Make sure we always test hash_table_lookup()s return to prevent trying to dereference a NULL window.
Signed-off-by: Derek Foreman <[email protected]> --- xwayland/window-manager.c | 103 +++++++++++++++++++++++++++++++++------------- 1 file changed, 74 insertions(+), 29 deletions(-) diff --git a/xwayland/window-manager.c b/xwayland/window-manager.c index 3967670..9388d2e 100644 --- a/xwayland/window-manager.c +++ b/xwayland/window-manager.c @@ -446,10 +446,16 @@ weston_wm_window_read_properties(struct weston_wm_window *window) strndup(xcb_get_property_value(reply), xcb_get_property_value_length(reply)); break; - case XCB_ATOM_WINDOW: + case XCB_ATOM_WINDOW: { + int found; xid = xcb_get_property_value(reply); - hash_table_lookup(wm->window_hash, *xid, (struct weston_wm_window **)p); + found = hash_table_lookup(wm->window_hash, *xid, + (struct weston_wm_window **)p); + if (!found) + weston_log("XCB_ATOM_WINDOW contains window" + " id not found in hash table.\n"); break; + } case XCB_ATOM_CARDINAL: case XCB_ATOM_ATOM: atom = xcb_get_property_value(reply); @@ -586,14 +592,18 @@ weston_wm_handle_configure_request(struct weston_wm *wm, xcb_generic_event_t *ev (xcb_configure_request_event_t *) event; struct weston_wm_window *window; uint32_t mask, values[16]; - int x, y, width, height, i = 0; + int x, y, width, height, i = 0, found; wm_log("XCB_CONFIGURE_REQUEST (window %d) %d,%d @ %dx%d\n", configure_request->window, configure_request->x, configure_request->y, configure_request->width, configure_request->height); - hash_table_lookup(wm->window_hash, configure_request->window, &window); + found = hash_table_lookup(wm->window_hash, + configure_request->window, + &window); + if (!found) + return; if (window->fullscreen) { weston_wm_window_send_configure_notify(window); @@ -650,6 +660,8 @@ our_resource(struct weston_wm *wm, uint32_t id) static void weston_wm_handle_configure_notify(struct weston_wm *wm, xcb_generic_event_t *event) { + int found; + xcb_configure_notify_event_t *configure_notify = (xcb_configure_notify_event_t *) event; struct weston_wm_window *window; @@ -659,7 +671,12 @@ weston_wm_handle_configure_notify(struct weston_wm *wm, xcb_generic_event_t *eve configure_notify->x, configure_notify->y, configure_notify->width, configure_notify->height); - hash_table_lookup(wm->window_hash, configure_notify->window, &window); + found = hash_table_lookup(wm->window_hash, + configure_notify->window, + &window); + if (!found) + return; + window->x = configure_notify->x; window->y = configure_notify->y; if (window->override_redirect) { @@ -924,6 +941,7 @@ weston_wm_handle_map_request(struct weston_wm *wm, xcb_generic_event_t *event) xcb_map_request_event_t *map_request = (xcb_map_request_event_t *) event; struct weston_wm_window *window; + int found; if (our_resource(wm, map_request->window)) { wm_log("XCB_MAP_REQUEST (window %d, ours)\n", @@ -931,7 +949,11 @@ weston_wm_handle_map_request(struct weston_wm *wm, xcb_generic_event_t *event) return; } - hash_table_lookup(wm->window_hash, map_request->window, &window); + found = hash_table_lookup(wm->window_hash, + map_request->window, + &window); + if (!found) + return; weston_wm_window_read_properties(window); @@ -969,6 +991,7 @@ weston_wm_handle_unmap_notify(struct weston_wm *wm, xcb_generic_event_t *event) xcb_unmap_notify_event_t *unmap_notify = (xcb_unmap_notify_event_t *) event; struct weston_wm_window *window; + int found; wm_log("XCB_UNMAP_NOTIFY (window %d, event %d%s)\n", unmap_notify->window, @@ -983,7 +1006,12 @@ weston_wm_handle_unmap_notify(struct weston_wm *wm, xcb_generic_event_t *event) * as it may come in after we've destroyed the window. */ return; - hash_table_lookup(wm->window_hash, unmap_notify->window, &window); + found = hash_table_lookup(wm->window_hash, + unmap_notify->window, + &window); + if (!found) + return; + if (wm->focus_window == window) wm->focus_window = NULL; if (window->surface) @@ -1111,9 +1139,12 @@ weston_wm_handle_property_notify(struct weston_wm *wm, xcb_generic_event_t *even xcb_property_notify_event_t *property_notify = (xcb_property_notify_event_t *) event; struct weston_wm_window *window; + int found; - hash_table_lookup(wm->window_hash, property_notify->window, &window); - if (!window) + found = hash_table_lookup(wm->window_hash, + property_notify->window, + &window); + if (!found) return; window->properties_dirty = 1; @@ -1222,6 +1253,7 @@ weston_wm_handle_destroy_notify(struct weston_wm *wm, xcb_generic_event_t *event xcb_destroy_notify_event_t *destroy_notify = (xcb_destroy_notify_event_t *) event; struct weston_wm_window *window; + int found; wm_log("XCB_DESTROY_NOTIFY, win %d, event %d%s\n", destroy_notify->window, @@ -1231,7 +1263,12 @@ weston_wm_handle_destroy_notify(struct weston_wm *wm, xcb_generic_event_t *event if (our_resource(wm, destroy_notify->window)) return; - hash_table_lookup(wm->window_hash, destroy_notify->window, &window); + found = hash_table_lookup(wm->window_hash, + destroy_notify->window, + &window); + if (!found) + return; + weston_wm_window_destroy(window); } @@ -1241,6 +1278,7 @@ weston_wm_handle_reparent_notify(struct weston_wm *wm, xcb_generic_event_t *even xcb_reparent_notify_event_t *reparent_notify = (xcb_reparent_notify_event_t *) event; struct weston_wm_window *window; + int found; wm_log("XCB_REPARENT_NOTIFY (window %d, parent %d, event %d)\n", reparent_notify->window, @@ -1252,8 +1290,12 @@ weston_wm_handle_reparent_notify(struct weston_wm *wm, xcb_generic_event_t *even reparent_notify->x, reparent_notify->y, reparent_notify->override_redirect); } else if (!our_resource(wm, reparent_notify->parent)) { - hash_table_lookup(wm->window_hash, - reparent_notify->window, &window); + found = hash_table_lookup(wm->window_hash, + reparent_notify->window, + &window); + if (!found) + return; + weston_wm_window_destroy(window); } } @@ -1490,8 +1532,13 @@ weston_wm_handle_client_message(struct weston_wm *wm, xcb_client_message_event_t *client_message = (xcb_client_message_event_t *) event; struct weston_wm_window *window; + int found; - hash_table_lookup(wm->window_hash, client_message->window, &window); + found = hash_table_lookup(wm->window_hash, + client_message->window, + &window); + if (!found) + return; wm_log("XCB_CLIENT_MESSAGE (%s %d %d %d %d %d win %d)\n", get_atom_name(wm->conn, client_message->type), @@ -1502,12 +1549,6 @@ weston_wm_handle_client_message(struct weston_wm *wm, client_message->data.data32[4], client_message->window); - /* The window may get created and destroyed before we actually - * handle the message. If it doesn't exist, bail. - */ - if (!window) - return; - if (client_message->type == wm->atom.net_wm_moveresize) weston_wm_window_handle_moveresize(window, client_message); else if (client_message->type == wm->atom.net_wm_state) @@ -1716,13 +1757,16 @@ weston_wm_handle_button(struct weston_wm *wm, xcb_generic_event_t *event) enum theme_location location; enum frame_button_state button_state; uint32_t button_id; + int found; wm_log("XCB_BUTTON_%s (detail %d)\n", button->response_type == XCB_BUTTON_PRESS ? "PRESS" : "RELEASE", button->detail); - hash_table_lookup(wm->window_hash, button->event, &window); - if (!window || !window->decorate) + found = hash_table_lookup(wm->window_hash, + button->event, + &window); + if (!found || !window->decorate) return; if (button->detail != 1 && button->detail != 2) @@ -1783,10 +1827,10 @@ weston_wm_handle_motion(struct weston_wm *wm, xcb_generic_event_t *event) xcb_motion_notify_event_t *motion = (xcb_motion_notify_event_t *) event; struct weston_wm_window *window; enum theme_location location; - int cursor; + int cursor, found; - hash_table_lookup(wm->window_hash, motion->event, &window); - if (!window || !window->decorate) + found = hash_table_lookup(wm->window_hash, motion->event, &window); + if (!found || !window->decorate) return; location = frame_pointer_motion(window->frame, NULL, @@ -1804,10 +1848,10 @@ weston_wm_handle_enter(struct weston_wm *wm, xcb_generic_event_t *event) xcb_enter_notify_event_t *enter = (xcb_enter_notify_event_t *) event; struct weston_wm_window *window; enum theme_location location; - int cursor; + int cursor, found; - hash_table_lookup(wm->window_hash, enter->event, &window); - if (!window || !window->decorate) + found = hash_table_lookup(wm->window_hash, enter->event, &window); + if (!found || !window->decorate) return; location = frame_pointer_enter(window->frame, NULL, @@ -1824,9 +1868,10 @@ weston_wm_handle_leave(struct weston_wm *wm, xcb_generic_event_t *event) { xcb_leave_notify_event_t *leave = (xcb_leave_notify_event_t *) event; struct weston_wm_window *window; + int found; - hash_table_lookup(wm->window_hash, leave->event, &window); - if (!window || !window->decorate) + found = hash_table_lookup(wm->window_hash, leave->event, &window); + if (!found || !window->decorate) return; frame_pointer_leave(window->frame, NULL); -- 2.1.4 _______________________________________________ wayland-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/wayland-devel
