| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Typos found with codespell and during code audit.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using fixed size connection buffers, if either the client or the
server is sending requests faster than the other end can cope with, the
connection buffers will fill up, eventually killing the connection.
This can be a problem for example with Xwayland mapping a lot of
windows, faster than the Wayland compositor can cope with, or a
high-rate mouse flooding the Wayland client with pointer events.
To avoid the issue, resize the connection buffers dynamically when they
get full.
Both data and fd buffers are resized on demand.
The default max buffer size is controlled via the wl_display interface
while each client's connection buffer size is adjustable for finer
control.
The purpose is to explicitly have larger connection buffers for specific
clients such as Xwayland, or set a larger buffer size for the client
with pointer focus to deal with a higher input events rate.
v0: Manuel:
Dynamically resize connection buffers - Both data and fd buffers are
resized on demand.
v1: Olivier
1. Add support for unbounded buffers on the client side and growable
(yet limited) connection buffers on the server side.
2. Add the API to set the default maximum size and a limit for a given
client.
3. Add tests for growable connection buffers and adjustable limits.
v2: Additional fixes by John:
1. Fix the size calculation in ring_buffer_check_space()
2. Fix wl_connection_read() to return gracefully once it has read up to
the max buffer size, rather than returning an error.
3. If wl_connection_flush() fails with EAGAIN but the transmit
ring-buffer has space remaining (or can be expanded),
wl_connection_queue() should store the message rather than
returning an error.
4. When the receive ring-buffer is at capacity but more data is
available to be read, wl_connection_read() should attempt to
expand the ring-buffer in order to read the remaining data.
v3: Thomas Lukaszewicz <tluk@chromium.org>
Add a test for unbounded buffers
v4: Add a client API as well to force bounded buffers (unbounded
by default (Olivier)
v5: Simplify ring_buffer_ensure_space() (Sebastian)
Co-authored-by: Olivier Fourdan <ofourdan@redhat.com>
Co-authored-by: John Lindgren <john@jlindgren.net>
Co-authored-by: Sebastian Wick <sebastian@sebastianwick.net>
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Signed-off-by: John Lindgren <john@jlindgren.net>
Signed-off-by: Sebastian Wick <sebastian@sebastianwick.net>
Closes: https://gitlab.freedesktop.org/wayland/wayland/-/issues/237
|
| |
|
|
|
|
|
|
| |
The usefulness of this is limited, and `libwayland-client` doesn't
provide a way to pass a null `new_id` since the id is generated by the
library and given to the caller as the return value.
Signed-off-by: Ian Douglas Scott <idscott@system76.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Nullable arrays, which are not used anywhere, were marshalled the same
way as an empty non-null array. The demarshalling logic did not
recognize anything as a null array. Given this, it seems better to just
explicitly not support it.
Fixes https://gitlab.freedesktop.org/wayland/wayland/-/issues/306.
Signed-off-by: Ian Douglas Scott <idscott@system76.com>
|
| |
|
|
|
|
|
|
|
| |
The connection_demarshal test writes a 10 byte string into a wayland message,
but doesn't pad it out to a four byte boundary. This leads to the last 32-bit
word of the message being partially uninitialized, which triggers an msan
violation when the message is written to the socket.
Signed-off-by: Fergus Dall <sidereal@google.com>
|
| |
|
|
|
|
|
|
| |
Currently a null string passed into a non-nullable argument of a message
will decode succesfully, probably resulting in the handler function
crashing. Instead treat it the same way we do non-nullable objects and ids.
Signed-off-by: Fergus Dall <sidereal@google.com>
|
| |
|
|
|
|
|
|
|
|
| |
In these tests, message sizes are inconsistently encoded in either the upper
or lower 16 bits of the second word of the message. Resolve this in favour
of using the upper 16 bits, as this is how messages are supposed to be
encoded, even though that aspect of message decoding isn't being tested
here.
Signed-off-by: Fergus Dall <sidereal@google.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The size argument to wl_connection_demarshal() is taken from the message by the
caller wl_client_connection_data(), therefore 'size' is untrusted data
controllable by a Wayland client. The size should always be at least the header
size, otherwise the header is invalid.
If the size is smaller than header size, it leads to reading past the end of
allocated memory. Furthermore if size is zero, wl_closure_init() changes
behaviour and leaves num_arrays uninitialized, leading to access of arbitrary
memory.
Check that 'size' fits at least the header. The space for arguments is already
properly checked.
This makes the request_bogus_size test free of errors under Valgrind.
Fixes: https://gitlab.freedesktop.org/wayland/wayland/issues/52
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Reviewed-by: Simon Ser <contact@emersion.fr>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This attempts to reproduce the error conditions from
https://gitlab.freedesktop.org/wayland/wayland/issues/52 and make it crash.
While the crash was repeatable in my tests, it depends on garbage on stack
leading to access of invalid memory, which is not guaranteed.
This is a FAIL_TEST, so that the following fix commit can be verified.
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Reviewed-by: Simon Ser <contact@emersion.fr>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Attempting to demarshal message with array or string longer than its
body should return failure. Handling the length correctly is tricky when
it gets to near-UINT32_MAX values. Unexpected overflows can cause
crashes and other security issues.
These tests verify that demarshalling such message gives failure instead
of crash.
v2: Added consts, serialized opcode and size properly, updated style.
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Acked-by: Derek Foreman <derek.foreman.samsung@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Eric Engestrom <eric.engestrom@imgtec.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
New IDs are internally dealt with as objects, however this test
expected to deal with 'n' as the uint32_t type that's just seen
through the wire. We should give it an object instead, and
expect an object from it.
https://bugs.freedesktop.org/show_bug.cgi?id=99899
Signed-off-by: Carlos Garnacho <carlosg@gnome.org>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Tested-by: Kalev Lember <kalevlember@gmail.com>
Reviewed-by: Yong Bakos <ybakos@humanoriented.com>
|
| |
|
|
|
|
|
|
| |
connection-test.c did not cover wl_argument_from_va_list, so add one
test that specifically tests this method.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
|
| |
|
|
|
|
|
|
|
|
| |
Some headers and source files have been using types such as uint32_t
without explicitly including stdint.h.
Explicitly include stdint.h where appropriate.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Change the API to pass an "void *" argument to the client main
function, allowing the caller to call the same main function with
different input.
A helper (client_create_noarg) is added for when no argument is passed,
and the existing test cases are changed to use this function instead.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
|
| |
|
|
|
| |
Signed-off-by: Bryce Harrington <bryce@osg.samsung.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
|
| |
|
|
|
| |
Remove trailing whitespaces because they are not needed and jumping to
the end of al ine should do just that and not jump to the whitespace.
|
| |
|
|
|
|
|
| |
When we destroy closure, we are leaking memory sometimes.
Signed-off-by: Marek Chalupa <mchqwerty@gmail.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Calling close() on the same file descriptor that a previous call to
close() already closed is wrong, and racy if another thread received
that same file descriptor as a eg. new socket or actual file.
There are two situations where wl_connection_destroy() would close its
file descriptor and then another function up in the call chain would
close the same file descriptor:
* When wl_client_create() fails after calling wl_connection_create(),
it will call wl_connection_destroy() before returning. However, its
caller will always close the file descriptor if wl_client_create()
fails.
* wl_display_disconnect() unconditionally closes the display file
descriptor and also calls wl_connection_destroy().
So these two seem to expect wl_connection_destroy() to leave the file
descriptor open. The other caller of wl_connection_destroy(),
wl_client_destroy(), does however expect wl_connection_destroy() to
close its file descriptor, alas.
This patch changes wl_connection_destroy() to indulge this majority of
two callers by simply not closing the file descriptor. For the benefit
of wl_client_destroy(), wl_connection_destroy() then returns the
unclosed file descriptor so that wl_client_destroy() can close it
itself.
Since wl_connection_destroy() is a private function called from few
places, changing its semantics seemed like the more expedient way to
address the double-close() problem than shuffling around the logic in
wl_client_create() to somehow enable it to always avoid calling
wl_connection_destroy().
Signed-off-by: Benjamin Herr <ben@0x539.de>
Reviewed-by: Marek Chalupa <mchqwerty@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
|
| |
|
|
| |
Signed-off-by: U. Artie Eoff <ullysses.a.eoff@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
If a message was too big to fit in the connection buffer, the code
in wl_buffer_put would just write past the end of it.
I haven't seen any real world use case that would trigger this bug, but
it was possible to trigger it by sending a long enough string to the
wl_data_source.offer request.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=69267
|
| |
|
|
| |
Signed-off-by: U. Artie Eoff <ullysses.a.eoff@intel.com>
|
| | |
|
| |
|
|
| |
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a flags parameter to wl_closure_invoke(). The so far
added flags are ment to specify if the invokation is client side or
server side. When on the server side, closure arguments of type 'new_id'
should be invoked as a integer id while on the client side they should
be invoked as a pointer to a proxy object.
This fixes a bug happening when the address of a client side 'new_id'
proxy object did not fit in a 32 bit integer.
krh: Squashed test suite compile fix from Jason Ekstrand.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This is libwayland, not weston, so call the temporary files
wayland-tests-*, not weston-tests-*.
This is a candidate for the stable branch.
Signed-off-by: Pekka Paalanen <ppaalanen@gmail.com>
|
| |
|
|
| |
Signed-off-by: Sven Joachim <svenjoac@gmx.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The update callback for the file descriptors was always a bit awkward and
un-intuitive. The idea was that whenever the protocol code needed to
write data to the fd it would call the 'update' function. This function
would adjust the mainloop so that it polls for POLLOUT on the fd so we
can eventually flush the data to the socket.
The problem is that in multi-threaded applications, any thread can issue
a request, which writes data to the output buffer and thus triggers the
update callback. Thus, we'll be calling out with the display mutex
held and may call from any thread.
The solution is to eliminate the udpate callback and just require that
the application or server flushes all connection buffers before blocking.
This turns out to be a simpler API, although we now require clients to
deal with EAGAIN and non-blocking writes. It also saves a few syscalls,
since the socket will be writable most of the time and most writes will
complete, so we avoid changing epoll to poll for POLLOUT, then write and
then change it back for each write.
|
| |
|
|
|
|
|
| |
Use unsigned rather than signed for IDs, so they match up with what we
see in other prints.
Signed-off-by: Daniel Stone <daniel@fooishbar.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Most of the time it does not make sense to pass a NULL object, string, or array
to a protocol request. This commit adds an explicit “allow-null” attribute
to mark the request arguments where NULL makes sense.
Passing a NULL object, string, or array to a protocol request which is not
marked as allow-null is now an error. An implementation will never receive
a NULL value for these arguments from a client.
Signed-off-by: Christopher James Halse Rogers <christopher.halse.rogers@canonical.com>
|
| |
|
|
|
|
|
|
|
|
| |
It was failing with missing include files.
While here, destroy the ugly "../src/..." include
paths used in the tests that was just hacking around
this problem in the Makefile:
sed -i s/..\\/src\\/// tests/*.c
|
| | |
|
| |
|
|
|
|
|
|
|
| |
'fixed' is a signed decimal type which offers a sign bit, 23 bits of
integer precision, and 8 bits of decimal precision. This is exposed as
an opaque struct with conversion helpers to and from double and int on
the C API side.
Signed-off-by: Daniel Stone <daniel@fooishbar.org>
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
This catches the bug fixed in cab70c9e5d8c38260a07bb1ddb7618826a120465.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
The connection tests so far only use one connection at a time, but this
prepares for tests that use a connection on both sides of the socket.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
