[PATCH] Partially revert "xwayland: Always free reply from xcb_get_property_reply()"
Emmanuel Gil Peyrot
linkmauve at linkmauve.fr
Wed Jul 15 13:14:05 PDT 2015
This reverts commit d3553c721c0fed07f85b70fea418ca65ed974fbb.
weston_wm_write_property() takes the ownership of the reply it gets as
a parameter, and will eventually free it later in writable_callback.
This change introduced a double-free when Xwayland programs triggered a
copy to the clipboard, leading to a Weston crash.
---
xwayland/selection.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/xwayland/selection.c b/xwayland/selection.c
index 452cd69..73c1059 100644
--- a/xwayland/selection.c
+++ b/xwayland/selection.c
@@ -117,13 +117,14 @@ weston_wm_get_incr_chunk(struct weston_wm *wm)
dump_property(wm, wm->atom.wl_selection, reply);
if (xcb_get_property_value_length(reply) > 0) {
+ /* reply's ownership is transfered to wm, which is responsible
+ * of freeing it */
weston_wm_write_property(wm, reply);
} else {
weston_log("transfer complete\n");
close(wm->data_source_fd);
+ free(reply);
}
-
- free(reply);
}
struct x11_data_source {
@@ -247,12 +248,13 @@ weston_wm_get_selection_data(struct weston_wm *wm)
return;
} else if (reply->type == wm->atom.incr) {
wm->incr = 1;
+ free(reply);
} else {
wm->incr = 0;
+ /* reply's ownership is transfered to wm, which is responsible
+ * of freeing it */
weston_wm_write_property(wm, reply);
}
-
- free(reply);
}
static void
--
2.4.2
More information about the wayland-devel
mailing list