You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

380 lines
11 KiB

#define _XOPEN_SOURCE 500
#include <assert.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <wayland-client.h>
#include <wlr/interfaces/wlr_input_device.h>
#include <wlr/interfaces/wlr_keyboard.h>
#include <wlr/interfaces/wlr_output.h>
#include <wlr/interfaces/wlr_pointer.h>
#include <wlr/interfaces/wlr_touch.h>
#include <wlr/util/log.h>
#include "backend/wayland.h"
#include "util/signal.h"
static struct wlr_wl_pointer *output_get_pointer(struct wlr_wl_output *output) {
struct wlr_input_device *wlr_dev;
wl_list_for_each(wlr_dev, &output->backend->devices, link) {
if (wlr_dev->type != WLR_INPUT_DEVICE_POINTER) {
continue;
}
struct wlr_wl_pointer *pointer = pointer_get_wl(wlr_dev->pointer);
if (pointer->output == output) {
return pointer;
}
}
return NULL;
}
static void pointer_handle_enter(void *data, struct wl_pointer *wl_pointer,
uint32_t serial, struct wl_surface *surface, wl_fixed_t sx,
wl_fixed_t sy) {
struct wlr_wl_backend *backend = data;
if (surface == NULL) {
return;
}
struct wlr_wl_output *output = wl_surface_get_user_data(surface);
struct wlr_wl_pointer *pointer = output_get_pointer(output);
if (output == NULL) {
return;
}
output->enter_serial = serial;
backend->current_pointer = pointer;
update_wl_output_cursor(output);
}
static void pointer_handle_leave(void *data, struct wl_pointer *wl_pointer,
uint32_t serial, struct wl_surface *surface) {
struct wlr_wl_backend *backend = data;
if (surface == NULL) {
return;
}
struct wlr_wl_output *output = wl_surface_get_user_data(surface);
output->enter_serial = 0;
if (backend->current_pointer == NULL ||
backend->current_pointer->output != output) {
return;
}
backend->current_pointer = NULL;
}
static void pointer_handle_motion(void *data, struct wl_pointer *wl_pointer,
uint32_t time, wl_fixed_t sx, wl_fixed_t sy) {
struct wlr_wl_backend *backend = data;
struct wlr_wl_pointer *pointer = backend->current_pointer;
if (pointer == NULL) {
return;
}
struct wlr_output *wlr_output = &pointer->output->wlr_output;
struct wlr_box box = {
.x = wl_fixed_to_int(sx),
.y = wl_fixed_to_int(sy),
};
wlr_box_transform(&box, wlr_output->transform, wlr_output->width,
wlr_output->height, &box);
box.x /= wlr_output->scale;
box.y /= wlr_output->scale;
int output_width, output_height;
wlr_output_effective_resolution(&pointer->output->wlr_output,
&output_width, &output_height);
struct wlr_event_pointer_motion_absolute event = {
.device = &pointer->input_device->wlr_input_device,
.time_msec = time,
.x = (double)box.x / output_width,
.y = (double)box.y / output_height,
};
wlr_signal_emit_safe(&pointer->wlr_pointer.events.motion_absolute, &event);
}
static void pointer_handle_button(void *data, struct wl_pointer *wl_pointer,
uint32_t serial, uint32_t time, uint32_t button, uint32_t state) {
struct wlr_wl_backend *backend = data;
struct wlr_wl_pointer *pointer = backend->current_pointer;
if (pointer == NULL) {
return;
}
struct wlr_event_pointer_button event = {
.device = &pointer->input_device->wlr_input_device,
.button = button,
.state = state,
.time_msec = time,
};
wlr_signal_emit_safe(&pointer->wlr_pointer.events.button, &event);
}
static void pointer_handle_axis(void *data, struct wl_pointer *wl_pointer,
uint32_t time, uint32_t axis, wl_fixed_t value) {
struct wlr_wl_backend *backend = data;
struct wlr_wl_pointer *pointer = backend->current_pointer;
if (pointer == NULL) {
return;
}
struct wlr_event_pointer_axis event = {
.device = &pointer->input_device->wlr_input_device,
.delta = wl_fixed_to_double(value),
.orientation = axis,
.time_msec = time,
.source = pointer->axis_source,
};
wlr_signal_emit_safe(&pointer->wlr_pointer.events.axis, &event);
}
static void pointer_handle_frame(void *data, struct wl_pointer *wl_pointer) {
}
static void pointer_handle_axis_source(void *data, struct wl_pointer *wl_pointer,
uint32_t axis_source) {
struct wlr_wl_backend *backend = data;
struct wlr_wl_pointer *pointer = backend->current_pointer;
if (pointer == NULL) {
return;
}
pointer->axis_source = axis_source;
}
static void pointer_handle_axis_stop(void *data, struct wl_pointer *wl_pointer,
uint32_t time, uint32_t axis) {
}
static void pointer_handle_axis_discrete(void *data, struct wl_pointer *wl_pointer,
uint32_t axis, int32_t discrete) {
}
static const struct wl_pointer_listener pointer_listener = {
.enter = pointer_handle_enter,
.leave = pointer_handle_leave,
.motion = pointer_handle_motion,
.button = pointer_handle_button,
.axis = pointer_handle_axis,
.frame = pointer_handle_frame,
.axis_source = pointer_handle_axis_source,
.axis_stop = pointer_handle_axis_stop,
.axis_discrete = pointer_handle_axis_discrete,
};
static void keyboard_handle_keymap(void *data, struct wl_keyboard *wl_keyboard,
uint32_t format, int32_t fd, uint32_t size) {
// TODO: set keymap
}
static void keyboard_handle_enter(void *data, struct wl_keyboard *wl_keyboard,
uint32_t serial, struct wl_surface *surface, struct wl_array *keys) {
}
static void keyboard_handle_leave(void *data, struct wl_keyboard *wl_keyboard,
uint32_t serial, struct wl_surface *surface) {
}
static void keyboard_handle_key(void *data, struct wl_keyboard *wl_keyboard,
uint32_t serial, uint32_t time, uint32_t key, uint32_t state) {
struct wlr_input_device *dev = data;
assert(dev && dev->keyboard);
struct wlr_event_keyboard_key wlr_event = {
.keycode = key,
.state = state,
.time_msec = time,
.update_state = false,
};
wlr_keyboard_notify_key(dev->keyboard, &wlr_event);
}
static void keyboard_handle_modifiers(void *data, struct wl_keyboard *wl_keyboard,
uint32_t serial, uint32_t mods_depressed, uint32_t mods_latched,
uint32_t mods_locked, uint32_t group) {
struct wlr_input_device *dev = data;
assert(dev && dev->keyboard);
wlr_keyboard_notify_modifiers(dev->keyboard, mods_depressed, mods_latched,
mods_locked, group);
}
static void keyboard_handle_repeat_info(void *data, struct wl_keyboard *wl_keyboard,
int32_t rate, int32_t delay) {
}
static struct wl_keyboard_listener keyboard_listener = {
.keymap = keyboard_handle_keymap,
.enter = keyboard_handle_enter,
.leave = keyboard_handle_leave,
.key = keyboard_handle_key,
.modifiers = keyboard_handle_modifiers,
.repeat_info = keyboard_handle_repeat_info
};
static void input_device_destroy(struct wlr_input_device *wlr_dev) {
struct wlr_wl_input_device *dev = (struct wlr_wl_input_device *)wlr_dev;
if (dev->resource) {
wl_proxy_destroy(dev->resource);
}
wl_list_remove(&dev->wlr_input_device.link);
free(dev);
}
static struct wlr_input_device_impl input_device_impl = {
.destroy = input_device_destroy,
};
bool wlr_input_device_is_wl(struct wlr_input_device *dev) {
return dev->impl == &input_device_impl;
}
static struct wlr_wl_input_device *create_wl_input_device(
struct wlr_wl_backend *backend, enum wlr_input_device_type type) {
struct wlr_wl_input_device *dev =
calloc(1, sizeof(struct wlr_wl_input_device));
if (dev == NULL) {
wlr_log_errno(L_ERROR, "Allocation failed");
return NULL;
}
dev->backend = backend;
struct wlr_input_device *wlr_dev = &dev->wlr_input_device;
unsigned int vendor = 0, product = 0;
const char *name = "wayland";
wlr_input_device_init(wlr_dev, type, &input_device_impl, name, vendor,
product);
wl_list_insert(&backend->devices, &wlr_dev->link);
return dev;
}
static struct wlr_pointer_impl pointer_impl;
struct wlr_wl_pointer *pointer_get_wl(struct wlr_pointer *wlr_pointer) {
assert(wlr_pointer->impl == &pointer_impl);
return (struct wlr_wl_pointer *)wlr_pointer;
}
static void pointer_destroy(struct wlr_pointer *wlr_pointer) {
struct wlr_wl_pointer *pointer = pointer_get_wl(wlr_pointer);
wl_list_remove(&pointer->output_destroy.link);
free(pointer);
}
static struct wlr_pointer_impl pointer_impl = {
.destroy = pointer_destroy,
};
static void pointer_handle_output_destroy(struct wl_listener *listener,
wayland backend: fix use-after free on output destroy ==12021==ERROR: AddressSanitizer: heap-use-after-free on address 0x617000015698 at pc 0x7f1a9abe1c09 bp 0x7ffe9068f6b0 sp 0x7ffe9068f6a0 WRITE of size 4 at 0x617000015698 thread T0 #0 0x7f1a9abe1c08 in pointer_handle_leave ../backend/wayland/wl_seat.c:40 #1 0x7f1a96ae7d1d in ffi_call_unix64 (/lib64/libffi.so.6+0x5d1d) #2 0x7f1a96ae768e in ffi_call (/lib64/libffi.so.6+0x568e) #3 0x7f1a988e0d8a (/lib64/libwayland-client.so.0+0x8d8a) #4 0x7f1a988dd927 (/lib64/libwayland-client.so.0+0x5927) #5 0x7f1a988debe3 in wl_display_dispatch_queue_pending (/lib64/libwayland-client.so.0+0x6be3) #6 0x7f1a9abdd6d6 in dispatch_events ../backend/wayland/backend.c:28 #7 0x7f1a9a968c11 in wl_event_loop_dispatch (/lib64/libwayland-server.so.0+0x9c11) #8 0x7f1a9a967449 in wl_display_run (/lib64/libwayland-server.so.0+0x8449) #9 0x418dff in main ../rootston/main.c:81 #10 0x7f1a99b5ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29) #11 0x4057c9 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x4057c9) 0x617000015698 is located 664 bytes inside of 696-byte region [0x617000015400,0x6170000156b8) freed by thread T0 here: #0 0x7f1a9af754b8 in __interceptor_free (/lib64/libasan.so.4+0xde4b8) #1 0x7f1a9abe01ee in wlr_wl_output_destroy ../backend/wayland/output.c:194 #2 0x7f1a9ac12918 in wlr_output_destroy ../types/wlr_output.c:299 #3 0x7f1a9abe061b in xdg_toplevel_handle_close ../backend/wayland/output.c:255 #4 0x7f1a96ae7d1d in ffi_call_unix64 (/lib64/libffi.so.6+0x5d1d) #5 0x7f1a96ae768e in ffi_call (/lib64/libffi.so.6+0x568e) #6 0x7f1a988e0d8a (/lib64/libwayland-client.so.0+0x8d8a) #7 0x7f1a988dd927 (/lib64/libwayland-client.so.0+0x5927) #8 0x7f1a988debe3 in wl_display_dispatch_queue_pending (/lib64/libwayland-client.so.0+0x6be3) #9 0x7f1a9abdd6d6 in dispatch_events ../backend/wayland/backend.c:28 #10 0x7f1a9a968c11 in wl_event_loop_dispatch (/lib64/libwayland-server.so.0+0x9c11) #11 0x7f1a9a967449 in wl_display_run (/lib64/libwayland-server.so.0+0x8449) #12 0x418dff in main ../rootston/main.c:81 #13 0x7f1a99b5ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29) #14 0x4057c9 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x4057c9) previously allocated by thread T0 here: #0 0x7f1a9af75a38 in __interceptor_calloc (/lib64/libasan.so.4+0xdea38) #1 0x7f1a9abe0703 in wlr_wl_output_create ../backend/wayland/output.c:272 #2 0x7f1a9abdd8eb in wlr_wl_backend_start ../backend/wayland/backend.c:55 #3 0x7f1a9abbeb49 in wlr_backend_start ../backend/backend.c:28 #4 0x7f1a9abd8ce1 in multi_backend_start ../backend/multi/backend.c:24 #5 0x7f1a9abbeb49 in wlr_backend_start ../backend/backend.c:28 #6 0x418c32 in main ../rootston/main.c:58 #7 0x7f1a99b5ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29) #8 0x4057c9 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x4057c9)
7 years ago
void *data) {
struct wlr_wl_pointer *pointer =
wl_container_of(listener, pointer, output_destroy);
wlr_input_device_destroy(&pointer->input_device->wlr_input_device);
}
void create_wl_pointer(struct wl_pointer *wl_pointer,
struct wlr_wl_output *output) {
struct wlr_wl_backend *backend = output->backend;
struct wlr_input_device *wlr_dev;
wl_list_for_each(wlr_dev, &output->backend->devices, link) {
if (wlr_dev->type != WLR_INPUT_DEVICE_POINTER) {
continue;
}
struct wlr_wl_pointer *pointer = pointer_get_wl(wlr_dev->pointer);
if (pointer->output == output) {
return;
}
}
struct wlr_wl_pointer *pointer = calloc(1, sizeof(struct wlr_wl_pointer));
if (pointer == NULL) {
wlr_log(L_ERROR, "Allocation failed");
return;
}
pointer->wl_pointer = wl_pointer;
pointer->output = output;
wl_signal_add(&output->wlr_output.events.destroy, &pointer->output_destroy);
pointer->output_destroy.notify = pointer_handle_output_destroy;
struct wlr_wl_input_device *dev =
create_wl_input_device(backend, WLR_INPUT_DEVICE_POINTER);
if (dev == NULL) {
free(pointer);
wlr_log(L_ERROR, "Allocation failed");
return;
}
pointer->input_device = dev;
wlr_dev = &dev->wlr_input_device;
wlr_dev->pointer = &pointer->wlr_pointer;
wlr_dev->output_name = strdup(output->wlr_output.name);
wlr_pointer_init(wlr_dev->pointer, &pointer_impl);
wlr_signal_emit_safe(&backend->backend.events.new_input, wlr_dev);
wayland backend: fix use-after free on output destroy ==12021==ERROR: AddressSanitizer: heap-use-after-free on address 0x617000015698 at pc 0x7f1a9abe1c09 bp 0x7ffe9068f6b0 sp 0x7ffe9068f6a0 WRITE of size 4 at 0x617000015698 thread T0 #0 0x7f1a9abe1c08 in pointer_handle_leave ../backend/wayland/wl_seat.c:40 #1 0x7f1a96ae7d1d in ffi_call_unix64 (/lib64/libffi.so.6+0x5d1d) #2 0x7f1a96ae768e in ffi_call (/lib64/libffi.so.6+0x568e) #3 0x7f1a988e0d8a (/lib64/libwayland-client.so.0+0x8d8a) #4 0x7f1a988dd927 (/lib64/libwayland-client.so.0+0x5927) #5 0x7f1a988debe3 in wl_display_dispatch_queue_pending (/lib64/libwayland-client.so.0+0x6be3) #6 0x7f1a9abdd6d6 in dispatch_events ../backend/wayland/backend.c:28 #7 0x7f1a9a968c11 in wl_event_loop_dispatch (/lib64/libwayland-server.so.0+0x9c11) #8 0x7f1a9a967449 in wl_display_run (/lib64/libwayland-server.so.0+0x8449) #9 0x418dff in main ../rootston/main.c:81 #10 0x7f1a99b5ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29) #11 0x4057c9 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x4057c9) 0x617000015698 is located 664 bytes inside of 696-byte region [0x617000015400,0x6170000156b8) freed by thread T0 here: #0 0x7f1a9af754b8 in __interceptor_free (/lib64/libasan.so.4+0xde4b8) #1 0x7f1a9abe01ee in wlr_wl_output_destroy ../backend/wayland/output.c:194 #2 0x7f1a9ac12918 in wlr_output_destroy ../types/wlr_output.c:299 #3 0x7f1a9abe061b in xdg_toplevel_handle_close ../backend/wayland/output.c:255 #4 0x7f1a96ae7d1d in ffi_call_unix64 (/lib64/libffi.so.6+0x5d1d) #5 0x7f1a96ae768e in ffi_call (/lib64/libffi.so.6+0x568e) #6 0x7f1a988e0d8a (/lib64/libwayland-client.so.0+0x8d8a) #7 0x7f1a988dd927 (/lib64/libwayland-client.so.0+0x5927) #8 0x7f1a988debe3 in wl_display_dispatch_queue_pending (/lib64/libwayland-client.so.0+0x6be3) #9 0x7f1a9abdd6d6 in dispatch_events ../backend/wayland/backend.c:28 #10 0x7f1a9a968c11 in wl_event_loop_dispatch (/lib64/libwayland-server.so.0+0x9c11) #11 0x7f1a9a967449 in wl_display_run (/lib64/libwayland-server.so.0+0x8449) #12 0x418dff in main ../rootston/main.c:81 #13 0x7f1a99b5ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29) #14 0x4057c9 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x4057c9) previously allocated by thread T0 here: #0 0x7f1a9af75a38 in __interceptor_calloc (/lib64/libasan.so.4+0xdea38) #1 0x7f1a9abe0703 in wlr_wl_output_create ../backend/wayland/output.c:272 #2 0x7f1a9abdd8eb in wlr_wl_backend_start ../backend/wayland/backend.c:55 #3 0x7f1a9abbeb49 in wlr_backend_start ../backend/backend.c:28 #4 0x7f1a9abd8ce1 in multi_backend_start ../backend/multi/backend.c:24 #5 0x7f1a9abbeb49 in wlr_backend_start ../backend/backend.c:28 #6 0x418c32 in main ../rootston/main.c:58 #7 0x7f1a99b5ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29) #8 0x4057c9 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x4057c9)
7 years ago
}
static void seat_handle_capabilities(void *data, struct wl_seat *wl_seat,
enum wl_seat_capability caps) {
struct wlr_wl_backend *backend = data;
assert(backend->seat == wl_seat);
if ((caps & WL_SEAT_CAPABILITY_POINTER)) {
wlr_log(L_DEBUG, "seat %p offered pointer", (void*) wl_seat);
struct wl_pointer *wl_pointer = wl_seat_get_pointer(wl_seat);
backend->pointer = wl_pointer;
struct wlr_wl_output *output;
wl_list_for_each(output, &backend->outputs, link) {
create_wl_pointer(wl_pointer, output);
}
wl_pointer_add_listener(wl_pointer, &pointer_listener, backend);
}
if ((caps & WL_SEAT_CAPABILITY_KEYBOARD)) {
wlr_log(L_DEBUG, "seat %p offered keyboard", (void*) wl_seat);
struct wlr_wl_input_device *dev = create_wl_input_device(backend,
WLR_INPUT_DEVICE_KEYBOARD);
if (dev == NULL) {
wlr_log(L_ERROR, "Allocation failed");
return;
}
struct wlr_input_device *wlr_dev = &dev->wlr_input_device;
wlr_dev->keyboard = calloc(1, sizeof(struct wlr_keyboard));
if (!wlr_dev->keyboard) {
free(dev);
wlr_log(L_ERROR, "Allocation failed");
return;
}
wlr_keyboard_init(wlr_dev->keyboard, NULL);
struct wl_keyboard *wl_keyboard = wl_seat_get_keyboard(wl_seat);
wl_keyboard_add_listener(wl_keyboard, &keyboard_listener, wlr_dev);
dev->resource = wl_keyboard;
wlr_signal_emit_safe(&backend->backend.events.new_input, wlr_dev);
}
}
static void seat_handle_name(void *data, struct wl_seat *wl_seat, const char *name) {
struct wlr_wl_backend *backend = data;
assert(backend->seat == wl_seat);
// Do we need to check if seatName was previously set for name change?
free(backend->seat_name);
backend->seat_name = strdup(name);
}
const struct wl_seat_listener seat_listener = {
.capabilities = seat_handle_capabilities,
.name = seat_handle_name,
};