Without this commit, wl_display_roundtrip_queue() is vulnerable to a race condition, causing the callback to be dispatched on the wrong queue.
The race condition happens if some non-main thread calls wl_display_roundtrip_queue() with its thread local queue, and the main thread reads and dispatches the callback event from the wl_display_sync() call before the thread local queue is set. The issue is fixed by using a proxy wrapper, making the initialization of the callback proxy atomic, effectively making it no longer possible for some other thread to dispatch the proxy before the correct thread local queue is set. Signed-off-by: Jonas Ådahl <[email protected]> --- src/wayland-client.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/wayland-client.c b/src/wayland-client.c index 6de91cd..cb5213b 100644 --- a/src/wayland-client.c +++ b/src/wayland-client.c @@ -1106,14 +1106,20 @@ static const struct wl_callback_listener sync_listener = { WL_EXPORT int wl_display_roundtrip_queue(struct wl_display *display, struct wl_event_queue *queue) { + struct wl_display *display_wrapper; struct wl_callback *callback; int done, ret = 0; done = 0; - callback = wl_display_sync(display); + + display_wrapper = wl_proxy_create_wrapper(display); + wl_proxy_set_queue((struct wl_proxy *) display_wrapper, queue); + callback = wl_display_sync(display_wrapper); + wl_proxy_wrapper_destroy(display_wrapper); + if (callback == NULL) return -1; - wl_proxy_set_queue((struct wl_proxy *) callback, queue); + wl_callback_add_listener(callback, &sync_listener, &done); while (!done && ret >= 0) ret = wl_display_dispatch_queue(display, queue); -- 2.5.5 _______________________________________________ wayland-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/wayland-devel
