forked from AuroraMiddleware/gtk
806c04411d
Running gnome-shell under valgrind, I saw the attached invalid write. Basically we can destroy a window during event processing, and the old window_remove_filters simply called g_free() on the filter, ignoring the refcount. Then later in event processing we call filter->refcount--, which is writing to free()d memory. Fix this by centralizing list mutation and refcount handling inside a new shared _gdk_window_filter_unref() function, and using that everywhere. ==13876== Invalid write of size 4 ==13876== at 0x446B181: gdk_event_apply_filters (gdkeventsource.c:86) ==13876== by 0x446B411: _gdk_events_queue (gdkeventsource.c:188) ==13876== by 0x44437EF: gdk_display_get_event (gdkdisplay.c:410) ==13876== by 0x446B009: gdk_event_source_dispatch (gdkeventsource.c:317) ==13876== by 0x4AB7159: g_main_context_dispatch (gmain.c:2436) ==13876== by 0x4AB7957: g_main_context_iterate.clone.5 (gmain.c:3087) ==13876== by 0x4AB806A: g_main_loop_run (gmain.c:3295) ==13876== by 0x8084D6B: main (main.c:722) ==13876== Address 0x1658bcac is 12 bytes inside a block of size 16 free'd ==13876== at 0x4005EAD: free (vg_replace_malloc.c:366) ==13876== by 0x4ABE515: g_free (gmem.c:263) ==13876== by 0x444BCC9: window_remove_filters (gdkwindow.c:1873) ==13876== by 0x4454BA3: _gdk_window_destroy_hierarchy (gdkwindow.c:2043) ==13876== by 0x447BF6E: gdk_window_destroy_notify (gdkwindow-x11.c:1115) ==13876== by 0x43588E2: _gtk_socket_windowing_filter_func (gtksocket-x11.c:518) ==13876== by 0x446B170: gdk_event_apply_filters (gdkeventsource.c:79) ==13876== by 0x446B411: _gdk_events_queue (gdkeventsource.c:188) ==13876== by 0x44437EF: gdk_display_get_event (gdkdisplay.c:410) ==13876== by 0x446B009: gdk_event_source_dispatch (gdkeventsource.c:317) ==13876== by 0x4AB7159: g_main_context_dispatch (gmain.c:2436) ==13876== by 0x4AB7957: g_main_context_iterate.clone.5 (gmain.c:3087) https://bugzilla.gnome.org/show_bug.cgi?id=637464
553 lines
18 KiB
C
553 lines
18 KiB
C
/* GDK - The GIMP Drawing Kit
|
|
* Copyright (C) 1995-1997 Peter Mattis, Spencer Kimball and Josh MacDonald
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the
|
|
* Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
* Boston, MA 02111-1307, USA.
|
|
*/
|
|
|
|
/*
|
|
* Modified by the GTK+ Team and others 1997-2000. See the AUTHORS
|
|
* file for a list of people on the GTK+ Team. See the ChangeLog
|
|
* files for a list of changes. These files are distributed with
|
|
* GTK+ at ftp://ftp.gtk.org/pub/gtk/.
|
|
*/
|
|
|
|
/* Uninstalled header defining types and functions internal to GDK */
|
|
|
|
#ifndef __GDK_INTERNALS_H__
|
|
#define __GDK_INTERNALS_H__
|
|
|
|
#include <gio/gio.h>
|
|
#include <gdk/gdktypes.h>
|
|
#include <gdk/gdkwindow.h>
|
|
#include <gdk/gdkwindowimpl.h>
|
|
#include <gdk/gdkprivate.h>
|
|
|
|
G_BEGIN_DECLS
|
|
|
|
/**********************
|
|
* General Facilities *
|
|
**********************/
|
|
|
|
/* Debugging support */
|
|
|
|
typedef struct _GdkColorInfo GdkColorInfo;
|
|
typedef struct _GdkEventFilter GdkEventFilter;
|
|
typedef struct _GdkClientFilter GdkClientFilter;
|
|
|
|
typedef enum {
|
|
GDK_COLOR_WRITEABLE = 1 << 0
|
|
} GdkColorInfoFlags;
|
|
|
|
struct _GdkColorInfo
|
|
{
|
|
GdkColorInfoFlags flags;
|
|
guint ref_count;
|
|
};
|
|
|
|
typedef enum {
|
|
GDK_EVENT_FILTER_REMOVED = 1 << 0
|
|
} GdkEventFilterFlags;
|
|
|
|
struct _GdkEventFilter {
|
|
GdkFilterFunc function;
|
|
gpointer data;
|
|
GdkEventFilterFlags flags;
|
|
guint ref_count;
|
|
};
|
|
|
|
struct _GdkClientFilter {
|
|
GdkAtom type;
|
|
GdkFilterFunc function;
|
|
gpointer data;
|
|
};
|
|
|
|
typedef enum {
|
|
GDK_DEBUG_MISC = 1 << 0,
|
|
GDK_DEBUG_EVENTS = 1 << 1,
|
|
GDK_DEBUG_DND = 1 << 2,
|
|
GDK_DEBUG_XIM = 1 << 3,
|
|
GDK_DEBUG_NOGRABS = 1 << 4,
|
|
GDK_DEBUG_COLORMAP = 1 << 5,
|
|
GDK_DEBUG_INPUT = 1 << 6,
|
|
GDK_DEBUG_CURSOR = 1 << 7,
|
|
GDK_DEBUG_MULTIHEAD = 1 << 8,
|
|
GDK_DEBUG_XINERAMA = 1 << 9,
|
|
GDK_DEBUG_DRAW = 1 <<10,
|
|
GDK_DEBUG_EVENTLOOP = 1 <<11
|
|
} GdkDebugFlag;
|
|
|
|
extern GList *_gdk_default_filters;
|
|
extern GdkWindow *_gdk_parent_root;
|
|
|
|
extern guint _gdk_debug_flags;
|
|
extern gboolean _gdk_native_windows;
|
|
|
|
#ifdef G_ENABLE_DEBUG
|
|
|
|
#define GDK_NOTE(type,action) G_STMT_START { \
|
|
if (_gdk_debug_flags & GDK_DEBUG_##type) \
|
|
{ action; }; } G_STMT_END
|
|
|
|
#else /* !G_ENABLE_DEBUG */
|
|
|
|
#define GDK_NOTE(type,action)
|
|
|
|
#endif /* G_ENABLE_DEBUG */
|
|
|
|
/* Arg parsing */
|
|
|
|
typedef enum
|
|
{
|
|
GDK_ARG_STRING,
|
|
GDK_ARG_INT,
|
|
GDK_ARG_BOOL,
|
|
GDK_ARG_NOBOOL,
|
|
GDK_ARG_CALLBACK
|
|
} GdkArgType;
|
|
|
|
typedef struct _GdkArgContext GdkArgContext;
|
|
typedef struct _GdkArgDesc GdkArgDesc;
|
|
|
|
typedef void (*GdkArgFunc) (const char *name, const char *arg, gpointer data);
|
|
|
|
struct _GdkArgContext
|
|
{
|
|
GPtrArray *tables;
|
|
gpointer cb_data;
|
|
};
|
|
|
|
struct _GdkArgDesc
|
|
{
|
|
const char *name;
|
|
GdkArgType type;
|
|
gpointer location;
|
|
GdkArgFunc callback;
|
|
};
|
|
|
|
/* Event handling */
|
|
|
|
typedef struct _GdkEventPrivate GdkEventPrivate;
|
|
|
|
typedef enum
|
|
{
|
|
/* Following flag is set for events on the event queue during
|
|
* translation and cleared afterwards.
|
|
*/
|
|
GDK_EVENT_PENDING = 1 << 0
|
|
} GdkEventFlags;
|
|
|
|
struct _GdkEventPrivate
|
|
{
|
|
GdkEvent event;
|
|
guint flags;
|
|
GdkScreen *screen;
|
|
gpointer windowing_data;
|
|
GdkDevice *device;
|
|
GdkDevice *source_device;
|
|
};
|
|
|
|
/* Tracks information about the pointer grab on this display */
|
|
typedef struct
|
|
{
|
|
GdkWindow *window;
|
|
GdkWindow *native_window;
|
|
gulong serial_start;
|
|
gulong serial_end; /* exclusive, i.e. not active on serial_end */
|
|
gboolean owner_events;
|
|
guint event_mask;
|
|
gboolean implicit;
|
|
guint32 time;
|
|
GdkGrabOwnership ownership;
|
|
|
|
guint activated : 1;
|
|
guint implicit_ungrab : 1;
|
|
} GdkDeviceGrabInfo;
|
|
|
|
typedef struct _GdkWindowPaint GdkWindowPaint;
|
|
|
|
typedef void (* GdkDisplayPointerInfoForeach) (GdkDisplay *display,
|
|
GdkDevice *device,
|
|
GdkPointerWindowInfo *device_info,
|
|
gpointer user_data);
|
|
|
|
struct _GdkWindow
|
|
{
|
|
GObject parent_instance;
|
|
|
|
GdkWindowImpl *impl; /* window-system-specific delegate object */
|
|
|
|
GdkWindow *parent;
|
|
GdkVisual *visual;
|
|
|
|
gpointer user_data;
|
|
|
|
gint x;
|
|
gint y;
|
|
|
|
gint extension_events;
|
|
|
|
GList *filters;
|
|
GList *children;
|
|
|
|
cairo_pattern_t *background;
|
|
|
|
GSList *paint_stack;
|
|
|
|
cairo_region_t *update_area;
|
|
guint update_freeze_count;
|
|
|
|
guint8 window_type;
|
|
guint8 depth;
|
|
guint8 resize_count;
|
|
|
|
GdkWindowState state;
|
|
|
|
guint guffaw_gravity : 1;
|
|
guint input_only : 1;
|
|
guint modal_hint : 1;
|
|
guint composited : 1;
|
|
|
|
guint destroyed : 2;
|
|
|
|
guint accept_focus : 1;
|
|
guint focus_on_map : 1;
|
|
guint shaped : 1;
|
|
guint support_multidevice : 1;
|
|
|
|
GdkEventMask event_mask;
|
|
|
|
guint update_and_descendants_freeze_count;
|
|
|
|
/* The GdkWindow that has the impl, ref:ed if another window.
|
|
* This ref is required to keep the wrapper of the impl window alive
|
|
* for as long as any GdkWindow references the impl. */
|
|
GdkWindow *impl_window;
|
|
int abs_x, abs_y; /* Absolute offset in impl */
|
|
gint width, height;
|
|
guint32 clip_tag;
|
|
cairo_region_t *clip_region; /* Clip region (wrt toplevel) in window coords */
|
|
cairo_region_t *clip_region_with_children; /* Clip region in window coords */
|
|
GdkCursor *cursor;
|
|
GHashTable *device_cursor;
|
|
gint8 toplevel_window_type;
|
|
guint synthesize_crossing_event_queued : 1;
|
|
guint effective_visibility : 2;
|
|
guint visibility : 2; /* The visibility wrt the toplevel (i.e. based on clip_region) */
|
|
guint native_visibility : 2; /* the native visibility of a impl windows */
|
|
guint viewable : 1; /* mapped and all parents mapped */
|
|
guint applied_shape : 1;
|
|
|
|
guint num_offscreen_children;
|
|
GdkWindowPaint *implicit_paint;
|
|
|
|
GList *outstanding_moves;
|
|
|
|
cairo_region_t *shape;
|
|
cairo_region_t *input_shape;
|
|
|
|
cairo_surface_t *cairo_surface;
|
|
|
|
GList *devices_inside;
|
|
GHashTable *device_events;
|
|
|
|
GHashTable *source_event_masks;
|
|
gulong device_added_handler_id;
|
|
gulong device_changed_handler_id;
|
|
};
|
|
|
|
#define GDK_WINDOW_TYPE(d) (((GDK_WINDOW (d)))->window_type)
|
|
#define GDK_WINDOW_DESTROYED(d) (GDK_WINDOW (d)->destroyed)
|
|
|
|
extern GSList *_gdk_displays;
|
|
extern gchar *_gdk_display_name;
|
|
extern gint _gdk_screen_number;
|
|
extern gchar *_gdk_display_arg_name;
|
|
extern gboolean _gdk_disable_multidevice;
|
|
|
|
void _gdk_events_queue (GdkDisplay *display);
|
|
GdkEvent* _gdk_event_unqueue (GdkDisplay *display);
|
|
|
|
void _gdk_event_filter_unref (GdkWindow *window,
|
|
GdkEventFilter *filter);
|
|
|
|
void _gdk_event_emit (GdkEvent *event);
|
|
GList* _gdk_event_queue_find_first (GdkDisplay *display);
|
|
void _gdk_event_queue_remove_link (GdkDisplay *display,
|
|
GList *node);
|
|
GList* _gdk_event_queue_prepend (GdkDisplay *display,
|
|
GdkEvent *event);
|
|
GList* _gdk_event_queue_append (GdkDisplay *display,
|
|
GdkEvent *event);
|
|
GList* _gdk_event_queue_insert_after (GdkDisplay *display,
|
|
GdkEvent *after_event,
|
|
GdkEvent *event);
|
|
GList* _gdk_event_queue_insert_before(GdkDisplay *display,
|
|
GdkEvent *after_event,
|
|
GdkEvent *event);
|
|
void _gdk_event_button_generate (GdkDisplay *display,
|
|
GdkEvent *event);
|
|
|
|
void _gdk_windowing_event_data_copy (const GdkEvent *src,
|
|
GdkEvent *dst);
|
|
void _gdk_windowing_event_data_free (GdkEvent *event);
|
|
|
|
void gdk_synthesize_window_state (GdkWindow *window,
|
|
GdkWindowState unset_flags,
|
|
GdkWindowState set_flags);
|
|
|
|
GdkDeviceManager * _gdk_device_manager_new (GdkDisplay *display);
|
|
|
|
gboolean _gdk_cairo_surface_extents (cairo_surface_t *surface,
|
|
GdkRectangle *extents);
|
|
|
|
/*************************************
|
|
* Interfaces used by windowing code *
|
|
*************************************/
|
|
|
|
cairo_surface_t *
|
|
_gdk_window_ref_cairo_surface (GdkWindow *window);
|
|
|
|
void _gdk_window_impl_new (GdkWindow *window,
|
|
GdkWindow *real_parent,
|
|
GdkScreen *screen,
|
|
GdkEventMask event_mask,
|
|
GdkWindowAttr *attributes,
|
|
gint attributes_mask);
|
|
void _gdk_window_destroy (GdkWindow *window,
|
|
gboolean foreign_destroy);
|
|
void _gdk_window_clear_update_area (GdkWindow *window);
|
|
void _gdk_window_update_size (GdkWindow *window);
|
|
gboolean _gdk_window_update_viewable (GdkWindow *window);
|
|
|
|
void _gdk_window_process_updates_recurse (GdkWindow *window,
|
|
cairo_region_t *expose_region);
|
|
|
|
void _gdk_screen_close (GdkScreen *screen);
|
|
|
|
const char *_gdk_get_sm_client_id (void);
|
|
|
|
/*****************************************
|
|
* Interfaces provided by windowing code *
|
|
*****************************************/
|
|
|
|
/* Font/string functions implemented in module-specific code */
|
|
|
|
void _gdk_cursor_destroy (GdkCursor *cursor);
|
|
|
|
void _gdk_windowing_init (void);
|
|
|
|
extern const GOptionEntry _gdk_windowing_args[];
|
|
void _gdk_windowing_set_default_display (GdkDisplay *display);
|
|
|
|
gchar *_gdk_windowing_substitute_screen_number (const gchar *display_name,
|
|
gint screen_number);
|
|
|
|
gulong _gdk_windowing_window_get_next_serial (GdkDisplay *display);
|
|
void _gdk_windowing_window_get_offsets (GdkWindow *window,
|
|
gint *x_offset,
|
|
gint *y_offset);
|
|
|
|
|
|
void _gdk_windowing_get_device_state (GdkDisplay *display,
|
|
GdkDevice *device,
|
|
GdkScreen **screen,
|
|
gint *x,
|
|
gint *y,
|
|
GdkModifierType *mask);
|
|
GdkWindow* _gdk_windowing_window_at_device_position (GdkDisplay *display,
|
|
GdkDevice *device,
|
|
gint *win_x,
|
|
gint *win_y,
|
|
GdkModifierType *mask,
|
|
gboolean get_toplevel);
|
|
GdkGrabStatus _gdk_windowing_device_grab (GdkDevice *device,
|
|
GdkWindow *window,
|
|
GdkWindow *native,
|
|
gboolean owner_events,
|
|
GdkEventMask event_mask,
|
|
GdkWindow *confine_to,
|
|
GdkCursor *cursor,
|
|
guint32 time);
|
|
void _gdk_windowing_got_event (GdkDisplay *display,
|
|
GList *event_link,
|
|
GdkEvent *event,
|
|
gulong serial);
|
|
|
|
void _gdk_windowing_window_process_updates_recurse (GdkWindow *window,
|
|
cairo_region_t *expose_region);
|
|
void _gdk_windowing_before_process_all_updates (void);
|
|
void _gdk_windowing_after_process_all_updates (void);
|
|
|
|
|
|
#define GDK_WINDOW_IS_MAPPED(window) (((window)->state & GDK_WINDOW_STATE_WITHDRAWN) == 0)
|
|
|
|
|
|
/* Called when gdk_window_destroy() is called on a foreign window
|
|
* or an ancestor of the foreign window. It should generally reparent
|
|
* the window out of it's current heirarchy, hide it, and then
|
|
* send a message to the owner requesting that the window be destroyed.
|
|
*/
|
|
void _gdk_windowing_window_destroy_foreign (GdkWindow *window);
|
|
|
|
void _gdk_windowing_display_set_sm_client_id (GdkDisplay *display,
|
|
const gchar *sm_client_id);
|
|
|
|
void _gdk_windowing_window_set_composited (GdkWindow *window,
|
|
gboolean composited);
|
|
|
|
#define GDK_TYPE_PAINTABLE (_gdk_paintable_get_type ())
|
|
#define GDK_PAINTABLE(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GDK_TYPE_PAINTABLE, GdkPaintable))
|
|
#define GDK_IS_PAINTABLE(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), GDK_TYPE_PAINTABLE))
|
|
#define GDK_PAINTABLE_GET_IFACE(obj) (G_TYPE_INSTANCE_GET_INTERFACE ((obj), GDK_TYPE_PAINTABLE, GdkPaintableIface))
|
|
|
|
typedef struct _GdkPaintable GdkPaintable;
|
|
typedef struct _GdkPaintableIface GdkPaintableIface;
|
|
|
|
struct _GdkPaintableIface
|
|
{
|
|
GTypeInterface g_iface;
|
|
|
|
void (* begin_paint_region) (GdkPaintable *paintable,
|
|
GdkWindow *window,
|
|
const cairo_region_t *region);
|
|
void (* end_paint) (GdkPaintable *paintable);
|
|
};
|
|
|
|
GType _gdk_paintable_get_type (void) G_GNUC_CONST;
|
|
|
|
struct GdkAppLaunchContextPrivate
|
|
{
|
|
GdkDisplay *display;
|
|
GdkScreen *screen;
|
|
gint workspace;
|
|
guint32 timestamp;
|
|
GIcon *icon;
|
|
char *icon_name;
|
|
};
|
|
|
|
char *_gdk_windowing_get_startup_notify_id (GAppLaunchContext *context,
|
|
GAppInfo *info,
|
|
GList *files);
|
|
void _gdk_windowing_launch_failed (GAppLaunchContext *context,
|
|
const char *startup_notify_id);
|
|
|
|
void _gdk_display_device_grab_update (GdkDisplay *display,
|
|
GdkDevice *device,
|
|
GdkDevice *source_device,
|
|
gulong current_serial);
|
|
GdkDeviceGrabInfo *_gdk_display_get_last_device_grab (GdkDisplay *display,
|
|
GdkDevice *device);
|
|
GdkDeviceGrabInfo *_gdk_display_add_device_grab (GdkDisplay *display,
|
|
GdkDevice *device,
|
|
GdkWindow *window,
|
|
GdkWindow *native_window,
|
|
GdkGrabOwnership grab_ownership,
|
|
gboolean owner_events,
|
|
GdkEventMask event_mask,
|
|
unsigned long serial_start,
|
|
guint32 time,
|
|
gboolean implicit);
|
|
GdkDeviceGrabInfo * _gdk_display_has_device_grab (GdkDisplay *display,
|
|
GdkDevice *device,
|
|
gulong serial);
|
|
gboolean _gdk_display_end_device_grab (GdkDisplay *display,
|
|
GdkDevice *device,
|
|
gulong serial,
|
|
GdkWindow *if_child,
|
|
gboolean implicit);
|
|
gboolean _gdk_display_check_grab_ownership (GdkDisplay *display,
|
|
GdkDevice *device,
|
|
gulong serial);
|
|
void _gdk_display_enable_motion_hints (GdkDisplay *display,
|
|
GdkDevice *device);
|
|
|
|
GdkPointerWindowInfo * _gdk_display_get_pointer_info (GdkDisplay *display,
|
|
GdkDevice *device);
|
|
|
|
void _gdk_display_pointer_info_foreach (GdkDisplay *display,
|
|
GdkDisplayPointerInfoForeach func,
|
|
gpointer user_data);
|
|
|
|
void _gdk_window_invalidate_for_expose (GdkWindow *window,
|
|
cairo_region_t *region);
|
|
|
|
GdkWindow * _gdk_window_find_child_at (GdkWindow *window,
|
|
int x, int y);
|
|
GdkWindow * _gdk_window_find_descendant_at (GdkWindow *toplevel,
|
|
double x, double y,
|
|
double *found_x,
|
|
double *found_y);
|
|
|
|
void _gdk_window_add_damage (GdkWindow *toplevel,
|
|
cairo_region_t *damaged_region);
|
|
|
|
GdkEvent * _gdk_make_event (GdkWindow *window,
|
|
GdkEventType type,
|
|
GdkEvent *event_in_queue,
|
|
gboolean before_event);
|
|
gboolean _gdk_window_event_parent_of (GdkWindow *parent,
|
|
GdkWindow *child);
|
|
|
|
void _gdk_synthesize_crossing_events (GdkDisplay *display,
|
|
GdkWindow *src,
|
|
GdkWindow *dest,
|
|
GdkDevice *device,
|
|
GdkDevice *source_device,
|
|
GdkCrossingMode mode,
|
|
gint toplevel_x,
|
|
gint toplevel_y,
|
|
GdkModifierType mask,
|
|
guint32 time_,
|
|
GdkEvent *event_in_queue,
|
|
gulong serial,
|
|
gboolean non_linear);
|
|
void _gdk_display_set_window_under_pointer (GdkDisplay *display,
|
|
GdkDevice *device,
|
|
GdkWindow *window);
|
|
|
|
|
|
void _gdk_synthesize_crossing_events_for_geometry_change (GdkWindow *changed_window);
|
|
|
|
cairo_region_t *_gdk_window_calculate_full_clip_region (GdkWindow *window,
|
|
GdkWindow *base_window,
|
|
gboolean do_children,
|
|
gint *base_x_offset,
|
|
gint *base_y_offset);
|
|
gboolean _gdk_window_has_impl (GdkWindow *window);
|
|
GdkWindow * _gdk_window_get_impl_window (GdkWindow *window);
|
|
|
|
/*****************************
|
|
* offscreen window routines *
|
|
*****************************/
|
|
GType gdk_offscreen_window_get_type (void);
|
|
void _gdk_offscreen_window_new (GdkWindow *window,
|
|
GdkWindowAttr *attributes,
|
|
gint attributes_mask);
|
|
cairo_surface_t * _gdk_offscreen_window_create_surface (GdkWindow *window,
|
|
gint width,
|
|
gint height);
|
|
|
|
|
|
/************************************
|
|
* Initialization and exit routines *
|
|
************************************/
|
|
|
|
void _gdk_windowing_exit (void);
|
|
|
|
G_END_DECLS
|
|
|
|
#endif /* __GDK_INTERNALS_H__ */
|