mirror of
https://github.com/hyprwm/wlroots-hyprland.git
synced 2024-11-26 14:45:58 +01:00
xwm: fix use-after-free involving parents/children
Happens when e.g. closing gimp. ==24039==ERROR: AddressSanitizer: heap-use-after-free on address 0x6150001a7a78 at pc 0x7f09b09f1bb2 bp 0x7ffcf0237bf0 sp 0x7ffcf0237be0 WRITE of size 8 at 0x6150001a7a78 thread T0 #0 0x7f09b09f1bb1 in wl_list_remove ../util/signal.c:55 #1 0x7f09b094cf03 in xwayland_surface_destroy ../xwayland/xwm.c:295 #2 0x7f09b0950245 in xwm_handle_destroy_notify ../xwayland/xwm.c:717 #3 0x7f09b095304a in x11_event_handler ../xwayland/xwm.c:1149 #4 0x7f09b0c68f01 in wl_event_loop_dispatch src/event-loop.c:641 #5 0x7f09b0c67601 in wl_display_run src/wayland-server.c:1260 #6 0x40a2f4 in main ../sway/main.c:433 #7 0x7f09b011018a in __libc_start_main (/lib64/libc.so.6+0x2318a) #8 0x40b749 in _start (/opt/wayland/bin/sway+0x40b749) 0x6150001a7a78 is located 120 bytes inside of 496-byte region [0x6150001a7a00,0x6150001a7bf0) freed by thread T0 here: #0 0x7f09b2b58880 in __interceptor_free (/lib64/libasan.so.5+0xee880) #1 0x7f09b094d1a1 in xwayland_surface_destroy ../xwayland/xwm.c:315 #2 0x7f09b0950245 in xwm_handle_destroy_notify ../xwayland/xwm.c:717 #3 0x7f09b095304a in x11_event_handler ../xwayland/xwm.c:1149 #4 0x7f09b0c68f01 in wl_event_loop_dispatch src/event-loop.c:641 #5 0x7f09b0c67601 in wl_display_run src/wayland-server.c:1260 #6 0x40a2f4 in main ../sway/main.c:433 #7 0x7f09b011018a in __libc_start_main (/lib64/libc.so.6+0x2318a) #8 0x40b749 in _start (/opt/wayland/bin/sway+0x40b749) previously allocated by thread T0 here: #0 0x7f09b2b58e50 in calloc (/lib64/libasan.so.5+0xeee50) #1 0x7f09b094b585 in xwayland_surface_create ../xwayland/xwm.c:119 #2 0x7f09b0950151 in xwm_handle_create_notify ../xwayland/xwm.c:706 #3 0x7f09b0953032 in x11_event_handler ../xwayland/xwm.c:1146 #4 0x7f09b0c68f01 in wl_event_loop_dispatch src/event-loop.c:641 #5 0x7f09b0c67601 in wl_display_run src/wayland-server.c:1260 #6 0x40a2f4 in main ../sway/main.c:433 #7 0x7f09b011018a in __libc_start_main (/lib64/libc.so.6+0x2318a) #8 0x40b749 in _start (/opt/wayland/bin/sway+0x40b749)
This commit is contained in:
parent
954969698a
commit
4a1c9a1925
1 changed files with 6 additions and 0 deletions
|
@ -294,6 +294,12 @@ static void xwayland_surface_destroy(
|
||||||
wl_list_remove(&xsurface->link);
|
wl_list_remove(&xsurface->link);
|
||||||
wl_list_remove(&xsurface->parent_link);
|
wl_list_remove(&xsurface->parent_link);
|
||||||
|
|
||||||
|
struct wlr_xwayland_surface *child, *next;
|
||||||
|
wl_list_for_each_safe(child, next, &xsurface->children, parent_link) {
|
||||||
|
wl_list_remove(&child->parent_link);
|
||||||
|
wl_list_init(&child->parent_link);
|
||||||
|
}
|
||||||
|
|
||||||
if (xsurface->surface_id) {
|
if (xsurface->surface_id) {
|
||||||
wl_list_remove(&xsurface->unpaired_link);
|
wl_list_remove(&xsurface->unpaired_link);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue