==32557==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000425f96 bp 0x7fff8ac19de0 sp 0x7fff8ac19d20 T0)
==32557==The signal is caused by a READ memory access.
==32557==Hint: address points to the zero page.
#0 0x425f95 in roots_seat_set_focus ../rootston/seat.c:737
#1 0x40bcd6 in roots_cursor_press_button ../rootston/cursor.c:272
#2 0x40c1f7 in roots_cursor_handle_button ../rootston/cursor.c:298
#3 0x42179b in handle_cursor_button ../rootston/seat.c:58
#4 0x7f1651062367 in wlr_signal_emit_safe ../util/signal.c:29
#5 0x7f165101b532 in handle_pointer_button ../types/wlr_cursor.c:344
#6 0x7f1651062367 in wlr_signal_emit_safe ../util/signal.c:29
#7 0x7f1650ff633b in handle_pointer_button ../backend/libinput/pointer.c:85
#8 0x7f1650ff5291 in wlr_libinput_event ../backend/libinput/events.c:215
#9 0x7f1650ff3990 in wlr_libinput_readable ../backend/libinput/backend.c:35
#10 0x7f1650d88c11 in wl_event_loop_dispatch (/lib64/libwayland-server.so.0+0x9c11)
#11 0x7f1650d87449 in wl_display_run (/lib64/libwayland-server.so.0+0x8449)
#12 0x418e90 in main ../rootston/main.c:81
#13 0x7f164ff7ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29)
#14 0x405829 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x405829)
introduced by #680
Check whether the newly focused view is the same as the one currently
fullscreen on that output, or override redirect and don't unfullscreen
in these cases.
The output fullscreen surfaces are drawn in front of everything, without
consideration for view z-order.
If a view is brought to front, unset any fullscreen view that would
cover this view to make sure the view is visible.
The motivation for this is:
- `get_popup` and `get_toplevel` allocate role-specific resources.
- On the first non-null commit, the surface gets mapped.
- On a null commit, the surface gets unmapped. It can be mapped
again with a non-null commit.
- When the role object (xdg-toplevel or xdg-popup) is
destroyed, the surface is unmapped and role-specific resources
are destroyed. The client can call `get_popup` or `get_toplevel`
again on that surface.
- When the xdg-surface object is destroyed, the surface is
unmapped, role-specific resources are destroyed and the surface
itself is destroyed.
It was broken because the damage extents were rotated about its
own center, not about the center of the surface.
This adds a new wlr_region_rotated_bounds that rotates regions.
This allows us to have only one code path (for both non-rotated
views and rotated views) and optimizes rendering for rotated
views.
The xcb_connection_t instance that is used here comes from
XGetXCBConnection(), is created by XOpenDisplay(), and is owned by the
returned Display*. Calling xcb_disconnect() directly on it leads to
various use-after-frees during shutdown, as reported by valgrind. The
first one of the about 30 errors is:
Invalid read of size 4
at 0x71F2051: xcb_take_socket (in /usr/lib64/libxcb.so.1.1.0)
by 0x78551DD: ??? (in /usr/lib64/libX11.so.6.3.0)
by 0x7855A14: _XFlush (in /usr/lib64/libX11.so.6.3.0)
by 0x7858504: _XGetRequest (in /usr/lib64/libX11.so.6.3.0)
by 0x7838966: XFreeGC (in /usr/lib64/libX11.so.6.3.0)
by 0x783238B: XCloseDisplay (in /usr/lib64/libX11.so.6.3.0)
by 0x4E680C2: wlr_x11_backend_destroy (backend.c:333)
by 0x4E57E94: wlr_backend_destroy (backend.c:39)
by 0x4E629FB: multi_backend_destroy (backend.c:47)
by 0x4E62B5A: handle_display_destroy (backend.c:90)
by 0x50B7E9F: ??? (in /usr/lib64/libwayland-server.so.0.1.0)
by 0x50B8476: wl_display_destroy (in /usr/lib64/libwayland-server.so.0.1.0)
Address 0xc14dda0 is 0 bytes inside a block of size 21,152 free'd
at 0x4C2DD18: free (vg_replace_malloc.c:530)
by 0x4E680A5: wlr_x11_backend_destroy (backend.c:330)
by 0x4E57E94: wlr_backend_destroy (backend.c:39)
by 0x4E629FB: multi_backend_destroy (backend.c:47)
by 0x4E62B5A: handle_display_destroy (backend.c:90)
by 0x50B7E9F: ??? (in /usr/lib64/libwayland-server.so.0.1.0)
by 0x50B8476: wl_display_destroy (in /usr/lib64/libwayland-server.so.0.1.0)
by 0x40C54E: main (main.c:84)
Block was alloc'd at
at 0x4C2EA1E: calloc (vg_replace_malloc.c:711)
by 0x71F0C60: xcb_connect_to_fd (in /usr/lib64/libxcb.so.1.1.0)
by 0x71F4BD4: xcb_connect_to_display_with_auth_info (in /usr/lib64/libxcb.so.1.1.0)
by 0x7854AA1: _XConnectXCB (in /usr/lib64/libX11.so.6.3.0)
by 0x7845481: XOpenDisplay (in /usr/lib64/libX11.so.6.3.0)
by 0x4E681B6: wlr_x11_backend_create (backend.c:376)
by 0x4E580EE: wlr_backend_autocreate (backend.c:99)
by 0x40C27D: main (main.c:35)
Normally, one would expect this to crash during XCloseDisplay() when
xcb_disconnect() is called again and frees the same data again (glibc would
detect a double free). However, XCloseDisplay() tries to clean up some internal
caches first for which it has to send requests to the X11 server (e.g. the
XFreeGC() above). This fails since the file descriptor was already closed,
which causes an IO error. Xlib's _XDefaultIOError() handles this by printing an
error message and calling exit(1).
Thus, the only symptom of this problem was compositors exiting
mid-shutdown and printing an error message:
XIO: fatal IO error 11 (Resource temporarily unavailable) on X server ":0"
after 6 requests (6 known processed) with 0 events remaining.
Fixes: https://github.com/swaywm/wlroots/issues/745
Signed-off-by: Uli Schlachter <psychon@znc.in>
