[PATCH weston 1/2] wayland-client: Avoid null dereference when handling deletion

Jason Ekstrand jason at jlekstrand.net
Thu Mar 28 12:31:41 PDT 2013 

On Mar 28, 2013 2:29 PM, "Jonas Ådahl" <jadahl at gmail.com> wrote:
>
> On Thu, Mar 28, 2013 at 7:48 PM, Rob Bradford <robert.bradford at intel.com>
wrote:
> > From: Rob Bradford <rob at linux.intel.com>
> >
> > If an unknown id is deleted then the lookup in the map will return NULL
and
> > so we should avoid dereferencing that.
>
> Hi Rob,
>
> I think the patch looks good, but I have one comment below.
>
> Thanks,
> Jonas
>
> > ---
> >  src/wayland-client.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/src/wayland-client.c b/src/wayland-client.c
> > index 0873835..e8d3240 100644
> > --- a/src/wayland-client.c
> > +++ b/src/wayland-client.c
> > @@ -415,7 +415,7 @@ display_handle_delete_id(void *data, struct
wl_display *display, uint32_t id)
> >         pthread_mutex_lock(&display->mutex);
> >
> >         proxy = wl_map_lookup(&display->objects, id);
> > -       if (proxy != WL_ZOMBIE_OBJECT)
> > +       if (proxy && proxy != WL_ZOMBIE_OBJECT)
> >                 proxy->flags |= WL_PROXY_FLAG_ID_DELETED;
>
> I believe this could only ever happen if the compositor is
> malfunctioning, as the delete_id event is only sent once for every id
> being deleted. If we would get NULL here, it would mean that it would
> already have been deleted by the server and destroyed by the client
> without having been reused again.
>
> Anyhow, I think it makes sense to avoid crashing when the server is
> misbehaving, but would it maybe make sense to log a warning about it?

Along those lines there is another one on line 737 in queue_event that we
may want to look at.  Again, this should only happen in the case of
misbehaving compositors.
--Jason Ekstrand.

>
> >         else
> >                 wl_map_remove(&display->objects, id);
> > --
> > 1.8.1.2
> >
> > _______________________________________________
> > wayland-devel mailing list
> > wayland-devel at lists.freedesktop.org
> > http://lists.freedesktop.org/mailman/listinfo/wayland-devel
> _______________________________________________
> wayland-devel mailing list
> wayland-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/wayland-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/wayland-devel/attachments/20130328/f48de0c8/attachment.html>

More information about the wayland-devel mailing list