Now that the release is out, I'd like to dig back into this mess. This is a round up of some patches that were on list shortly before the release to deal with a problem where many existing libwayland users don't delete their destroy signal listeners before freeing them.
These leads to a bit of a mess (as Markus' test illustrates) if there are multiple destroy listeners. I've included: My test patch to ensure the existing behaviour continues to work (users like weston and enlightenment can free during destroy listener) The special case destroy emit path for wl_priv_signal - this is an attempt to "fix" the problem, by making the destroy signal emit operate without ever touching potentially free()d elements again. Markus' test that would fail without patch 2/3, as it catches the free() without removal case we've all come to know any love. Derek Foreman (2): tests: Test for use after free in resource destruction signals changes since first appearance: none server: Add special case destroy signal emitter changes since first appearance: stop trying to maintain a list head Markus Ongyerth (1): tests: Add free-without-remove test changes since first appearance: I moved it into an existing file src/wayland-private.h | 3 +++ src/wayland-server.c | 46 +++++++++++++++++++++++++++++++++++++++++++--- tests/resources-test.c | 39 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 85 insertions(+), 3 deletions(-) -- 2.14.3 _______________________________________________ wayland-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/wayland-devel
