From 02ea045ca7c740e5b691f2f18d5ec696ada365ed Mon Sep 17 00:00:00 2001 From: Mike Blumenkrantz Date: Wed, 18 Oct 2017 16:49:49 -0400 Subject: [PATCH] cancel wl selections after removing destroy listener cancel may destroy the selection source, resulting in invalid access ==10735== Invalid write of size 8 ==10735== at 0x87C8095: wl_list_remove (wayland-util.c:56) ==10735== by 0x2EE745: _e_comp_wl_data_device_selection_set (e_comp_wl_data.c:506) ==10735== by 0x2EF241: _e_comp_wl_data_device_cb_selection_set (e_comp_wl_data.c:714) ==10735== by 0x1021F037: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==10735== by 0x1021EA99: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==10735== by 0x87C70C0: wl_closure_invoke (connection.c:935) ==10735== by 0x87C13C8: wl_client_connection_data (wayland-server.c:406) ==10735== by 0x87C4483: wl_event_source_fd_dispatch (event-loop.c:90) ==10735== by 0x87C4DE4: wl_event_loop_dispatch (event-loop.c:423) ==10735== by 0x85AE346: _cb_create_data (ecore_wl2_display.c:399) ==10735== by 0x946857A: _ecore_call_fd_cb (ecore_private.h:347) ==10735== by 0x946AE51: _ecore_main_fd_handlers_call (ecore_main.c:2015) ==10735== by 0x946B823: _ecore_main_loop_iterate_internal (ecore_main.c:2403) ==10735== by 0x946935E: ecore_main_loop_begin (ecore_main.c:1308) ==10735== by 0x151139: main (e_main.c:1088) ==10735== Address 0x222ca980 is 16 bytes inside a block of size 136 free'd ==10735== at 0x4C2CE1B: free (vg_replace_malloc.c:530) ==10735== by 0x2F076F: e_comp_wl_clipboard_source_unref (e_comp_wl_data.c:1291) ==10735== by 0x214C6A09: _xwayland_send_cancelled (dnd.c:149) ==10735== by 0x2EE71D: _e_comp_wl_data_device_selection_set (e_comp_wl_data.c:504) ==10735== by 0x2EF241: _e_comp_wl_data_device_cb_selection_set (e_comp_wl_data.c:714) ==10735== by 0x1021F037: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==10735== by 0x1021EA99: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==10735== by 0x87C70C0: wl_closure_invoke (connection.c:935) ==10735== by 0x87C13C8: wl_client_connection_data (wayland-server.c:406) ==10735== by 0x87C4483: wl_event_source_fd_dispatch (event-loop.c:90) ==10735== by 0x87C4DE4: wl_event_loop_dispatch (event-loop.c:423) ==10735== by 0x85AE346: _cb_create_data (ecore_wl2_display.c:399) ==10735== by 0x946857A: _ecore_call_fd_cb (ecore_private.h:347) ==10735== by 0x946AE51: _ecore_main_fd_handlers_call (ecore_main.c:2015) ==10735== by 0x946B823: _ecore_main_loop_iterate_internal (ecore_main.c:2403) ==10735== by 0x946935E: ecore_main_loop_begin (ecore_main.c:1308) ==10735== by 0x151139: main (e_main.c:1088) ==10735== Block was alloc'd at ==10735== at 0x4C2DC05: calloc (vg_replace_malloc.c:711) ==10735== by 0x2F0520: e_comp_wl_clipboard_source_create (e_comp_wl_data.c:1231) ==10735== by 0x214C71C9: _xwl_selection_notify (dnd.c:286) ==10735== by 0x946130C: _ecore_call_handler_cb (ecore_private.h:331) ==10735== by 0x94626BC: _ecore_event_call (ecore_events.c:629) ==10735== by 0x946B83E: _ecore_main_loop_iterate_internal (ecore_main.c:2408) ==10735== by 0x946935E: ecore_main_loop_begin (ecore_main.c:1308) ==10735== by 0x151139: main (e_main.c:1088) --- src/bin/e_comp_wl_data.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/bin/e_comp_wl_data.c b/src/bin/e_comp_wl_data.c index 3f3972149..1608c7463 100644 --- a/src/bin/e_comp_wl_data.c +++ b/src/bin/e_comp_wl_data.c @@ -500,10 +500,10 @@ _e_comp_wl_data_device_selection_set(void *data EINA_UNUSED, E_Comp_Wl_Data_Sour if (sel_source) { - if (sel_source->cancelled) - sel_source->cancelled(sel_source); if (!e_comp_wl->clipboard.xwl_owner) wl_list_remove(&e_comp_wl->selection.data_source_listener.link); + if (sel_source->cancelled) + sel_source->cancelled(sel_source); e_comp_wl->selection.data_source = NULL; }