remove view from its own unmap event listener so when subsurfaces
link try to remove themselves they won't run into it.
This fixes the following ASAN use-after-free error on a build slightly
modified to instrument wl_list operations:
==71705==ERROR: AddressSanitizer: heap-use-after-free on address 0x6160000829a0 at pc 0x000000508eb7 bp 0x7ffec8fd8030 sp 0x7ffec8fd8028
WRITE of size 8 at 0x6160000829a0 thread T0
#0 0x508eb6 in wl_list_remove ../common/list.c:181
#1 0x4f4998 in view_child_destroy ../sway/tree/view.c:1131
#2 0x4f38fa in subsurface_handle_destroy ../sway/tree/view.c:946
#3 0x7fda50744892 in wlr_signal_emit_safe ../util/signal.c:29
#4 0x7fda5072f0dd in subsurface_destroy ../types/wlr_surface.c:649
#5 0x7fda507312c4 in subsurface_handle_surface_destroy ../types/wlr_surface.c:1094
#6 0x7fda50744892 in wlr_signal_emit_safe ../util/signal.c:29
#7 0x7fda5072f305 in surface_handle_resource_destroy ../types/wlr_surface.c:677
#8 0x7fda508180ce in destroy_resource (/lib64/libwayland-server.so.0+0xc0ce)
#9 0x7fda508187f2 in wl_client_destroy (/lib64/libwayland-server.so.0+0xc7f2)
#10 0x7fda50818e5f in wl_client_connection_data (/lib64/libwayland-server.so.0+0xce5f)
#11 0x7fda50818219 in wl_event_loop_dispatch (/lib64/libwayland-server.so.0+0xc219)
#12 0x7fda50818984 in wl_display_run (/lib64/libwayland-server.so.0+0xc984)
#13 0x43122c in server_run ../sway/server.c:254
#14 0x42f47c in main ../sway/main.c:433
#15 0x7fda503cab74 in __libc_start_main (/lib64/libc.so.6+0x27b74)
#16 0x40f6fd in _start (/opt/wayland/bin/sway+0x40f6fd)
0x6160000829a0 is located 288 bytes inside of 592-byte region [0x616000082880,0x616000082ad0)
freed by thread T0 here:
#0 0x7fda50f01a27 in free (/lib64/libasan.so.6+0xaea27)
#1 0x4532d8 in destroy ../sway/desktop/xdg_shell.c:262
#2 0x4ed17b in view_destroy ../sway/tree/view.c:67
#3 0x4ed300 in view_begin_destroy ../sway/tree/view.c:83
#4 0x454a3f in handle_destroy ../sway/desktop/xdg_shell.c:507
#5 0x7fda50744892 in wlr_signal_emit_safe ../util/signal.c:29
#6 0x7fda506e2c87 in reset_xdg_surface ../types/xdg_shell/wlr_xdg_surface.c:481
#7 0x7fda506e3018 in destroy_xdg_surface ../types/xdg_shell/wlr_xdg_surface.c:516
#8 0x7fda506dfbe5 in xdg_client_handle_resource_destroy ../types/xdg_shell/wlr_xdg_shell.c:71
#9 0x7fda508180ce in destroy_resource (/lib64/libwayland-server.so.0+0xc0ce)
previously allocated by thread T0 here:
#0 0x7fda50f01ed7 in calloc (/lib64/libasan.so.6+0xaeed7)
#1 0x454bc8 in handle_xdg_shell_surface ../sway/desktop/xdg_shell.c:528
#2 0x7fda50744892 in wlr_signal_emit_safe ../util/signal.c:29
#3 0x7fda506e2363 in handle_xdg_surface_commit ../types/xdg_shell/wlr_xdg_surface.c:378
#4 0x7fda5072e368 in surface_commit_state ../types/wlr_surface.c:455
#5 0x7fda5072e51d in surface_commit_pending ../types/wlr_surface.c:474
#6 0x7fda5072ea58 in surface_commit ../types/wlr_surface.c:542
#7 0x7fda4fb3ac03 in ffi_call_unix64 (/lib64/libffi.so.6+0x6c03)
Fixes#5168
If any error is encountered during execution of the first subcommand of
a freshly created bar configuration, parsing apparently is to be aborted
and the current bar config is freed. The pointer to that memory is left
dangling though, leading to a use-after-free on successive bar
subcommands. This quite reliably ends in a crash like so:
sway -c reproducer.config
00:00:00.083 [sway/config.c:865] Error on line 2 'foo bar': Unknown/invalid command 'foo' (s)
free(): double free detected in tcache 2
00:00:00.608 [swaynag/swaynag.c:451] failed to register with the wayland display
Aborted (core dumped)
Minimal reproducer config:
bar {
foo bar
position top
}
Other messages:
malloc(): unaligned fastbin chunk detected
double free or corruption (fasttop)
The invalid command has to be the first for a newly created bar config.
Removing the command or switching order so it's not the first one masks
the problem.
Prevent this from occuring by resetting the pointer to NULL after
freeing the memory.
Signed-off-by: Michael Weiser <michael.weiser@gmx.de>
the original behavior set fullscreen for all descendents of a container,
which causes issues when firefox is one of those children because it
sends its own set_fullscreen request in response to being fullscreened.
Can be useful to make sure a bugfix is included. In the future maybe
the wlroots version string could include a commit hash when built
from source, too.
When a tiling container is floated, the focus stack needs to be
appropraitely modified to return the container to its original
position in the tree upon floating disable, like i3.
Logic that obtains current DPMS state is put inside the handler.
sway_output from which the current DPMS state will be obtained is selected by the following logic:
* For '-' and '--' the focused output is used;
* For '*' error "Cannot apply toggle to all outputs" is reported;
* For everything else all_output_by_name_or_id() is used.
Fixes#5929.
When an application inhibited idle, a view pointer was stored and a
destroy listener was registered to the wlr inhibitor. As the wlr
inhibitor lives longer than the view, this lead to a dangling view
pointer between view unmap and inhibitor destroy.
Store a pointer to the wlr inhibitor instead of to the view, and look up
the view when needed, which may at any point be NULL. This also allows
for an inhibitor to remain functional if a surface is re-mapped.
container_at checks if the position provided matches the currently
focused container with view_container_at as a fast path.
view_container_at checks using the main container geometry, which
includes the titlebar and border area. If a tabbed container is focused,
then positions over unfocused tabs are incorrectly reported as belonging
to the focused container, breaking focus on click.
Add view_container_content_at for use in the focused container fast path
which only tests container content area, and fall back to full workspace
scans for border and titlebar areas.
Closes: https://github.com/swaywm/sway/issues/6074
container_at would maintain the current focus as long as a position was
over one of the container view's surfaces. If an oversized surface was
being clipped, this lead to weird focus behavior.
Instead, use view_container_at for this test, which intersects the
container box before looking at surfaces.
If a surface is associated with a sway container, we limit the
destination box to the container dimensions.
Floating views and popups are exempt from this clipping.
Previously, the special case handling of scratchpad and unmark commands
was (probably accidentally) limited to criteria directly handled in the
execute_command function. This would exclude: 1. for_window criteria, as
these are handled externally for views and 2. and mouse bindings which
select target the node currently under the mouse cursor.
As a concrete example `for_window [app_id="foobar"] move scratchpad,
scratchpad show` would show (or hide due to the toggling functionality)
another window from the scratchpad, instead of showing the window with
app_id "foobar".
This commit replaces the "using_criteria" flag with "node_overridden"
with the more general notion of signifying that the node (and
container/workspace) in the current command handler context of the sway
config is not defined by the currently focused node, but instead
overridden by other means, i.e., criteria or mouse position.
When issuing a focus command on a specific container, users expect to
proceed it even if is hidden by a fullscreen window.
This matches the behavior of i3.
In e0a94bee8d, it was believed that if the
container is being rendered, it must have an output.
This turned out not to be the case. When rendering a container, all its
children are rendered, even if the children is positioned off screen and
thus not having any output. This is the cause of the crash in #6061.
This commit introduces a null-check, which fixes#6061.
Before this commit, when an output had its scale dynamically changed,
Sway would not load a cursor theme with the new scale. This results
in stale cursor images when moving the cursor into an area controlled
by the compositor, like the background or resize areas.
To reproduce:
- Using IPC, set an output scale to a value that isn't currently used
- Move the cursor into a compositor-controlled area
- The cursor will not change
As of 66343839b1, sway now uses a
libdrm header. Add this dependency to the build system so headers from
it can be used on systems where pkg-config is required to find them.
On server request, we need to send configure events to inform the client
of the new intended size. If the client changes size itself, sending a
configure event will only cause problems.
Use transaction_commit_dirty_client to distinguish between the two
transaction causes.
Currently, various floating-point expressions involving
the coordinates of borders, titlebars and content surfaces
are directly assigned to integers, and so they are rounded
towards zero.
This results in off-by-one distances between these elements
when the signs of their coordinates differ.
Fixed by wrapping these expressions with a call to
floor before the assignment.
view_child_init was calling view_init_subsurfaces, which did not set the
parent attribute for the subchildren. This lead to the subchildren
acting as standalone children. If the parent was an xdg_popup, this
would make the subchild unaware of the popup position.
Introduce view_child_init_subsurfaces for view_child_init to use
instead.
Closes: https://github.com/swaywm/sway/issues/6038
The subchildren lose their parent association at this point, so they
will not be able to see that the parent is unmapped.
Instead, just set the subchildren to be unmapped directly.
When a container straddles multiple outputs, the title bar is only rendered
at the scale of the "effective" output. If the title bar straddles onto
another output with a different scale factor, it was drawn at the wrong size.
In this commit, we take into consideration the scale the title was rendered
at and scale it accordingly so that it appears at the right size on the other
outputs.
This fixes#6054.
To reproduce:
- Open a floating window and a popup that hangs over the bottom or right
- Move the window in the direction of the popup overhang
- The previous position of the popup is damaged, not the new one
Pending state is currently inlined directly in the container struct,
while the current state is in a state struct. A side-effect of this is
that it is not immediately obvious that pending double-buffered state is
accessed, nor is it obvious what state is double-buffered.
Instead, use the state struct for both current and pending.
Every seat_set_focus* should be followed by a transaction_commit_dirty.
In cases where the focus change is followed by a seatop_begin* this is
not needed, as transaction_commit_dirty is then called by the
seatop_begin* function.
Fixes#6034
The transaction system contains a necessary optimization where a popped
transaction is combined with later, similar transactions. This breaks
the chronological order of states, and can lead to desynchronized
geometries.
To fix this, we replace the queue with only 2 transactions: current and
pending. If a pending transaction exists, it is updated with new state
instead of creating additional transactions.
As we never have more than a single waiting transaction, we no longer
need the queue optimization that is causing problems.
Closes: https://github.com/swaywm/sway/issues/6012