<html>
    <head>
      <base href="https://bugs.freedesktop.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Priority</th>
          <td>medium
          </td>
        </tr>

        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW --- - Weston crashes after using context menus in weston-terminal"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=77072">77072</a>
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>wayland-bugs@lists.freedesktop.org
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Weston crashes after using context menus in weston-terminal
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>bryancain3+fdo@gmail.com
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>Other
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>weston
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>Wayland
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Running Weston complied from the latest git head (47928d871503) as a windowed
X11 client, I consistently get a SIGSEGV in Weston when I do the following:

1) open weston-terminal
2) select some text, right-click in weston-terminal, and select "Copy" or
"Paste" from the context menu
3) quickly click on an X11 window outside of the Weston compositor, making the
compositor lose keyboard focus

I did some digging, and found out what was happening in the Weston shell.  When
an option in the context menu is selected, weston-terminal (via toytoolkit)
calls xdg_popup_destroy() to close the context menu.  The Weston shell
implements this with the shell_destroy_shell_surface() function, which sets the
backing shsurf->resource to NULL.  However, the surface stays in
shseat->popup_grab.surfaces_list and isn't actually destroyed until its closing
fade animation is finished.  If the Weston compositor loses the keyboard focus
before the fade animation is finished, it tries to forcefully end the popup's
mouse grab by calling shell_surface_send_popup_done() on the popup whose
destructor has already been called, which causes a segfault.

I've made a small patch to fix the bug by removing the surface from the
popup_grab list in shell_destroy_shell_surface.</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>