mirrors/weston
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f722dc6f08
weston/libweston
History
Marius Vlad f722dc6f08 compositor: Prevent an invalid access against content protection 
Avoids an user-after-free when destroying the surface, like in the
following ASAN message:

==25180==ERROR: AddressSanitizer: heap-use-after-free on address 0x6060000589d8 at pc 0x7ff70a4f7102 bp 0x7fff8f7e13b0 sp 0x7fff8f7e13a8
READ of size 8 at 0x6060000589d8 thread T0
    #0 0x7ff70a4f7101 in weston_schedule_surface_protection_update ../libweston/compositor.c:1163
    #1 0x7ff70a4f743b in weston_surface_update_output_mask ../libweston/compositor.c:1212
    #2 0x7ff70a4f7a47 in weston_surface_assign_output ../libweston/compositor.c:1298
    #3 0x7ff70a4f7f44 in weston_view_assign_output ../libweston/compositor.c:1348
    #4 0x7ff70a4fa12f in weston_view_update_transform ../libweston/compositor.c:1589
    #5 0x7ff70a4ffc20 in view_list_add ../libweston/compositor.c:2657
    #6 0x7ff70a5000ee in weston_compositor_build_view_list ../libweston/compositor.c:2688
    #7 0x7ff70a4fd577 in weston_view_destroy ../libweston/compositor.c:2202
    #8 0x7ff70a4fd7df in weston_surface_destroy ../libweston/compositor.c:2239
    #9 0x7ff70a4fdbb0 in destroy_surface ../libweston/compositor.c:2285
    #10 0x7ff70a4a2d3e in destroy_resource ../src/wayland-server.c:723
    #11 0x7ff70a4a8940 in for_each_helper ../src/wayland-util.c:372
    #12 0x7ff70a4a8e1f in wl_map_for_each ../src/wayland-util.c:385
    #13 0x7ff70a4a3748 in wl_client_destroy ../src/wayland-server.c:882
    #14 0x7ff6fe04e866 in shell_destroy ../desktop-shell/shell.c:5004
    #15 0x7ff70a4ee923 in wl_signal_emit /home/mvlad/install-amd64/include/wayland-server-core.h:481
    #16 0x7ff70a51598d in weston_compositor_destroy ../libweston/compositor.c:7903
    #17 0x7ff70a903a58 in wet_main ../compositor/main.c:3493
    #18 0x560de7b3b179 in main ../compositor/executable.c:33
    #19 0x7ff70a73ecc9 in __libc_start_main ../csu/libc-start.c:308
    #20 0x560de7b3b099 in _start (/home/mvlad/install-amd64/bin/weston+0x1099)

0x6060000589d8 is located 56 bytes inside of 64-byte region [0x6060000589a0,0x6060000589e0)
freed by thread T0 here:
    #0 0x7ff70a9d3b6f in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.6+0xa9b6f)
    #1 0x7ff70a5167d2 in cp_destroy_listener ../libweston/content-protection.c:193
    #2 0x7ff70a4ee923 in wl_signal_emit /home/mvlad/install-amd64/include/wayland-server-core.h:481
    #3 0x7ff70a51598d in weston_compositor_destroy ../libweston/compositor.c:7903
    #4 0x7ff70a903a58 in wet_main ../compositor/main.c:3493
    #5 0x560de7b3b179 in main ../compositor/executable.c:33
    #6 0x7ff70a73ecc9 in __libc_start_main ../csu/libc-start.c:308

previously allocated by thread T0 here:
    #0 0x7ff70a9d4037 in calloc (/usr/lib/x86_64-linux-gnu/libasan.so.6+0xaa037)
    #1 0x7ff70a5160aa in zalloc ../include/libweston/zalloc.h:38
    #2 0x7ff70a516cda in weston_compositor_enable_content_protection ../libweston/content-protection.c:329
    #3 0x7ff7070247e0 in drm_backend_create ../libweston/backend-drm/drm.c:3180
    #4 0x7ff707024cae in weston_backend_init ../libweston/backend-drm/drm.c:3250
    #5 0x7ff70a515d02 in weston_compositor_load_backend ../libweston/compositor.c:7999
    #6 0x7ff70a8fbcfb in load_drm_backend ../compositor/main.c:2614
    #7 0x7ff70a900b46 in load_backend ../compositor/main.c:3103
    #8 0x7ff70a902ecd in wet_main ../compositor/main.c:3380
    #9 0x560de7b3b179 in main ../compositor/executable.c:33
    #10 0x7ff70a73ecc9 in __libc_start_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: heap-use-after-free ../libweston/compositor.c:1163 in weston_schedule_surface_protection_update

Signed-off-by: Marius Vlad <marius.vlad@collabora.com>
2021-05-12 17:51:49 +03:00
..
backend-drm drm-backend: require DRM_CAP_TIMESTAMP_MONOTONIC 2021-05-11 09:07:46 +00:00
backend-fbdev pixman-renderer: Replace output-create flags with struct 2020-03-20 15:25:24 +00:00
backend-headless Add weston-drm-fourcc.h 2021-02-25 14:35:03 +02:00
backend-rdp backend-rdp: release seat on peer disconnect 2020-10-16 12:11:27 +00:00
backend-wayland backend-wayland: Avoid spinning forever if dispatching failed 2021-05-10 12:01:46 +00:00
backend-x11 Add weston-drm-fourcc.h 2021-02-25 14:35:03 +02:00
renderer-gl shared/helpers: use ARRAY_COPY where possible 2021-04-28 12:17:24 -03:00
animation.c libweston: add missing include 2020-01-29 09:49:41 +00:00
backend.h pixman-renderer: share region_global_to_output() 2021-02-25 13:16:02 +02:00
bindings.c libweston: add missing include 2020-01-29 09:49:41 +00:00
clipboard.c libweston: add missing include 2020-01-29 09:49:41 +00:00
compositor.c libweston: choose only monotonic software presentation clocks 2021-05-11 09:07:46 +00:00
content-protection.c compositor: Prevent an invalid access against content protection 2021-05-12 17:51:49 +03:00
data-device.c libweston: constify data_source_interface 2020-10-21 14:18:30 +03:00
dbus.c dbus: Don't return value from void function 2019-06-11 11:31:04 +01:00
dbus.h Rename compositor.h to libweston/libweston.h 2019-04-18 12:31:46 +03:00
drm-formats.c libweston: add struct weston_drm_format 2021-04-27 19:56:38 +00:00
git-version.h.meson Add Meson build system 2018-12-09 14:50:54 +02:00
input.c libweston: Send wl_keyboard.modifiers after wl_keyboard.enter 2020-07-09 17:47:11 +03:00
launcher-direct.c launcher-direct: handle seat0 without VTs 2021-01-21 09:02:26 +00:00
launcher-impl.h libweston/launcher: libseat backend 2021-04-14 09:22:17 +00:00
launcher-libseat.c libweston/launcher: libseat backend 2021-04-14 09:22:17 +00:00
launcher-logind.c libweston/launcher: Allow VT switch without get_vt 2021-04-14 09:22:17 +00:00
launcher-util.c libweston/launcher: Allow VT switch without get_vt 2021-04-14 09:22:17 +00:00
launcher-util.h Rename compositor.h to libweston/libweston.h 2019-04-18 12:31:46 +03:00
launcher-weston-launch.c launcher: remove unused field 2021-04-12 08:03:42 -06:00
libinput-device.c libweston/libinput-device: Enable/Set pointer capabilities only on pointer movement 2020-12-08 17:54:55 +02:00
libinput-device.h Rename compositor.h to libweston/libweston.h 2019-04-18 12:31:46 +03:00
libinput-seat.c libweston: Remove internal weston-log set-up function out of public header 2019-07-18 13:34:04 +03:00
libinput-seat.h Rename compositor.h to libweston/libweston.h 2019-04-18 12:31:46 +03:00
libweston-internal.h libweston: add struct weston_drm_format 2021-04-27 19:56:38 +00:00
linux-dmabuf.c gl-renderer: do not expose query_dmabuf_formats and query_dmabuf_modifiers 2021-04-27 19:56:38 +00:00
linux-dmabuf.h drop MOD_INVALID, MOD_LINEAR definitions 2021-02-25 14:35:03 +02:00
linux-explicit-synchronization.c libweston: Advertise minor version 2 of zwp_linux_explicit_synchronization_v1 2019-08-02 15:00:08 +00:00
linux-explicit-synchronization.h libweston: Support zwp_surface_synchronization_v1.set_acquire_fence 2019-02-06 12:21:56 +00:00
linux-sync-file-uapi.h libweston: Introduce an internal linux sync file API 2019-02-06 12:21:56 +00:00
linux-sync-file.c libweston: export weston_linux_sync_file_read_timestamp() 2019-04-18 12:50:55 +03:00
linux-sync-file.h libweston: export weston_linux_sync_file_read_timestamp() 2019-04-18 12:50:55 +03:00
log.c libweston: add missing include 2020-01-29 09:49:41 +00:00
meson.build libweston: add struct weston_drm_format 2021-04-27 19:56:38 +00:00
noop-renderer.c libweston: add missing include 2020-01-29 09:49:41 +00:00
pixel-formats.c libweston: fix #ifdef ENABLE_EGL 2021-03-12 16:14:28 +02:00
pixel-formats.h pixel-formats: add RGBA bits and type fields 2019-10-04 12:17:18 +03:00
pixman-renderer.c pixman-renderer: share region_global_to_output() 2021-02-25 13:16:02 +02:00
pixman-renderer.h pixman-renderer: Replace output-create flags with struct 2020-03-20 15:25:24 +00:00
plugin-registry.c Rename plugin-registry.h to libweston/plugin-registry.h 2019-04-18 12:31:46 +03:00
screenshooter.c libweston: do not damage on screenshot 2021-02-25 12:47:07 +02:00
spring-tool.c Rename compositor.h to libweston/libweston.h 2019-04-18 12:31:46 +03:00
timeline.c libweston: fix typos 2021-02-24 10:01:17 -05:00
timeline.h libweston: move TYPEVERIFY macro into shared 2021-02-17 12:52:33 +00:00
touch-calibration.c libweston: don't clean up surface role 2020-06-12 09:23:11 +00:00
vertex-clipping.c Rename src/ to libweston/ 2016-06-23 17:44:54 +03:00
vertex-clipping.h Rename src/ to libweston/ 2016-06-23 17:44:54 +03:00
weston-direct-display.c libweston: Add weston-direct-display server side implementation 2019-11-18 19:33:09 +02:00
weston-launch.c launcher: fix socket message race condition 2021-04-10 22:29:30 +00:00
weston-launch.h launcher: fix socket message race condition 2021-04-10 22:29:30 +00:00
weston-log-file.c weston-log: destroy subscriptions with destruction of subscribers 2020-02-10 10:53:50 +00:00
weston-log-flight-rec.c weston-log: destroy subscriptions with destruction of subscribers 2020-02-10 10:53:50 +00:00
weston-log-internal.h weston-log-wayland: make stream_destroy() use weston_log_subscriber_release() 2020-02-10 10:53:50 +00:00
weston-log-wayland.c weston-log-wayland: make stream_destroy() use weston_log_subscriber_release() 2020-02-10 10:53:50 +00:00
weston-log.c libweston: fix typos 2021-02-24 10:01:17 -05:00
zoom.c libweston: Add functions to modify disable_planes counter for an output 2019-08-26 16:18:22 +05:30