[PATCH v2 0/3] Deal with destroy signal use after free issues
Derek Foreman
derekf at osg.samsung.com
Fri Apr 20 18:36:06 UTC 2018
I've pushed this series now.
Thanks,
Derek
On 2018-04-16 03:00 PM, Derek Foreman wrote:
> Now that the release is out, I'd like to dig back into this mess.
> This is a round up of some patches that were on list shortly before
> the release to deal with a problem where many existing libwayland
> users don't delete their destroy signal listeners before freeing
> them.
>
> These leads to a bit of a mess (as Markus' test illustrates) if there
> are multiple destroy listeners.
>
> I've included:
> My test patch to ensure the existing behaviour continues to work
> (users like weston and enlightenment can free during destroy
> listener)
>
> The special case destroy emit path for wl_priv_signal - this is
> an attempt to "fix" the problem, by making the destroy signal
> emit operate without ever touching potentially free()d elements
> again.
>
> Markus' test that would fail without patch 2/3, as it catches the
> free() without removal case we've all come to know any love.
>
> Derek Foreman (2):
> tests: Test for use after free in resource destruction signals
> changes since first appearance: none
>
> server: Add special case destroy signal emitter
> changes since first appearance: stop trying to maintain a list head
>
> Markus Ongyerth (1):
> tests: Add free-without-remove test
> changes since first appearance: I moved it into an existing file
>
> src/wayland-private.h | 3 +++
> src/wayland-server.c | 46 +++++++++++++++++++++++++++++++++++++++++++---
> tests/resources-test.c | 39 +++++++++++++++++++++++++++++++++++++++
> 3 files changed, 85 insertions(+), 3 deletions(-)
>
More information about the wayland-devel
mailing list