[PATCH v2 0/3] Deal with destroy signal use after free issues
Derek Foreman
derekf at osg.samsung.com
Mon Apr 16 20:00:57 UTC 2018
Now that the release is out, I'd like to dig back into this mess.
This is a round up of some patches that were on list shortly before
the release to deal with a problem where many existing libwayland
users don't delete their destroy signal listeners before freeing
them.
These leads to a bit of a mess (as Markus' test illustrates) if there
are multiple destroy listeners.
I've included:
My test patch to ensure the existing behaviour continues to work
(users like weston and enlightenment can free during destroy
listener)
The special case destroy emit path for wl_priv_signal - this is
an attempt to "fix" the problem, by making the destroy signal
emit operate without ever touching potentially free()d elements
again.
Markus' test that would fail without patch 2/3, as it catches the
free() without removal case we've all come to know any love.
Derek Foreman (2):
tests: Test for use after free in resource destruction signals
changes since first appearance: none
server: Add special case destroy signal emitter
changes since first appearance: stop trying to maintain a list head
Markus Ongyerth (1):
tests: Add free-without-remove test
changes since first appearance: I moved it into an existing file
src/wayland-private.h | 3 +++
src/wayland-server.c | 46 +++++++++++++++++++++++++++++++++++++++++++---
tests/resources-test.c | 39 +++++++++++++++++++++++++++++++++++++++
3 files changed, 85 insertions(+), 3 deletions(-)
--
2.14.3
More information about the wayland-devel
mailing list