[Wayland-bugs] [Bug 65961] SIGSEGV in weston-desktop-shell when client is stopped

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Wed Jul 3 22:12:50 PDT 2013 

https://bugs.freedesktop.org/show_bug.cgi?id=65961

Kristian Høgsberg <krh at bitplanet.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #5 from Kristian Høgsberg <krh at bitplanet.net> ---
There's a few crashes at work here.  First, the weston crash happens when the
desktop-shell helper client crashes too fast and we give up trying to re-launch
it.  At that point shell.c doesn't have a desktop-shell to talk to.  It tries
anyway to set the grab cursor (for example, when moving a window or setting the
busy cursor) and crashes.  If the desktop-shell client is gone, the best we can
do is just not setting the cursor:

commit c9974a0796fe2934299f10dc3a879d29c7045859
Author: Kristian Høgsberg <krh at bitplanet.net>
Date:   Wed Jul 3 19:24:57 2013 -0400

    shell: Dont set grab cursor if desktop-shell client died

    If we don't have a desktop-shell helper client, don't try to send events
    to it.

Next, the reason desktop-shell dies in the first place is that it gets a motion
event with coordinates outside the surface for the cursor dummy surface. 
That's why the widget is NULL, but this shouldn't happen, so the NULL check in
attachment 81102 is papering over a deeper problem.  What happens is that the
default_grab focus handler ends up triggering handle_pointer_focus in shell.c,
which recognizes the unresponsive surface and starts the busy cursor grab. 
However, when returning to notify_motion in input.c, we have a cached value of
the previous grab (the default grab) in the 'interface' local var, and thus
calls default_grab_motion, even though the new current grab is the busy cursor
grab.  This means that the cursor surface gets a motion event, which should
never happen and triggers the desktop-shell crash:

commit da751b8f9a16177b56399f10ca193b4c8b746ad8
Author: Kristian Høgsberg <krh at bitplanet.net>
Date:   Thu Jul 4 00:58:07 2013 -0400

    input: Don't cache pointer grab interface between calls to focus and motion

    The focus callback for the current grab can change the grab, so we have
    to make sure we call the motion callback for the currently active grab.

    https://bugs.freedesktop.org/show_bug.cgi?id=65961

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/wayland-bugs/attachments/20130704/0213c885/attachment.html>

More information about the Wayland-bugs mailing list