[PATCH v2 wayland 08/11] client: Consume file descriptors destined for zombie proxies

[Derek Foreman]

We need to close file descriptors sent to zombie proxies to avoid leaking
them, and perhaps more importantly, to prevent them from being dispatched
in events on other objects (since they would previously be left in the
buffer and potentially fed to following events destined for live proxies)

Signed-off-by: Derek Foreman <derekf at osg.samsung.com>
---
 src/connection.c      |  6 ++++++
 src/wayland-client.c  | 18 ++++++++++++++++--
 src/wayland-private.h |  3 +++
 3 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/src/connection.c b/src/connection.c
index 84f5d79..2bfdd82 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -192,6 +192,12 @@ close_fds(struct wl_buffer *buffer, int max)
 	buffer->tail += size;
 }
 
+void
+wl_connection_close_fds_in(struct wl_connection *connection, int max)
+{
+	close_fds(&connection->fds_in, max);
+}
+
 int
 wl_connection_destroy(struct wl_connection *connection)
 {
diff --git a/src/wayland-client.c b/src/wayland-client.c
index 50fdfad..9d6a37b 100644
--- a/src/wayland-client.c
+++ b/src/wayland-client.c
@@ -1303,12 +1303,14 @@ increase_closure_args_refcount(struct wl_closure *closure)
 static int
 queue_event(struct wl_display *display, int len)
 {
+	void *map_entry;
 	uint32_t p[2], id;
 	int opcode, size;
 	struct wl_proxy *proxy;
 	struct wl_closure *closure;
 	const struct wl_message *message;
 	struct wl_event_queue *queue;
+	bool is_zombie;
 
 	wl_connection_copy(display->connection, p, sizeof p);
 	id = p[0];
@@ -1317,12 +1319,24 @@ queue_event(struct wl_display *display, int len)
 	if (len < size)
 		return 0;
 
-	proxy = wl_map_lookup(&display->objects, id);
-	if (!proxy || wl_object_is_zombie(&display->objects, id)) {
+	map_entry = wl_map_lookup(&display->objects, id);
+	is_zombie = wl_object_is_zombie(&display->objects, id);
+	if (!map_entry && !is_zombie) {
 		wl_connection_consume(display->connection, size);
 		return size;
 	}
 
+	if (is_zombie) {
+		struct wl_zombie *zombie = map_entry;
+
+		if (zombie)
+			wl_connection_close_fds_in(display->connection,
+						   zombie->fd_count[opcode]);
+
+		wl_connection_consume(display->connection, size);
+		return size;
+	}
+	proxy = map_entry;
 	message = &proxy->object.interface->events[opcode];
 	closure = wl_connection_demarshal(display->connection, size,
 					  &display->objects, message);
diff --git a/src/wayland-private.h b/src/wayland-private.h
index a50174b..e633de5 100644
--- a/src/wayland-private.h
+++ b/src/wayland-private.h
@@ -253,4 +253,7 @@ wl_priv_signal_get(struct wl_priv_signal *signal, wl_notify_func_t notify);
 void
 wl_priv_signal_emit(struct wl_priv_signal *signal, void *data);
 
+void
+wl_connection_close_fds_in(struct wl_connection *connection, int max);
+
 #endif
-- 
2.11.0