From c507727ad240b978c6e09e3aa9238080ca9a1c81 Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Mon, 2 Apr 2018 11:53:56 -0400 Subject: [PATCH] Fix use-after-free with block hotspots --- common/pango.c | 9 ++++++++- sway/tree/layout.c | 4 ++-- swaybar/i3bar.c | 4 +--- swaybar/render.c | 5 +++-- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/common/pango.c b/common/pango.c index 2ae7883c..658d2876 100644 --- a/common/pango.c +++ b/common/pango.c @@ -6,6 +6,7 @@ #include #include #include +#include "log.h" PangoLayout *get_pango_layout(cairo_t *cairo, const char *font, const char *text, int32_t scale, bool markup) { @@ -13,7 +14,13 @@ PangoLayout *get_pango_layout(cairo_t *cairo, const char *font, PangoAttrList *attrs; if (markup) { char *buf; - pango_parse_markup(text, -1, 0, &attrs, &buf, NULL, NULL); + GError *error = NULL; + if (!sway_assert(pango_parse_markup( + text, -1, 0, &attrs, &buf, NULL, &error), + "pango_parse_markup '%s' -> error %s", text, + error ? error->message : NULL)) { + return NULL; + } pango_layout_set_markup(layout, buf, -1); free(buf); } else { diff --git a/sway/tree/layout.c b/sway/tree/layout.c index ce0682dc..e8363660 100644 --- a/sway/tree/layout.c +++ b/sway/tree/layout.c @@ -248,8 +248,8 @@ void arrange_windows(struct sway_container *container, struct wlr_box *area = &output->sway_output->usable_area; wlr_log(L_DEBUG, "Usable area for ws: %dx%d@%d,%d", area->width, area->height, area->x, area->y); - container->width = area->width; - container->height = area->height; + container->width = width = area->width; + container->height = height = area->height; container->x = x = area->x; container->y = y = area->y; wlr_log(L_DEBUG, "Arranging workspace '%s' at %f, %f", diff --git a/swaybar/i3bar.c b/swaybar/i3bar.c index 5e98c4aa..46459e24 100644 --- a/swaybar/i3bar.c +++ b/swaybar/i3bar.c @@ -30,9 +30,7 @@ static bool i3bar_parse_json(struct status_line *status, const char *text) { status_error(status, "[failed to parse i3bar json]"); return false; } - if (json_object_array_length(results) < 1) { - return true; - } + wlr_log(L_DEBUG, "Got i3bar json: '%s'", text); for (size_t i = 0; i < json_object_array_length(results); ++i) { json_object *full_text, *short_text, *color, *min_width, *align, *urgent; json_object *name, *instance, *separator, *separator_block_width; diff --git a/swaybar/render.c b/swaybar/render.c index a5039a2e..a62e1d01 100644 --- a/swaybar/render.c +++ b/swaybar/render.c @@ -153,7 +153,7 @@ static uint32_t render_status_block(cairo_t *cairo, hotspot->width = width; hotspot->height = height; hotspot->callback = block_hotspot_callback; - hotspot->destroy = free; + hotspot->destroy = NULL; hotspot->data = block; wl_list_insert(&output->hotspots, &hotspot->link); @@ -227,9 +227,9 @@ static uint32_t render_status_line_i3bar(cairo_t *cairo, struct swaybar_config *config, struct swaybar_output *output, struct status_line *status, bool focused, double *x, uint32_t width, uint32_t height) { - struct i3bar_block *block; uint32_t max_height = 0; bool edge = true; + struct i3bar_block *block; wl_list_for_each_reverse(block, &status->blocks, link) { uint32_t h = render_status_block(cairo, config, output, block, x, height, focused, edge); @@ -376,6 +376,7 @@ static uint32_t render_workspace_button(cairo_t *cairo, static uint32_t render_to_cairo(cairo_t *cairo, struct swaybar *bar, struct swaybar_output *output) { struct swaybar_config *config = bar->config; + wlr_log(L_DEBUG, "output %p", output); cairo_set_operator(cairo, CAIRO_OPERATOR_SOURCE); if (output->focused) {