fixed bug in wl_list

Marty Jack martyj19 at comcast.net
Sat Mar 12 04:28:27 PST 2011 

I have never encountered a system where it was believed to be desirable to allow something to be removed twice.  It is important to keep data structures clean.  If anything you would be more likely to see a debugging mode where the lists were fully checked after every insert or remove to make sure they are internally consistent, especially if they are important to keeping the system running.  It's not that much different from memory allocation.  A block is allocated, or it is free, and a double free is a bug.

On 03/12/2011 07:01 AM, Iskren Chernev wrote:
> Well, the actual problem is that something was removed twice. And I know where this place is, but I couldn't know if you would like to remove elements multiple times with no problems, or treat the list very carefully and remove elements only once. But then there should be a way to know if an element is already in a list or not. So if there is a way to know that, why not make a check inside wl_list_remove, just to make sure.
> 
> I'll fix it the way you want it to be :)
> 
> Regards,
> Iskren
> 
> On Sat, Mar 12, 2011 at 1:07 PM, Marty Jack <martyj19 at comcast.net <mailto:martyj19 at comcast.net>> wrote:
> 
> 
> 
>     On 03/11/2011 07:32 PM, Iskren Chernev wrote:
>     > Hello,
>     >
>     > I found a bug and fixed it with the patch :)
>     >
>     > *to reproduce:*
>     > run compositor on top of x11
>     >
>     > repeat
>     >    run flower
>     >    drag & drop it a little
>     >    move the pointer in and out of the compositor/flower
>     >    Ctrl+C the flower client
>     >
>     > it would break eventually
>     >
>     > *problem:*
>     > I found that the linked list surface->destroy_listener_list got corrupted at some point (it was not circular any more, strange next/prev etc), which causes the crash.
>     >
>     > *solution:*
>     > The problem was in wl_list_remove -- when you erase an element, you don't mark it as 'erased', by setting prev/next to NULL for example. Then if you erase it again the list becomes corrupt. I nullified the prev/next and check in the begining of wl_list_remove for not-in-list elements and just ignore them. That seems to fix it.
>     >
>     > Regards,
>     > Iskren
>     >
>     >
>     >
>     > _______________________________________________
>     > wayland-devel mailing list
>     > wayland-devel at lists.freedesktop.org <mailto:wayland-devel at lists.freedesktop.org>
>     > http://lists.freedesktop.org/mailman/listinfo/wayland-devel
> 
>     Unfortunately your fix only papers over the real problem, which is that the list got corrupted at some point.  It would not actually solve the problem.  The source of the corruption needs to be located and fixed; it could be removing something twice, inserting something twice, or the like.  You could push ahead with this if you were interested.
>     _______________________________________________
>     wayland-devel mailing list
>     wayland-devel at lists.freedesktop.org <mailto:wayland-devel at lists.freedesktop.org>
>     http://lists.freedesktop.org/mailman/listinfo/wayland-devel
> 
>

More information about the wayland-devel mailing list