[PATCH weston 1/2] wayland-client: Avoid null dereference when handling deletion

Jonas Ådahl jadahl at gmail.com
Thu Mar 28 12:28:27 PDT 2013


On Thu, Mar 28, 2013 at 7:48 PM, Rob Bradford <robert.bradford at intel.com> wrote:
> From: Rob Bradford <rob at linux.intel.com>
>
> If an unknown id is deleted then the lookup in the map will return NULL and
> so we should avoid dereferencing that.

Hi Rob,

I think the patch looks good, but I have one comment below.

Thanks,
Jonas

> ---
>  src/wayland-client.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/wayland-client.c b/src/wayland-client.c
> index 0873835..e8d3240 100644
> --- a/src/wayland-client.c
> +++ b/src/wayland-client.c
> @@ -415,7 +415,7 @@ display_handle_delete_id(void *data, struct wl_display *display, uint32_t id)
>         pthread_mutex_lock(&display->mutex);
>
>         proxy = wl_map_lookup(&display->objects, id);
> -       if (proxy != WL_ZOMBIE_OBJECT)
> +       if (proxy && proxy != WL_ZOMBIE_OBJECT)
>                 proxy->flags |= WL_PROXY_FLAG_ID_DELETED;

I believe this could only ever happen if the compositor is
malfunctioning, as the delete_id event is only sent once for every id
being deleted. If we would get NULL here, it would mean that it would
already have been deleted by the server and destroyed by the client
without having been reused again.

Anyhow, I think it makes sense to avoid crashing when the server is
misbehaving, but would it maybe make sense to log a warning about it?

>         else
>                 wl_map_remove(&display->objects, id);
> --
> 1.8.1.2
>
> _______________________________________________
> wayland-devel mailing list
> wayland-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/wayland-devel


More information about the wayland-devel mailing list