wlroots/types
Dominique Martinet 954969698a wlr_primary_selection: fix use-after-free when cancelling source
seat->primary_election_source_destroy points to the source that just got
freed by the cancel.

==7843==ERROR: AddressSanitizer: heap-use-after-free on address 0x60b0004269b0 at pc 0x7fb95bf4ccd0 bp 0x7ffd75013940 s
p 0x7ffd75013930
WRITE of size 8 at 0x60b0004269b0 thread T0
    #0 0x7fb95bf4cccf in wl_list_remove ../util/signal.c:55
    #1 0x7fb95bf3f4c6 in wlr_seat_set_primary_selection ../types/wlr_primary_selection.c:238
    #2 0x7fb95becb1a7 in xwm_handle_selection_event ../xwayland/selection/selection.c:124
    #3 0x7fb95bed2e5d in x11_event_handler ../xwayland/xwm.c:1139
    #4 0x7fb95c1bdf01 in wl_event_loop_dispatch src/event-loop.c:641
    #5 0x7fb95c1bc601 in wl_display_run src/wayland-server.c:1260
    #6 0x40a2f4 in main ../sway/main.c:433
    #7 0x7fb95b69718a in __libc_start_main (/lib64/libc.so.6+0x2318a)
    #8 0x40b749 in _start (/opt/wayland/bin/sway+0x40b749)

0x60b0004269b0 is located 64 bytes inside of 112-byte region [0x60b000426970,0x60b0004269e0)
freed by thread T0 here:
    #0 0x7fb95e0ad880 in __interceptor_free (/lib64/libasan.so.5+0xee880)
    #1 0x7fb95bf3f49e in wlr_seat_set_primary_selection ../types/wlr_primary_selection.c:236
    #2 0x7fb95becb1a7 in xwm_handle_selection_event ../xwayland/selection/selection.c:124
    #3 0x7fb95bed2e5d in x11_event_handler ../xwayland/xwm.c:1139
    #4 0x7fb95c1bdf01 in wl_event_loop_dispatch src/event-loop.c:641

previously allocated by thread T0 here:
    #0 0x7fb95e0ade50 in calloc (/lib64/libasan.so.5+0xeee50)
    #1 0x7fb95bec7ad6 in xwm_selection_get_targets ../xwayland/selection/incoming.c:355
    #2 0x7fb95bec7ad6 in xwm_handle_selection_notify ../xwayland/selection/incoming.c:402
    #3 0x7fb95becb1a7 in xwm_handle_selection_event ../xwayland/selection/selection.c:124
    #4 0x7fb95bed2e5d in x11_event_handler ../xwayland/xwm.c:1139
    #5 0x7fb95c1bdf01 in wl_event_loop_dispatch src/event-loop.c:641

SUMMARY: AddressSanitizer: heap-use-after-free ../util/signal.c:55 in wl_list_remove
Shadow bytes around the buggy address:
  0x0c168007cce0: fd fd fd fa fa fa fa fa fa fa fa fa fd fd fd fd
  0x0c168007ccf0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa
  0x0c168007cd00: fa fa fd fd fd fd fd fd fd fd fd fd fd fd fd fa
  0x0c168007cd10: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c168007cd20: fd fd fd fd fd fa fa fa fa fa fa fa fa fa fd fd
=>0x0c168007cd30: fd fd fd fd fd fd[fd]fd fd fd fd fd fa fa fa fa
  0x0c168007cd40: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c168007cd50: fd fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd
  0x0c168007cd60: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
  0x0c168007cd70: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
  0x0c168007cd80: fa fa fa fa fa fa fd fd fd fd fd fd fd fd fd fd
2018-06-25 17:28:44 +09:00
..
data_device update drag position at the right times 2018-06-05 23:45:03 -04:00
seat seat: allow clients to bind to seat multiple times 2018-06-04 22:31:36 +09:00
xdg_shell xdg-shell: end pointer and keyboard grab at the same time 2018-06-24 18:50:04 -04:00
xdg_shell_v6 xdg-shell: end pointer and keyboard grab at the same time 2018-06-24 18:50:04 -04:00
meson.build Merge branch 'master' into screencontent 2018-06-17 14:49:18 +01:00
wlr_box.c box: fix wlr_box_intersection 2018-06-06 08:47:04 +01:00
wlr_buffer.c buffer: fix wlr_texture leak on failed alloc 2018-06-16 19:01:13 +01:00
wlr_compositor.c compositor, surface: correctly destroy resources 2018-05-03 18:45:30 +01:00
wlr_cursor.c cleanup: Use void for zero-parameter functions 2018-05-30 20:19:16 -04:00
wlr_export_dmabuf_v1.c export-dmabuf: update protocol 2018-06-17 14:19:45 +01:00
wlr_gamma_control.c Revert "ELF Visibility" 2018-02-19 18:01:27 -05:00
wlr_idle_inhibit_v1.c Don't use the wlr_ prefix for static functions 2018-04-25 23:51:00 +01:00
wlr_idle.c move activity_notify into events in wlr_idle 2018-02-22 21:14:28 +01:00
wlr_input_device.c input-device: add output_name field, populate it from libinput 2018-04-29 14:30:09 +01:00
wlr_input_inhibitor.c input-inhibit: use wlr_signal_emit_safe 2018-06-24 19:33:15 -04:00
wlr_keyboard.c backend/x11: correctly destroy input devices 2018-04-28 12:55:36 +01:00
wlr_layer_shell.c layer-shell: check whether the surface is mapped in layer_surface_destroy() 2018-06-16 17:29:53 +03:00
wlr_linux_dmabuf.c Merge branch 'master' into screencontent 2018-06-17 14:49:18 +01:00
wlr_list.c Revert "ELF Visibility" 2018-02-19 18:01:27 -05:00
wlr_matrix.c Fix typos in comments and strings 2018-05-03 21:59:43 +01:00
wlr_output_damage.c output-damage: limit the number of damaged rectangles 2018-05-05 14:28:55 +01:00
wlr_output_layout.c cleanup: Use void for zero-parameter functions 2018-05-30 20:19:16 -04:00
wlr_output.c Merge branch 'master' into screencontent 2018-06-17 14:49:18 +01:00
wlr_pointer.c backend/x11: correctly destroy input devices 2018-04-28 12:55:36 +01:00
wlr_primary_selection.c wlr_primary_selection: fix use-after-free when cancelling source 2018-06-25 17:28:44 +09:00
wlr_region.c compositor: redesign how resources are managed 2018-04-26 17:51:06 +01:00
wlr_screenshooter.c render: split render.h into wlr_renderer.h and wlr_texture.h 2018-03-19 23:16:29 +01:00
wlr_server_decoration.c Revert "ELF Visibility" 2018-02-19 18:01:27 -05:00
wlr_surface.c surface: remove wlr_frame_callback 2018-06-20 20:00:23 +01:00
wlr_tablet_pad.c Revert "ELF Visibility" 2018-02-19 18:01:27 -05:00
wlr_tablet_tool.c Revert "ELF Visibility" 2018-02-19 18:01:27 -05:00
wlr_touch.c Revert "ELF Visibility" 2018-02-19 18:01:27 -05:00
wlr_virtual_keyboard_v1.c virtual-keyboard: fix wlr_virtual_keyboard_manager_v1_destroy 2018-05-30 09:25:46 +01:00
wlr_wl_shell.c Send axis source event 2018-05-12 13:53:21 +01:00
wlr_xcursor_manager.c Redesign wlr_texture 2018-03-24 23:48:32 -04:00
wlr_xdg_output.c xdg-output: bump output manager version to 2 2018-05-17 09:30:10 +01:00