[PATCH wayland 3/5] server: don't proceed in posting no-memory error on client destruction

Pekka Paalanen ppaalanen at gmail.com
Mon May 16 09:22:02 UTC 2016 

On Fri, 13 May 2016 15:01:20 +0200
Marek Chalupa <mchqwerty at gmail.com> wrote:

> When a client is being destroyed, the display_resource is set to NULL.
> If then some destroy handler calls wl_client_post_no_memory() or
> wl_resource_post_no_memory() we crash.
> 
> Signed-off-by: Marek Chalupa <mchqwerty at gmail.com>
> ---
>  src/wayland-server.c | 10 ++++++++++
>  1 file changed, 10 insertions(+)
> 
> diff --git a/src/wayland-server.c b/src/wayland-server.c
> index c93a426..b26a48d 100644
> --- a/src/wayland-server.c
> +++ b/src/wayland-server.c
> @@ -546,6 +546,11 @@ wl_client_get_object(struct wl_client *client, uint32_t id)
>  WL_EXPORT void
>  wl_client_post_no_memory(struct wl_client *client)
>  {
> +	/* don't send any other errors
> +	 * if we are destroying the client */
> +	if (!client->display_resource)
> +		return;
> +
>  	wl_resource_post_error(client->display_resource,
>  			       WL_DISPLAY_ERROR_NO_MEMORY, "no memory");
>  }
> @@ -553,6 +558,11 @@ wl_client_post_no_memory(struct wl_client *client)
>  WL_EXPORT void
>  wl_resource_post_no_memory(struct wl_resource *resource)
>  {
> +	/* don't send any other errors
> +	 * if we are destroying the client */
> +	if (!resource->client->display_resource)
> +		return;
> +
>  	wl_resource_post_error(resource->client->display_resource,
>  			       WL_DISPLAY_ERROR_NO_MEMORY, "no memory");
>  }

Hi Marek,

wl_resource_post_error() already checks and escapes if display_resource
is NULL, but first it uses the passed in resource to get 'client',
which is where it would crash if there wasn't a display_resource.

Ok, so the way to trigger this is to send a no-memory from an object
destroy handler. A little strange, but should work still indeed.

The alternative to this patch would be to make
wl_resource_post_error(NULL, ...) not crash, but ABI-wise that is a
change rather than just a fix.

Therefore:
Reviewed-by: Pekka Paalanen <pekka.paalanen at collabora.co.uk>


Thanks,
pq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 811 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/wayland-devel/attachments/20160516/8f9ebbfc/attachment.sig>

More information about the wayland-devel mailing list