Fixes this kind of use-after-free:
==1795==ERROR: AddressSanitizer: heap-use-after-free on address 0x612000191ef0 at pc 0x00000048c388 bp 0x7ffe308f0410 sp 0x7ffe308f0400
WRITE of size 8 at 0x612000191ef0 thread T0
#0 0x48c387 in wl_list_remove ../common/list.c:157
#1 0x42196b in handle_destroy ../sway/desktop/layer_shell.c:275
#2 0x7f55cc2549fa in wlr_signal_emit_safe ../util/signal.c:29
#3 0x7f55cc22cf68 in layer_surface_destroy ../types/wlr_layer_shell.c:182
#4 0x7f55cc22d084 in layer_surface_resource_destroy ../types/wlr_layer_shell.c:196
#5 0x7f55cc4ca025 in destroy_resource src/wayland-server.c:688
#6 0x7f55cc4ca091 in wl_resource_destroy src/wayland-server.c:705
#7 0x7f55cc22c3a2 in resource_handle_destroy ../types/wlr_layer_shell.c:18
#8 0x7f55c8ef103d in ffi_call_unix64 (/lib64/libffi.so.6+0x603d)
#9 0x7f55c8ef09fe in ffi_call (/lib64/libffi.so.6+0x59fe)
#10 0x7f55cc4cdf2c (/lib64/libwayland-server.so.0+0xbf2c)
#11 0x7f55cc4ca3de in wl_client_connection_data src/wayland-server.c:420
#12 0x7f55cc4cbf01 in wl_event_loop_dispatch src/event-loop.c:641
#13 0x7f55cc4ca601 in wl_display_run src/wayland-server.c:1260
#14 0x40bb1e in server_run ../sway/server.c:141
#15 0x40ab2f in main ../sway/main.c:432
#16 0x7f55cb97318a in __libc_start_main ../csu/libc-start.c:308
#17 0x408d29 in _start (/opt/wayland/bin/sway+0x408d29)
0x612000191ef0 is located 48 bytes inside of 312-byte region [0x612000191ec0,0x612000191ff8)
freed by thread T0 here:
#0 0x7f55ce3bb880 in __interceptor_free (/lib64/libasan.so.5+0xee880)
#1 0x42f1db in handle_destroy ../sway/desktop/output.c:1275
#2 0x7f55cc2549fa in wlr_signal_emit_safe ../util/signal.c:29
#3 0x7f55cc23b4c2 in wlr_output_destroy ../types/wlr_output.c:284
#4 0x7f55cc1ddc20 in xdg_toplevel_handle_close ../backend/wayland/output.c:235
#5 0x7f55c8ef103d in ffi_call_unix64 (/lib64/libffi.so.6+0x603d)
previously allocated by thread T0 here:
#0 0x7f55ce3bbe50 in calloc (/lib64/libasan.so.5+0xeee50)
#1 0x42f401 in handle_new_output ../sway/desktop/output.c:1308
#2 0x7f55cc2549fa in wlr_signal_emit_safe ../util/signal.c:29
#3 0x7f55cc1d6cbf in new_output_reemit ../backend/multi/backend.c:113
#4 0x7f55cc2549fa in wlr_signal_emit_safe ../util/signal.c:29
#5 0x7f55cc1deac7 in wlr_wl_output_create ../backend/wayland/output.c:327
#6 0x7f55cc1db353 in backend_start ../backend/wayland/backend.c:55
#7 0x7f55cc1bad55 in wlr_backend_start ../backend/backend.c:35
#8 0x7f55cc1d67a0 in multi_backend_start ../backend/multi/backend.c:24
#9 0x7f55cc1bad55 in wlr_backend_start ../backend/backend.c:35
#10 0x40ba8a in server_run ../sway/server.c:136
#11 0x40ab2f in main ../sway/main.c:432
#12 0x7f55cb97318a in __libc_start_main ../csu/libc-start.c:308
Emitting the close event needs to happen before
container_output_destroy, because container_output_destroy sets the
sway_output to NULL and sway_output is used in IPC.
We were freeing the sway_output immediately upon disconnect which left
a dangling pointer in the output's container. It then tried to use the
pointer when the container is freed.
We don't need to store the sway_output in an output's container which is
destroying, so the fix is to set the pointer to NULL and remove the use
in container_free.
Also added an arrange when the output is disconnected for good measure.
Prompts e.g. authentication request from firefox-wayland ought to be
floating.
This is a bit coarse but just fixed size is not enough, here is what
firefox does:
[1285461.363] -> xdg_wm_base@18.get_xdg_surface(new id xdg_surface@68, wl_surface@71)
[1285461.508] -> xdg_surface@68.get_toplevel(new id xdg_toplevel@67)
[1285461.571] -> xdg_toplevel@67.set_parent(xdg_toplevel@37)
[1285461.630] -> xdg_toplevel@67.set_title("Authentication Required")
[1285461.736] -> xdg_toplevel@67.set_app_id("firefox")
...
[1285476.549] xdg_toplevel@67.configure(0, 0, array)
...
[1285502.080] -> xdg_toplevel@67.set_min_size(299, 187)
[1285502.140] -> xdg_toplevel@67.set_max_size(1920, 32767)
This can also be observed with e.g. the open window of gedit
(gedit->open->other documents)
It happened when a view is a grandchild or deeper of the workspace, is
fullscreen, and unmaps. The workspace would not be included in the
transaction and its pointer to the fullscreen view was left dangling.
container_destroy was calling container_reap_empty, which calls
container_destroy and so on. Eventually the original container_destroy
would return a NULL pointer to the caller which caused a crash.
This also fixes an arrange on the wrong container when moving views in
and out of stacks.
if src is NULL due to a previous error we cannot use it in the command
result string.
Moreover if `src` points to `p.we_wordv[0]` we cannot use it after
`wordfree(&p)` in the command result string.
Bonus feature: If there was an error accessing the file, the string
rapresentation of the error is now included in the command result
string.
Some operations during backend creation (e.g. becoming DRM master)
require CAP_SYS_ADMIN privileges. At this point, sway has dropped them
already, though. This patch splits the privileged part of server_init
into its own function and calls it before dropping its privileges.
This fixes the bug with minimal security implications.
* Ensure that modifier keys are identified even when the next key does
not produce a keysym. This requires that modifier change tracking
be done for each sway_shortcut_state.
* Permit regular and --release shortcuts on the same key combination.
Distinct bindings are identified for press and release cases; note
that the release binding needs to be identified for both key press
and key release events.
* Maintain ascending sort order for the shortcut state list, and keep
track of the number of pressed key ids, for simpler (and hence
faster) searching of the list of key bindings.
* Move binding duplicate detection into get_active_binding to avoid
duplicating error messages.
Sort the list comprising the set of keys for the binding in ascending
order. (Keyboard shortcuts depend only on the set of simultaneously
pressed keys, not their order, so this change should have no external
effect.) This simplifies comparisons between bindings.
* The arrange_foo functions are now replaced with arrange_and_commit, or
with manually created transactions and arrange_windows x2.
* The arrange functions are now only called from the highest level
functions rather than from both high level and low level functions.
* Due to the previous point, view_set_fullscreen_raw and
view_set_fullscreen are both merged into one function again.
* Floating and fullscreen are now working with transactions.
seat_get_active_child is used for tabbed and stacked containers to get
the active child. The previous implementation used seat_get_focus_inactive
then ascended the tree to the child of the tabbed/stacked container, but
this fails when the workspace itself is stacked or tabbed and the most
recently active child is floating.
The new implementation takes a more simple approach, where it directly
scans the focus stack for the first immediate child which isn't the
floating container.
Fixes#2098.
`_container_destroy` emits a destroy event, and any listener for this
event should have access to the full container, not a half destroyed
one.
`_container_destroy` also destroys the swayc, so we have to grab a
reference to the sway_workspace so we can free it afterwards.
This also fixes a memory leak where the floating container wasn't freed.
Fixes#2092.
Setting it to "rerender" will always re-render everything
regardless of the damaged region. Setting it to "highlight" will
clear the screen and render only damaged regions.
The same shortcut algorithm is now used for keycodes,
raw keysyms, and translated keysyms. Pressed keysyms
are now stored in association with the keycodes that
generated them. Modifier keycodes (and associated
keysyms) are identified retroactively by the subsequent
change to the modifier flags.
* Attach sticky containers to new workspaces when switching
* Fire the close event *before* we start destroying the workspace to
prevent a crash
Because the sticky container now follows the visible workspace, this
simplifies the rendering and container_at logic.
Adds the --locked flag to bindsym and bindcode commands.
When a keyboard's associated seat has an exclusive client
(i.e, a screenlocker), then bindings are only executed if
they have the locked flag. When there is no such client,
this restriction is lifted.
When moving focus left or right to an adjacent output, only select the
first or last child in the new workspace if the workspace's layout is
horizontalish. If it's a verticalish layout, use the last focused
container.
* Add and use lenient_strcat and lenient_strncat functions
* Rename `concatenate_child_titles` function as that's no longer what it
does
* Rename `container_notify_child_title_changed` because we only need to
notify that the tree structure has changed, not titles
* Don't notify parents when a child changes its title
* Update ancestor titles when changing a container's layout
* Eg. create nested tabs and change the inner container to stacking
* No need to store tree presentation in both container->name and
formatted_title
If you moved your mouse over swaybar (e.g. to scroll between
workspaces), focus would move to the workspace. This is not the right
thing to do. The solution is complicated by the fact that if you move
your mouse into a new output with an empty workspace, that workspace
_should_ receive focus.
This commit changes how the left and right indents are calculated for the
title bottom pixel bar, so that it is displayed properly in case the left or
right border is hidden.
Swayidle handles idle events and allows
for dpms and lockscreen handling. It also
handles systemd sleep events, and can
raise a lockscreen on sleep
Fixes#541
In Sway 0.15, moving a window to another workspace would cause a window on the source workspace to be focused. This restores that behavior, allowing you to quickly move a lot of windows to another workspace.
The criteria struct now uses properties for each token type rather than
the list_t list of tokens. The reason for this is that different token
types have different data types: pcre, string and number to name a few.
This solution should be more flexible moving forward. A bonus of this is
that criteria is now easier to understand when looking at the struct
definition.
The criteria parser has been rewritten because the previous one didn't
support valueless pairs (eg. [class="foo" floating]).
Criteria now has types. Types at the moment are CT_COMMAND,
CT_ASSIGN_WORKSPACE and CT_ASSIGN_OUTPUT. i3 uses types as well.
Previously the assign command was creating a criteria with 'move to
workspace <name>' as its command, but this caused the window to appear
briefly on the focused workspace before being moved to the assigned
workspace. It now creates the view directly in the assigned workspace.
Each view will only execute a given criteria once. This is achieved by
storing a list of executed criteria in the view. This is the same
strategy used by i3.
Escaping now works properly. Previously you could do things like
[class="Fire\"fox"] and the stored value would be 'Fire\"fox', but it
should be (and now is) 'Fire"fox'.
The public functions in criteria.c are now all prefixed with criteria_.
Xwayland views now listen to the set_title, set_class and
set_window_type events and criteria will be run when these happen. XDG
shell has none of these events so it continues to update the title in
handle_commit.
Each view type's get_prop function has been split into get_string_prop
and get_int_prop because some properties like the X11 window ID and
window type are numeric.
The following new criteria tokens are now supported:
* id (X11 window ID)
* instance
* tiling
* workspace
This implements the title_format command, with a new placeholder %shell
which gets substituted with the view type (xwayland, xdg_shell_v6 or
wl_shell).
Example config:
for_window [title=".*"] title_format %title (class=%class instance=%instance shell=%shell)
This allows the title's texture to always be the full width of the text,
and clipped at render time according to the desired width (eg. tabs...).
As an added bonus, the texture no longer needs to be updated when
containers are arranged.
This required changing container_at_cursor to container_at_coords so
that we could get the appropriate surface (and sx/xy) without moving the
cursor.
Future work:
- Simulate a cursor for clients which have not bound to wl_touch
- Keep sending motion events when moving outside the surface (#1892)
- Bind gestures to sway commands
Before freeing sway_output, NULL the wlr_output reference to it. Check for that
NULL in layer_shell handle_destroy. Don't damage null container in unmap.
Additionaly, terminate swaybg if its output is being disabled.
Implements rendering of borders. Title text is still to do.
Implements the following configuration directives:
* client.focused
* client.focused_inactive
* client.unfocused
* client.urgent
* border
* default_border
If the last remaining view on a workspace is unmapped and the workspace
is not visible, parent will be a C_OUTPUT. Call the arrange_output()
function in this case.
Replaces arrange_windows() with arrange_root(), arrange_output(),
arrange_workspace() and arrange_children_of().
Also makes fullscreen views save and restore their dimensions, which
allows it to preserve any custom resize and is also a requirement for
floating views once they are implemented.
* Render background when using fullscreen, because transparency.
* Check that fullscreen surface allows input.
* Don't look for surfaces in top layer if there's a fullscreen view.
Until now, focus changing code only considered cleaning up the last focused
workspace. This commit adds removal of empty workspace from output that just
received focus on a different workspace.
Fixes: #1797