Example config that produces the crash (with a single output):
workspace 1
workspace 2
Prior to this commit, container_workspace_free would manually mark the
L_FLOATING container as destroying and free it. This assumed the
L_FLOATING container would never be involved in a transaction. This was
a safe assumption when it was implemented, but became an incorrect
assumption once parent/child relationships became transactionised.
This commit removes the L_FLOATING free from container_workspace_free.
When the workspace is destroyed, it starts the normal destroy process on
the L_FLOATING container so it can be freed via transactions.
Also fixes a crash when unfloating a window. It needs to add it back to
the tiling tree as a sibling rather than a child, because the reference
container might be a view.
This introduces seat_get_focus_inactive_tiling and updates
`focus mode_toggle` to use it instead, because the previous method
wasn't guaranteed to return a tiling view.
It would focus the split container rather than the child.
This commit makes it track the child and the split container separately
and send the surface click to the child.
Things worth noting:
* When a fullscreen view unmaps, the check to unset fullscreen on the
workspace has been moved out of view_unmap and into container_destroy,
because containers can be fullscreen too
* The calls to `container_reap_empty_recursive(workspace)` have been
removed from `container_set_floating`. That function reaps upwards so it
wouldn't do anything. I'm probably the one who originally added it...
* My fix (b14bd1b0b1) for the tabbed child
crash has a side effect where when you close a floating container, focus
is not given to the tiled container again. I've removed my fix and
removed the call to `send_cursor_motion` from `seat_set_focus_warp`. We
should consider calling it from somewhere earlier in the call stack.
The solution used in 073ac425d5 doesn't
work in all cases because the freed instruction might be ahead in the
list, not necessarily behind.
The new solution delays running the queue until after the loop has
finished iterating, thus avoiding the problem completely.
In set_instructions_ready, calling set_instruction_ready may cause any
number of transactions to get applied, which removes them from the list
being iterated. The iteration variables need to be adjusted
accordingly.
* Move workspace selection into separate function
* Instead of keeping a `prev_focus` variable, do the check in
`should_focus` (ie. views can only take focus if they're mapped into the
active workspace)
* Fix assign-to-output - it previously set `prev_focus` but should be
`target_sibling`
* Remove call to `workspace_switch` as we'll only ever focus the view if
it's in the active workspace
After setting the keymap, try to enable NumLock and disable CapsLock.
This only works if sway has the xkb master state and controls the keyboard.
Prepare configuration settings for later use as well.
when using 2 display, if scaling is different
`container_update_textures_recursive` is called when moving workspace on
different display.
We need to call `container_update_title_textures` only for container of type
"CONTAINER" or "VIEW" in order to be consistent with the assert in
`update_title_texture`.
The crash only occurs if the mouse cursor is above the tabbed container
when the last child is closed.
Introduced in 03d49490cc, over a week ago
and unnoticed until now :O
The above commit changes the behaviour of a focus change. When you
change focus, it sends pointer motion which makes the client set a new
cursor image. We already had this behaviour for workspace switching, but
this commit adds it for view switching too, such as in a tabbed
container or when closing a view.
The sequence of events that leads to the crash is:
* The last child of a tabbed container unmaps, which triggers a
`destroy` event before we've cleaned up the child or reaped the tabbed
container.
* The seat code listens to the `destroy` event and removes the seat
container from the focus stack. As part of this, it decides to set focus
to the parent (my fix alters this decision).
* When setting focus to the new parent, the container motion is sent as
per the previously mentioned commit.
* The motion code uses `container_at`, which encounters the tabbed
container and its child in a half destroyed state, and everything blows
up from there.
`con->parent` is needed because scratchpad containers don't have parents
if they're hidden, so this probably fixes a crash when a hidden
scratchpad container closes too.
The `con->parent->children->length > 1` check should catch any cases
where the parent is about to be reaped.
The rendering code doesn't use the exclusive input surface at all
anymore to decide to skip rendering of shell surfaces. This fixes
a weird situation in which a client requests exclusive input but
isn't an overlay layer surface.
The renderer also renders all overlay surfaces in this situation,
not just one. This simplifies the code and fixes rendering when
there are more than one overlay surfaces (e.g. for a virtual
keyboard to type the lockscreen password).
This makes it so if you hold mod and right click on a surface to resize
it, the resize direction is chosen based on which quarter of the surface
you've clicked. The previous implementation only resized towards the
bottom right.
The mouse binding logic is inspired/copied from the
keyboard binding logic; we store a sorted list of the
currently pressed buttons, and trigger a binding when
the currently pressed (or just recently pressed, in
the case of a release binding) buttons, as well as
modifiers/container region, match those of a given
binding.
As the code to execute a binding is not very keyboard
specific, keyboard_execute_command is renamed to
seat_execute_command and moved to where the other
binding handling functions are. The call to
transaction_commit_dirty has been lifted out.
First, the existing sway_binding structure is given an
enumerated type code. As all flags to bindsym/bindcode
are boolean, a single uint32 is used to hold all flags.
The _BORDER, _CONTENTS, _TITLEBAR flags, when active,
indicate in which part of a container the binding can
trigger; to localize complexity, they do not overlap
with the command line arguments, which center around
_TITLEBAR being set by default.
The keyboard handling code is adjusted for this change,
as is binding_key_compare; note that BINDING_LOCKED
is *not* part of the key portion of the binding.
Next, list of mouse bindings is introduced and cleaned up.
Finally, the binding command parsing code is extended
to handle the case where bindsym is used to describe
a mouse binding rather than a keysym binding; the
difference between the two may be detected as late as
when the first key/button is parsed, or as early as
the first flag. As bindings can have multiple
keycodes/keysyms/buttons, mixed keysym/button sequences
are prohibited.
cursor_set_image only uploads the named image if it doesn't match the
previous named image. This means when setting the cursor image to a
surface as given by a client, we have to clear the currently stored
image.
Implements the following commands:
* move scratchpad
* scratchpad show
* [criteria] scratchpad show
Also fixes these:
* Fix memory leak when executing command with criteria
(use `list_free(views)` instead of `free(views)`)
* Fix crash when running `move to` with no further arguments
This allows to update the title even if the view doesn't commit.
This is useful e.g. when a terminal sets its toplevel title to
the currently running command and when the view isn't visible.
Also does a few other related things:
* Now uses enum wlr_edges instead of our own enum resize_edge
* Now uses wlr_xcursor_get_resize_name and removes our own
find_resize_edge_name
* Renames drag to move for consistency
When interactively resizing some views (eg. Nautilus), new transactions
are added to the queue faster than the client can process them.
Previously, we would wait for the entire queue to be ready before
applying any of them, but in this case the transactions would time out,
giving the client choppy performance.
This changes the queue handling so it applies the transactions up to the
first waiting transaction, without waiting for the entire queue to be
ready.
This implements the following:
* `floating_modifier` configuration directive
* Drag a floating window by its title bar
* Hold mod + drag a floating window from anywhere
* Resize a floating view by dragging the border
* Resize a floating view by holding mod and right clicking anywhere on
the view
* Resize a floating view and keep aspect ratio by holding shift while
resizing using either method
* Mouse cursor turns into resize when hovering floating border or corner
The directive sets the timeout before an urgent view becomes normal
again after switching to it from another workspace.
Also:
* When an xwayland surface removes the urgent hint while the timer is
active, we now ignore the request. This happens as soon as the view
receives focus, so it was effectively making the timer pointless.
* The timeout is now only applied when switching to it from another
workspace.
This removes the urgency stuff from the commit handler and puts it in a
new set_hints handler instead. This allows the xwayland surface to
become urgent without having to commit (which doesn't happen if it's on
an non-visible workspace).
Fixes#2303, as well as a crash.
To replicate the crash:
* Have multiple outputs
* In config: for_window [<criteria>] workspace foo
* Also in config: workspace foo output <left-output-name>
* Focus the right output, and ensure workspace foo doesn't exist
* Launch the app that triggers the criteria
When the view maps, it calls workspace_switch which calls
send_set_focus which calls cursor_send_pointer_motion which calls
transaction_commit_dirty. This call to transaction_commit_dirty is not
meant to happen at this time because the tree isn't guaranteed to be in
a consistent state, but I'm not sure how exactly this leads to the crash
or render issues.
In this case the transaction is already committed by the view
implementation's handle_map function. So the solution is to remove it
from cursor_send_pointer_motion and add it to the other functions in
cursor.c which call cursor_send_pointer_motion.
This allows to send wl_pointer.enter when switching between views
in a split/tabbed layout for instance. This (1) updates the cursor
image accordingly (2) makes it unnecessary to move the mouse before
scrolling. It's harmless to always call cursor_send_pointer_motion
because in case the focused surface hasn't changed this is a no-op.
The `last_focus != NULL` condition is required otherwise
cursor_send_pointer_motion will crash when sway starts up (the
sway_output doesn't yet have a workspace).
When an xwayland view is mapped, the IPC urgent event was being sent on
every surface commit.
I had intentionally ommitted the check because I figured an urgent
surface could update its urgent timestamp by sending urgent a second
time. But that's not how it works in xwayland's case, and it makes for
more complicated code.
Introduces a command to manually set urgency, as well as rendering of
urgent views, sending the IPC event, removing urgency after focused for
one second, and matching urgent views via criteria.
Rather than maintain copies of the entire focus stack, this PR
transactionises the focus by introducing two new properties to the
container state and using those when rendering.
* `bool focused` means this container has actual focus. Only one
container should have this equalling true in its current state.
* `struct sway_container *focus_inactive_child` points to the immediate
child that was most recently focused (eg. for tabbed and stacked
containers).
We currently have several ways of setting debug flags, including command
line arguments, environment variables, and compile-time macros. This
replaces the lot with command line flags.
This PR changes the way we handle transactions to a more simple method.
The new method is to mark containers as dirty from low level code
(eg. arranging, or container_destroy, and eventually seat_set_focus),
then call transaction_commit_dirty which picks up those containers and
runs them through a transaction. The old methods of using transactions
(arrange_and_commit, or creating one manually) are now no longer
possible.
The highest-level code (execute_command and view implementation
handlers) will call transaction_commit_dirty, so most other code just
needs to set containers as dirty. This is done by arranging, but can
also be done by calling container_set_dirty.
Now the scroll_button will not accept:
- letters on string beginning;
- negative numbers.
What is tolerated:
- letters after number;
- rational numbers: the fraction after dot will be omitted.
This commit introduces a scroll_button option, which is intended to be
used with scroll_method. Now user can edit his sway config and add an
scroll_button option to device section.
The title and marks textures would have their height set from the
config's computed max font height, but the textures were not regenerated
when the config's max font height changed which made a gap appear.
Rather than making it regenerate the title textures every time the
config font height was changed, I've changed it to just make the
textures the height of the title itself and fill any gap when rendering.
Also, the title_width and marks_width variables have been renamed to
make it more obvious that they are in output-buffer-local coordinates.
Fixes#1936.
The only user of this function would copy the string right away
to get rid of the const flag anyway, and freeing a const string
afterwards might work but is not meant to be done according to the
json-c API.
If we set an instruction as ready twice, it decreases the transaction's
num_waiting a second time and applies the transaction earlier than it
should. This no doubt has undesired effects, probably resulting in a use
after free.
Hopefully fixes the first part of #2207.
wl_event_source_remove() is illegal after display has been destroyed,
so just destroy everything when we still can.
==20392==ERROR: AddressSanitizer: heap-use-after-free on address 0x607000001240 at pc 0x00000048e86e bp 0x7ffe4b557e00 sp 0x7ffe4b557df0
READ of size 8 at 0x607000001240 thread T0
#0 0x48e86d in wl_list_insert ../common/list.c:149
#1 0x7fdf673d4d7d in wl_event_source_remove src/event-loop.c:487
#2 0x41b742 in ipc_terminate ../sway/ipc-server.c:94
#3 0x40b1ad in main ../sway/main.c:440
#4 0x7fdf6664c18a in __libc_start_main ../csu/libc-start.c:308
#5 0x409359 in _start (/opt/wayland/bin/sway+0x409359)
0x607000001240 is located 48 bytes inside of 72-byte region [0x607000001210,0x607000001258)
freed by thread T0 here:
#0 0x7fdf692c4880 in __interceptor_free (/lib64/libasan.so.5+0xee880)
#1 0x7fdf673d371a in wl_display_destroy src/wayland-server.c:1097
previously allocated by thread T0 here:
#0 0x7fdf692c4c48 in malloc (/lib64/libasan.so.5+0xeec48)
#1 0x7fdf673d4d9e in wl_event_loop_create src/event-loop.c:522
#2 0x40acb2 in main ../sway/main.c:363
#3 0x7fdf6664c18a in __libc_start_main ../csu/libc-start.c:308
When you have an unfocused container (so one view is focused_inactive),
and you focus any other view in that container, the view with
focused_inactive was not damaged. This is because we damaged the
previous focus and new focus, but needed to damage the parent of the new
focus.
We would previously run all config commands without the environment,
which would appear to work as our socket name is the default one, but
wayland clients would start up in the wrong sway session.
(This explains why 'sometimes' my swayidle processes wouldn't die with
sway, as they weren't listening to the correct socket)
Fixes#2192.
seat_get_active_current_child is intended to return a child of the given
container which has finished its mapping transaction and is able to be
rendered on screen. The previous implementation was capable of returning
a pending child, which caused a child of a tabbed or stacked view to be
rendered prematurely while it was mapping.
If init fails halfway through it will call the destroy function,
which needs some coherent stuff filled.
Allocate with calloc and fill in what cannot fail first
Found through static analysis.
The check didn't include && ws_num < 100 so l would always be 1 or 2
Instead of fixing logic it's simpler to just call snprintf twice to get
length and use that.
Also change malloc failure check to sway_assert because both callers of
this function do not do null check and would segfault...
Found through static analysis.
No logic change here, this one is mostly to please static analyzer:
- client->fd can never be -1 (and if it could, close() a few lines below
would have needed the same check)
- we never send permission denied error (dead code)
ipc_send_reply already does client disconnect on error, so we shouldn't
do it again.
We also need to process current index again as disconnect removes client
from the list we currently are processing (this is an indexed "list")
Found through static analysis.
size_t/ssize_t are 8 bytes on 64bit systems, so use the proper size to
transmit that information.
This could lead to ridiculously large alloc as len is not initialized to zero
Found through static analysis
- child would leak in the workspace_record_pid path
- removing malloc lets us get rid of That Comment nobody seems
to remember what it was about
- we would leak pipe fds on first fork failling
- we didn't return an error if second fork failed
- the final executed process still had both pipe fds
(would show up in /proc/23560/fd in launched programs)
- we would write twice to the pipe if execl failed for some reason
(e.g. if /bin/sh doesn't exist?!)