Fixes heap-use-after-free:
==32046==ERROR: AddressSanitizer: heap-use-after-free on address 0x615000064d20 at pc 0x55571ce4d303 bp 0x7fff545c64c0 sp 0x7fff545c64b0
WRITE of size 8 at 0x615000064d20 thread T0
#0 0x55571ce4d302 in xdg_decoration_handle_destroy ../sway/xdg_decoration.c:13
#1 0x7f64009d6f36 in wlr_signal_emit_safe ../util/signal.c:29
#2 0x7f64009d3c46 in toplevel_decoration_handle_resource_destroy ../types/wlr_xdg_decoration_v1.c:65
#3 0x7f6400a19f8d (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x7f8d)
#4 0x7f6400a19fed in wl_resource_destroy (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x7fed)
#5 0x7f64009d3d1f in toplevel_decoration_handle_surface_destroy ../types/wlr_xdg_decoration_v1.c:82
#6 0x7f64009d6f36 in wlr_signal_emit_safe ../util/signal.c:29
#7 0x7f64009b059c in reset_xdg_surface ../types/xdg_shell/wlr_xdg_surface.c:453
#8 0x7f64009b0688 in destroy_xdg_surface ../types/xdg_shell/wlr_xdg_surface.c:483
#9 0x7f64009af08c in xdg_client_handle_resource_destroy ../types/xdg_shell/wlr_xdg_shell.c:71
#10 0x7f6400a19f8d (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x7f8d)
#11 0x7f6400a1e211 (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0xc211)
#12 0x7f6400a1e6fe (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0xc6fe)
#13 0x7f6400a1a0ec in wl_client_destroy (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x80ec)
#14 0x7f6400a1a1c4 (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x81c4)
#15 0x7f6400a1b941 in wl_event_loop_dispatch (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x9941)
#16 0x7f6400a1a569 in wl_display_run (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x8569)
#17 0x55571ce4c7fd in server_run ../sway/server.c:214
#18 0x55571ce4ad59 in main ../sway/main.c:405
#19 0x7f640071109a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
#20 0x55571ce2cfa9 in _start (/usr/local/bin/sway+0x35fa9)
0x615000064d20 is located 32 bytes inside of 504-byte region [0x615000064d00,0x615000064ef8)
freed by thread T0 here:
#0 0x7f6401531b70 in free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xedb70)
#1 0x55571ce6c72b in destroy ../sway/desktop/xdg_shell.c:252
#2 0x55571cee3f7b in view_destroy ../sway/tree/view.c:60
#3 0x55571cee4090 in view_begin_destroy ../sway/tree/view.c:73
#4 0x55571ce6dd95 in handle_destroy ../sway/desktop/xdg_shell.c:464
#5 0x7f64009d6f36 in wlr_signal_emit_safe ../util/signal.c:29
#6 0x7f64009b059c in reset_xdg_surface ../types/xdg_shell/wlr_xdg_surface.c:453
#7 0x7f64009b0688 in destroy_xdg_surface ../types/xdg_shell/wlr_xdg_surface.c:483
#8 0x7f64009af08c in xdg_client_handle_resource_destroy ../types/xdg_shell/wlr_xdg_shell.c:71
#9 0x7f6400a19f8d (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x7f8d)
previously allocated by thread T0 here:
#0 0x7f6401532138 in calloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xee138)
#1 0x55571ce6df39 in handle_xdg_shell_surface ../sway/desktop/xdg_shell.c:485
#2 0x7f64009d6f36 in wlr_signal_emit_safe ../util/signal.c:29
#3 0x7f64009b0167 in handle_xdg_surface_commit ../types/xdg_shell/wlr_xdg_surface.c:350
#4 0x7f64009ce2a5 in surface_commit_pending ../types/wlr_surface.c:372
#5 0x7f64009ce523 in surface_commit ../types/wlr_surface.c:444
#6 0x7f63ff63ddad in ffi_call_unix64 (/usr/lib/x86_64-linux-gnu/libffi.so.6+0x5dad)
Fixes#3759
This modifies the places where output_get_active_workspace is called to
handle a NULL result. Some places already handled it and did not need a
change, some just have guard off code blocks, others return errors, and
some have sway_asserts since the case should never happen. A lot of this
is probably just safety precautions since they probably will never be
called when `output_get_active_workspace` is not fully configured with a
workspace.
If an output's node was dirty and the transaction was committed before a
workspace was moved to or created for the output, the instruction would
have a bad value for `state->active_workspace` due to a missing
length check in `output_get_active_workspace`. If there was no focus on
the output, the first workspace was being returned. If the workspace
list was currently empty, the value was either garbage, or in the case of
an output being disabled and re-enabled, a workspace that may have been
previously freed. This just adds the length check to avoid returning out
of bounds value.
wlr_xdg_popup_destroy will destroy popups, so we need to walk the tree
carefully. It's enough to just destroy all direct children, since destroying
the parent will also destroy all children.
Don't access xdg_surface->toplevel if xdg_surface->role is equal to
WLR_XDG_SURFACE_ROLE_NONE, since this could lead to crash. The same
checks are added for xdg_surface_v6.
Fixes#3311
Just a convenience function that improves readability of the code.
Other things worth noting:
* container_get_siblings and container_sibling_index no longer use the
const keyword
* container_handle_fullscreen_reparent is only ever called after
attaching the container to a workspace, so its con->workspace check has
been changed to an assertion
The goal here is to center fullscreen views when they are both too small
for the output and refuse to resize to the output's dimensions. It has
the side effect of also centering the view when it's too small for its
container.
Example clients that have this behaviour are emersion's hello-wayland
and weston.
It works by introducing surface_{x,y,width,height} properties to the
container struct. The x and y represent layout-local coordinates where
the surface will be rendered. The width and height are only used to
track the surface's previous dimensions so we can detect when the client
has resized it and recenter and apply damage accordingly.
The new surface properties are calculated when a transaction is applied,
as well as when a view resizes itself unexpectedly. The latter is done
in view_update_size. This function was previously restricted to views
which are floating, but can now be called for any views.
For views which refuse to resize *smaller* than a particular size, such
as gnome-calculator, the surface is still anchored to the top left as
per the current behaviour.
In addition to removing unused code, two minor problems are fixed:
(1) `resize set` and `resize adjust` did not error when given
too many arguments.
(2) `orientation` was incorrectly overridden to be 'U' for
scroll events in the swaybar tray `handle_click` function.
This commit mostly duplicates the wlr_log functions, although
with a sway_* prefix. (This is very similar to PR #2009.)
However, the logging function no longer needs to be replaceable,
so sway_log_init's second argument is used to set the exit
callback for sway_abort.
wlr_log_init is still invoked in sway/main.c
This commit makes it easier to remove the wlroots dependency for
the helper programs swaymsg, swaybg, swaybar, and swaynag.
If output->configured is true, then the output has been modeset correctly and
we don't need to try again. If output->enabled is true, then we are in the
process of configuring the output and we shouldn't do anything.
This happens if you plug in more outputs than supported by your GPU.
This patch makes it so outputs without CRTCs appear as disabled. As soon as
they get a CRTC (signalled via the mode event), we can enable them.
This splits each seat operation (drag/move tiling/floating etc) into a
separate file and introduces a struct sway_seatop_impl to abstract the
operation.
The move_tiling_threshold operation has been merged into move_tiling.
The main logic for each operation is untouched aside from variable
renames.
The following previously-static functions have been made public:
* node_at_coords
* container_raise_floating
* render_rect
* premultiply_alpha
* scale_box
../sway/desktop/transaction.c:367:17: error: format specifies type 'long' but the argument has type 'size_t' (aka 'unsigned int') [-Werror,-Wformat]
transaction, transaction->num_waiting);
^~~~~~~~~~~~~~~~~~~~~~~~
/usr/local/include/wlr/util/log.h:56:72: note: expanded from macro 'wlr_log'
_wlr_log(verb, "[%s:%d] " fmt, _wlr_strip_path(__FILE__), __LINE__, ##__VA_ARGS__)
^~~~~~~~~~~
../sway/desktop/transaction.c:477:5: error: format specifies type 'long' but the argument has type 'unsigned int' [-Werror,-Wformat]
transaction->num_configures - transaction->num_waiting + 1,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/local/include/wlr/util/log.h:56:72: note: expanded from macro 'wlr_log'
_wlr_log(verb, "[%s:%d] " fmt, _wlr_strip_path(__FILE__), __LINE__, ##__VA_ARGS__)
^~~~~~~~~~~
../sway/desktop/transaction.c:478:5: error: format specifies type 'long' but the argument has type 'size_t' (aka 'unsigned int') [-Werror,-Wformat]
transaction->num_configures, ms,
^~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/local/include/wlr/util/log.h:56:72: note: expanded from macro 'wlr_log'
_wlr_log(verb, "[%s:%d] " fmt, _wlr_strip_path(__FILE__), __LINE__, ##__VA_ARGS__)
^~~~~~~~~~~
See issue #3359 for reproduction details. When a fullscreen view is
unmapped and there's a preceding transaction waiting, there may be
neither a saved buffer or a surface to render. This change matches
the equivalent code in render_view.
This combines `output_by_name` and `output_by_identifier` into a single
function called `output_by_name_or_id`. This allows for output
identifiers to be used in all commands, simplifies the logic of the
callers, and is more efficient since worst case is a single pass through
the output list.
This adds support for `i3 4.16`'s ability to set the title alignment.
The command is `title_align left|center|right`.
When the title is on the right, marks are moved to the left. Otherwise,
they are on the right.
This renames/moves the following properties:
* sway_view.{x,y,width,height} ->
sway_container.content_{x,y,width,height}
* This is required to support placeholder containers as they don't
have a view.
* sway_container_state.view_{x,y,width,height} ->
sway_container_state.content_{x,y,width,height}
* To remain consistent with the above.
* sway_container_state.con_{x,y,width,height} ->
sway_container_state.{x,y,width,height}
* The con prefix was there to give it contrast from the view
properties, and is no longer useful.
The function container_set_geometry_from_floating_view has also been
renamed to container_set_geometry_from_content.
In i3, when a child of a tabbed or stacked container has no siblings,
its border settings are respected.
This patch achieves the same effect by rendering a lone tabbed/stacked
child as if it's a linear container. This makes the border settings be
respected.
Over in view_autoconfigure, we compensate for this by only adjusting
`y_offset` if there's multiple children.
This approaches cursor rebasing from a different angle. Rather than
littering the codebase with cursor_rebase calls and using transaction
callbacks, this just runs cursor_rebase after applying every transaction
- but only if there's outputs connected, because otherwise it causes a
crash during shutdown.
There is one known case where we still need to call cursor_rebase
directly, and that's when running `seat seat0 cursor move ...`. This
command doesn't set anything as dirty so no transaction occurs.
I originally put the rebase at the end of view_map, but at this point
the view is still at its native size and will ignore the motion event if
it falls outside of its native size. The only way to do this properly is
to rebase the cursor later - either after sending the configure, after
the view commits with the new size, or after applying the transaction. I
chose to do it after applying the transaction for simplicity.
I then attempted to just call cursor_rebase after applying every
transaction, but this causes crashes when exiting sway (and possibly
other places) because cursor_rebase assumes the tree is in a valid
state.
So my chosen solution introduces transaction_commit_dirty_with_callback
which allows handle_map to register a callback which will run when the
transaction is applied.
window_properties is documented to contain a subset of the X11 properties
of a window (its title, class, instance, role, and transient ID). This
commit adds the missing json object from the get_tree output for
xwayland windows only.
This is a follow-up of #2911.
Signed-off-by: Franklin "Snaipe" Mathieu <me@snai.pe>
The wlr_xdg_popup_get_toplevel_coords function has the following quirks:
* It does not do anything with the coordinates of the passed popup.
Instead, we are required to add them ourselves, which we do by passing
them to the function as the surface local values.
* It adds the geometry (shadows etc) of the toplevel itself, so the
coordinates are surface local rather than content local. For this
reason, we have to negate the toplevel's geometry
(child->view->geometry).
* I may be wrong, but the popup positions appear to be stored in surface
local coordinates rather than content local coordinates. The geometry
(shadows etc) of the popup itself must be negated (surface->geometry).
The input manager is a singleton object. Passing the sway_input_manager
argument to each of its functions is unnecessary, while removing the
argument makes it obvious to the caller that it's a singleton. This
patch removes the argument and makes the input manager use server.input
instead.
On a similar note:
* sway_input_manager.server is removed in favour of using the server
global.
* seat.input is removed because it can get it from server.input.
Due to a circular dependency, creating seat0 is now done directly in
server_init rather than in input_manager_create. This is because
creating seats must be done after server.input is set.
Lastly, it now stores the default seat name using a constant and removes
a second reference to seat0 (in input_manager_get_default_seat).
For mouse_warping cursor to correctly work on newly spawned containers,
the workspace needs to be arranged before the cursor is warped.
The shell functions each implement their own fullscreen and arrange checks,
move them into the view_map function and pass their states via boolean arguments.
Fixes#2819
The basic idea here is to apply rounding after scaling. It's not as
simple as this, though, and I've detailed it in the comments for a
function.
In order to fix some pixel leaks in the title bar, I found it easier to
change how we place rectangles to fill the area. Instead of placing two
rectangles across the full width above and below the title and having
shorter rectangles in the inner area, it's now pieced together in
vertical chunks. This method involves drawing two less rectangles per
container.
This introduces a new view_impl function: is_transient_for. Similar to
container_has_ancestor but works using the surface parents rather than
the tree.
This patch modifies view_is_visible, container_at and so on to allow
transient views to function normally when they're in front of a
fullscreen view.
The previous behaviour was to damage the entire view, which would
recurse into each popup. This patch makes it damage only the popup's
surface, and respect the surface damage given by the client.
This adds listeners to the popup's map and unmap events rather than
doing the damage in the create and destroy functions. To get the popup's
position relative to the view, a new child_impl function get_root_coords
has been introduced, which traverses up the parents.
* Have multiple outputs
* Launch swaylock
* Unplug an output (possibly has to be the last "connected" one)
* The swaylock surface on the remaining output would not respond to key
events
This was happening because when the output destroys, focus was not given
to the other swaylock surface.
This patch makes focus be transferred to another surface owned by the
same Wayland client, but only if input was inhibited by the surface
being destroyed, and only if it's in the overlay layer. I figure it's
best to be overly specific and relax the requirements later if needed.
This patch removes a check in seat_set_focus_surface which was
preventing focus from being passed from a layer surface to any other
surface. I don't know of a use case for this check, but it's possible
that this change could produce issues.
This replaces view.using_csd with a new border mode: B_CSD. This also
removes sway_xdg_shell{_v6}_view.deco_mode and
view->has_client_side_decorations as we can now get these from the
border.
You can use `border toggle` to cycle through the modes including CSD, or
use `border csd` to set it directly. The client must support the
xdg-decoration protocol, and the only client I know of that does is the
example in wlroots.
If the client switches from SSD to CSD without us expecting it (via the
server-decoration protocol), we stash the previous border type into
view.saved_border so we can restore it if the client returns to SSD. I
haven't found a way to test this though.
This adds a `con` argument to `execute_command` which allows you to
specify the container to execute the command on. In most cases it leaves
it as `NULL` which makes it use the focused node. We only set it when
executing `for_window` criteria such as when a view maps. This means we
don't send unnecessary IPC focus events, and fixes a crash when the
criteria command is `move scratchpad` (because we can't give focus to a
hidden scratchpad container).
Each of the shell map handlers now check to see if the view has a
workspace. It won't have a workspace if criteria has moved it to the
scratchpad.
When destroying an idle-inhibiting client, idle_inhibit_v1_check_active can get
called from transaction_progress_queue on a view with a null container.
view_is_visible does not handle a view in this state.
This does the following:
* Adds a baseline argument to get_text_size (the baseline is the
distance from the top of the texture to the baseline).
* Stores the baseline in the container when calculating the title
height.
* Takes the baseline into account when calculating the config's max font
height.
* When rendering, pads the textures according to the baseline so they
line up.
There was code that attempted to fill in the gap below the title texture
when the texture isn't tall enough, but this only worked when the output
was positioned at 0,0. The reason is that render_rect expects a box
passed in a hybrid layout-local/output-buffer-local system, and we were
passing purely output-buffer-local. I've added a comment documenting
this.
By the way, we can't use layout-local coordinates for the rectangle box
because in some cases we set the box based on a texture size. Texture
sizes are buffer-local, and we'd have to divide them to bring it back to
layout-local which means losing precision. We could use
output-buffer-local coordinates for the box, but this would require
translating the coordinates from layout-local to output-buffer-local in
many places during rendering.
This patch also vertically centers the text inside the title bar.
This fixes pinentry-gtk-2, but might make other views floating which
would otherwise be tiled. This patch is more of a trial which could end
up becoming a permanent fix.
When rendering, the workspace for the output needs to be retrieved from
the output's `current` state. output_get_active_workspace returns the
pending workspace, which crashes if the pending workspace is new and
hasn't completed a transaction yet.
Suppose the following:
* Transactions are already in progress - say transaction A.
* View A maps, which creates transaction B and appends it to the
transaction queue.
* View B maps, which creates transaction C and appends it to the queue.
* View A unmaps, which creates transaction D and appends it to the
queue.
* Transaction A completes, so transaction B attempts to save View A's
buffer, but this doesn't exist so it saves nothing.
* Rendering code attempts to render View A, but there is no saved buffer
nor live buffer that it can use.
Rather than implement an elaborate solution for a rare circumstance,
I've take the safe option of just not rendering anything for that view.
It means that if you reproduce the scenario above, you might get the
title and borders rendered but no surface.
This commit changes the meaning of sway_container so that it only refers
to layout containers and view containers. Workspaces, outputs and the
root are no longer known as containers. Instead, root, outputs,
workspaces and containers are all a type of node, and containers come in
two types: layout containers and view containers.
In addition to the above, this implements type safe variables. This
means we use specific types such as sway_output and sway_workspace
instead of generic containers or nodes. However, it's worth noting that
in a few places places (eg. seat focus and transactions) referring to
them in a generic way is unavoidable which is why we still use nodes in
some places.
If you want a TL;DR, look at node.h, as well as the struct definitions
for root, output, workspace and container. Note that sway_output now
contains a workspaces list, and workspaces now contain a tiling and
floating list, and containers now contain a pointer back to the
workspace.
There are now functions for seat_get_focused_workspace and
seat_get_focused_container. The latter will return NULL if a workspace
itself is focused. Most other seat functions like seat_get_focus and
seat_set_focus now accept and return nodes.
In the config->handler_context struct, current_container has been
replaced with three pointers: node, container and workspace. node is the
same as what current_container was, while workspace is the workspace
that the node resides on and container is the actual container, which
may be NULL if a workspace itself is focused.
The global root_container variable has been replaced with one simply
called root, which is a pointer to the sway_root instance.
The way outputs are created, enabled, disabled and destroyed has
changed. Previously we'd wrap the sway_output in a container when it is
enabled, but as we don't have containers any more it needs a different
approach. The output_create and output_destroy functions previously
created/destroyed the container, but now they create/destroy the
sway_output. There is a new function output_disable to disable an output
without destroying it.
Containers have a new view property. If this is populated then the
container is a view container, otherwise it's a layout container. Like
before, this property is immutable for the life of the container.
Containers have both a `sway_container *parent` and
`sway_workspace *workspace`. As we use specific types now, parent cannot
point to a workspace so it'll be NULL for containers which are direct
children of the workspace. The workspace property is set for all
containers, except those which are hidden in the scratchpad as they have
no workspace.
In some cases we need to refer to workspaces in a container-like way.
For example, workspaces have layout and children, but when using
specific types this makes it difficult. Likewise, it's difficult for a
container to get its parent's layout when the parent could be another
container or a workspace. To make it easier, some helper functions have
been created: container_parent_layout and container_get_siblings.
container_remove_child has been renamed to container_detach and
container_replace_child has been renamed to container_replace.
`container_handle_fullscreen_reparent(con, old_parent)` has had the
old_parent removed. We now unfullscreen the workspace when detaching the
container, so this function is simplified and only needs one argument
now.
container_notify_subtree_changed has been renamed to
container_update_representation. This is more descriptive of its
purpose. I also wanted to be able to call it with whatever container was
changed rather than the container's parent, which makes bubbling up to
the workspace easier.
There are now state structs per node thing. ie. sway_output_state,
sway_workspace_state and sway_container_state.
The focus, move and layout commands have been completely refactored to
work with the specific types. I considered making these a separate PR,
but I'd be backporting my changes only to replace them again, and it's
easier just to test everything at once.
Depends on https://github.com/swaywm/wlroots/pull/1222.
I don't know of a program that sets the state to modal without setting
the window type, but I know the modal property works because logging the
property shows it's true for the Firefox Open File dialog.