, they are cleared on unmap.
Giving focus to an unmapped layer surface is (1) incorrect and (2) triggers a
use-after-free.
Closes: https://github.com/swaywm/sway/issues/4517