[PATCH wayland 0/9] Stop leaking file descriptors

[Derek Foreman]

Turns out there are several different ways to leak file descriptors in
libwayland, this is an attempt to show a couple of those via tests, and
close them off.

patch 1 is, I think, a bug fix for a long standing error where close_fds
only works sensible when told to close all the available fds.  If it
closed less than all of them, it just leaked the rest.  This seems to be
unusable behaviour, so I've made it handle subsets of available fds in
preparation for a later patch that uses that.  Until now, it's only been
used for all fds, so this bug has been purely theoretical.

2-3 introduce two new test cases for catching fd leaks on zombie objects

4,5,6 close the low hanging fruit fd leaks - failure during marshal,
demarshal, or when a closure has been demarshalled successfully
but a previous event in the same buffer has turned its target into
a zombie.

7 is almost entirely gratuitous, at the time I thought it made the
following patches a tiny bit easier to review.

8 is the most controversial in the series because it removes the
singleton zombie object we've had until now and replaces it with a
client-side only map flag denoting zombieness - and stores the
*interface* in the proxy's old map slot so we have it around if we
need its signatures to properly eat events sent to the zombie that
contain fds.  It's a little gross, but I've not been able to think
of anything much prettier.

9 fixes the long standing bug where an event with an fd is sent to
a zombie object, but not immediately (so it's not demarshalled
before the object becomes a zombie), and the same buffer contains an
event with an fd for an object that's still valid.  Since we weren't
properly removing zombie object fds from the buffer, the valid object
would get the zombie's fd, and the valid fd would get leaked.

Thanks,
Derek

Derek Foreman (9):
  connection: close_fds() should only remove fds it closed from the
    buffer
  tests: Add a test for fd leaks on zombie objects
  tests: Check for wrong fd delivery with zombie objects
  connection: Close fds from half marshalled closures
  connection: Close fds from half demarshalled closures
  connection: Make wl_closure_destroy() close fds of undispatched
    closures
  client: Simplify some logic in queue_event
  client: Replace the singleton zombie with bespoke zombies
  client: Consume file descriptors destined for zombie proxies

 Makefile.am              |   7 +-
 protocol/tests.xml       |  52 +++++++++++
 src/connection.c         |  71 +++++++++++++-
 src/wayland-client.c     |  51 +++++++---
 src/wayland-private.h    |  17 +++-
 src/wayland-server.c     |   6 +-
 src/wayland-util.c       |  22 ++++-
 tests/connection-test.c  |  12 +--
 tests/display-test.c     | 239 +++++++++++++++++++++++++++++++++++++++++++++++
 tests/os-wrappers-test.c |   4 +-
 10 files changed, 445 insertions(+), 36 deletions(-)
 create mode 100644 protocol/tests.xml

-- 
2.11.0