wl_list_remove(&view->link) point to invalid address

[zou lan]

Hi Pekka & all

When I run some full screen applications under desktop shell,  then kill
some applications randomly, I find
crashes maybe happened sometimes.

Crash call stack:
weston_view_destroy-->weston_view_unmap-->wl_list_reomve(&view->link).
The view is black view.


Then I debug code, find that shell.c  lower_fullscreen_layer function only
delete the layer of black view from layer_list, but not handle the
&view.link.
lower_fullscreen_layer()
{
.....
    /* Hide the black view */

weston_layer_entry_remove(&shsurf->fullscreen.black_view->layer_link);

wl_list_init(&shsurf->fullscreen.black_view->layer_link.link);

weston_view_damage_below(shsurf->fullscreen.black_view);

}

The code will be called when start second full screen application.

when weston build view list again, the first surface's black view is not in
the view list, the list &view.link maybe point some invalid address.

I think ivi shell will have the same problems too.  I have a temporary
patch to resolve this problem. I want to discuss it in the community.

option 1
--- a/libweston/compositor.c
+++ b/libweston/compositor.c
@@ -2195,7 +2195,7 @@ view_list_add(struct weston_compositor *compositor,
        struct weston_subsurface *sub;

        weston_view_update_transform(view);
-
+       wl_list_remove(&view.link);

option 2:
--- a/desktop-shell/shell.c
+++ b/desktop-shell/shell.c
@@ -3651,6 +3651,7 @@ lower_fullscreen_layer(struct desktop_shell *shell,

weston_layer_entry_remove(&shsurf->fullscreen.black_view->layer_link);

wl_list_init(&shsurf->fullscreen.black_view->layer_link.link);

weston_view_damage_below(shsurf->fullscreen.black_view);
+
 wl_list_remove(&shsurf->fullscreen.black_view->link);

                }

Do you think these options reasonable? Thank you.

Best Regards
Nancy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/wayland-devel/attachments/20180329/caea7475/attachment-0001.html>