frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
xserver/hw
History
Olivier Fourdan 9617de733b xwayland: Cancel the EI disconnect timer when freed 
Xwayland maintains a connection to EI up for 10 minutes after an X11
client has vanished, to avoid going through the connection phase every
time a short lived X11 client comes and goes.

However, if the EI client gets freed (through some other event, e.g. the
user decides to terminate the EI session), Xwayland would still keep the
callback alive and end up trying to free an already freed EI client:

 Invalid read of size 4
    at 0x4C5E6F9: object_unref (util-object.h:89)
    by 0x4C5E6F9: ei_unref (libei.c:77)
    by 0x429525: free_ei (xwayland-xtest.c:224)
    by 0x429A6E: disconnect_timer_cb (xwayland-xtest.c:404)
    by 0x5E63FF: DoTimer (WaitFor.c:276)
    by 0x5E6463: DoTimers (WaitFor.c:290)
    by 0x5E6164: check_timers (WaitFor.c:133)
    by 0x5E61E9: WaitForSomething (WaitFor.c:195)
    by 0x4AD50E: Dispatch (dispatch.c:487)
    by 0x4BBA0B: dix_main (main.c:272)
    by 0x43615D: main (stubmain.c:34)
  Address 0x15cc6ee8 is 8 bytes inside a block of size 240 free'd
    at 0x48452AC: free (vg_replace_malloc.c:974)
    by 0x4C5E729: object_destroy (util-object.h:73)
    by 0x4C5E729: object_unref (util-object.h:91)
    by 0x4C5E729: ei_unref (libei.c:77)
    by 0x429525: free_ei (xwayland-xtest.c:224)
    by 0x42A946: xwl_handle_ei_event (xwayland-xtest.c:804)
    by 0x5EA977: HandleNotifyFd (connection.c:809)
    by 0x5EE8E3: ospoll_wait (ospoll.c:657)
    by 0x5E624D: WaitForSomething (WaitFor.c:208)
    by 0x4AD50E: Dispatch (dispatch.c:487)
    by 0x4BBA0B: dix_main (main.c:272)
    by 0x43615D: main (stubmain.c:34)
  Block was alloc'd at
    at 0x484782C: calloc (vg_replace_malloc.c:1554)
    by 0x4C5E777: ei_create (libei.c:73)
    by 0x4C5E777: ei_create_context (libei.c:97)
    by 0x42994B: setup_ei (xwayland-xtest.c:366)
    by 0x42A383: xwayland_xtest_send_events (xwayland-xtest.c:658)
    by 0x54ED4C: ProcXTestFakeInput (xtest.c:441)
    by 0x54EE56: ProcXTestDispatch (xtest.c:475)
    by 0x4AD6E6: Dispatch (dispatch.c:546)
    by 0x4BBA0B: dix_main (main.c:272)
    by 0x43615D: main (stubmain.c:34)

To avoid that issue, make sure to cancel the timer as soon as a EI
client is freed.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
See-also: https://bugzilla.redhat.com/2243076
 		2023-10-11 11:05:08 +02:00
..
kdrive Xephyr: fix tiny memleak in KdParseKeyboard(). 2023-05-12 18:30:24 +09:00
vfb Remove autotools support 2021-10-27 13:15:40 +03:00
xfree86 logind: call SetType on the logind session 2023-06-12 22:48:03 +00:00
xnest Replace "the the" with a single "the" in docs & comments 2022-03-31 13:27:57 -07:00
xquartz xquartz: Disable COMPOSITE at runtime 2023-01-17 15:17:45 -08:00
xwayland xwayland: Cancel the EI disconnect timer when freed 2023-10-11 11:05:08 +02:00
xwin gen_gl_wrappers: remove unused imports 2022-04-02 18:06:30 +00:00
meson.build Drop DMX DDX 2021-09-07 09:34:31 +00:00