[Git][xorg-team/wayland/wayland][upstream-experimental] 165 commits: build: re-open main branch for regular development

Dylan Aïssi pushed to branch upstream-experimental at X Strike Force / wayland / wayland

Commits:

cdd890a6

by Simon Ser at 2023-04-04T13:38:18+02:00

build: re-open main branch for regular development

307b2362

by Simon Ser at 2023-04-04T11:39:08+00:00

protocol: disallow re-using wl_data_source

As pointed out in [1], re-using a wl_data_source for multiple start_drag or
set_selection requests has bad consequences, because this object has events
that allo tracking the state of a selection/drag-and-drop operation. Tracking
two operations at the same time isn't possible with this interface.

[1]: https://lists.freedesktop.org/archives/wayland-devel/2019-January/039936.html

Signed-off-by: Simon Ser <contact@emersion.fr>
Signed-off-by: Daniel Stone <daniels@collabora.com>

1e259a25

by Xaver Hugl at 2023-04-12T13:37:51+00:00

protocol: improve wl_keyboard focus documentation

The compositor must not send any key events while a surface is not focused,
but in order to allow for common actions like ctrl+scroll for zooming to work
with unfocused surfaces it may do so with modifiers.

Signed-off-by: Xaver Hugl <xaver.hugl@gmail.com>

3bac2e5f

by Joshua Ashton at 2023-05-02T12:36:35+01:00

event-loop: Handle EINTR and EAGAIN in wl_event_loop_dispatch

This fixes an issue where it was not possible to start Gamescope under GDB on some setups.
https://github.com/ValveSoftware/gamescope/issues/743

Any signals would cause epoll_wait to return -1 and set errno to EINTR.

This also handles the EAGAIN case like the other polling loops in libwayland.

Signed-off-by: Joshua Ashton <joshua@froggi.es>

d40052e0

by Manuel Stoeckl at 2023-05-03T19:10:32+00:00

protocol: add new shm formats

This brings the format list up to date with libdrm 2.4.115.

Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>

b1b97e8d

by Manuel Stoeckl at 2023-05-03T19:15:12+00:00

tests: drop misleading fixed-benchmark

Because this benchmark performed wl_fixed_to_double conversions
on a long sequence of consecutive integers, the compiler could
optimize away the addition performed in wl_fixed_to_double, merging
it with the loop iteration code. This made tests/fixed-benchmark.c
significantly underestimate the actual cost of the current
wl_fixed_to_double implementation.

Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>

11b17c12

by Yang Wang at 2023-05-03T19:21:17+00:00

event-loop: optimize timer check logic

the 'has_timers' flag can be returned directly without having to track all the ready events
when a timer is found ready.

Signed-off-by: Yang Wang <KevinYang.Wang@amd.com>

0e0ae7e2

by Simon Ser at 2023-05-09T09:33:06+00:00

util: simplify wl_fixed_to_double()

We can just use a simple division instead of bit operations with
magic numbers. Readability matters more than performance here.

References: https://gitlab.freedesktop.org/wayland/wayland/-/merge_requests/296
Signed-off-by: Simon Ser <contact@emersion.fr>

8f2a33cf

by Simon Ser at 2023-05-09T09:50:53+00:00

server: stop wl_display_run() on dispatch error

If wl_event_loop_dispatch() fails, we could enter an infinite loop,
repeatedly calling a failing wl_event_loop_dispatch() forever.

Signed-off-by: Simon Ser <contact@emersion.fr>

2aec19ce

by Simon Ser at 2023-05-09T09:56:18+00:00

build: override wayland-scanner dep

This allows a parent project to find wayland-scanner.

Signed-off-by: Simon Ser <contact@emersion.fr>

f3026c91

by Sebastian Wick at 2023-05-09T14:52:58+02:00

protocol: specify the exact form of premultiplication

There are two ways to do pre-multiplication of the alpha channel into
the color channels: on optical values or on electrical values. While
pre-multiplication with optical values is arguably more correct, because
operations like blending or scaling require pre-multiplied, optical
color channels, wayland and compositors by default work with
pre-multiplied electrical values. This is most likely a convention that
Wayland took from Cairo.

This commit makes sure that the expectation of pre-multiplied electrical
values is properly documented.

Signed-off-by: Sebastian Wick <sebastian.wick@redhat.com>

a3c49949

by Simon Ser at 2023-05-23T09:33:43+00:00

protocol: refer to wl_surface.offset in set_cursor

The offset in wl_surface.attach has been superseded by
wl_surface.offset. Refer to the new request instead of using the
deprecated one.

Signed-off-by: Simon Ser <contact@emersion.fr>

56dfdb76

by Simon Ser at 2023-05-30T09:18:34+00:00

server: use bool in struct fields

Use bool instead of int for boolean values, to make it more
explicit what the field contains. For instance "error" is not to
be confused with an error code.

This is all private API.

Signed-off-by: Simon Ser <contact@emersion.fr>

f181de1b

by Simon Ser at 2023-06-20T09:20:49+02:00

tests: add missing proxy-test

This was probably lost during a rebase.

Signed-off-by: Simon Ser <contact@emersion.fr>

4a7348e4

by Simon Ser at 2023-06-20T09:20:49+02:00

egl: add missing ABI check test

We were building the executable for the test, but not declaring
the test.

Signed-off-by: Simon Ser <contact@emersion.fr>

4ec379eb

by Simon Ser at 2023-06-27T13:31:50+02:00

tests: manually wrap libc functions

The way we're wrapping libc functions via dlsym() is pretty fragile
and breaks on FreeBSD. The failures happen in our CI and are pretty
random, see e.g. [1].

Use a more manual way to wrap via a function pointer.

[1]: https://gitlab.freedesktop.org/wayland/wayland/-/jobs/44204010

Signed-off-by: Simon Ser <contact@emersion.fr>

6d333465

by Alex Yang at 2023-06-27T14:08:25-07:00

debug: Replace "@<id>" with "#<id>" in logs

Wayland debug logs resemble email addresses. This is a problem when
anonymizing logs from users. For example:

[2512874.343] xdg_surface@700.configure(333)

In the above log line, the substring "surface@700.config" can be
mistaken for an email address and redacted during anonymization.

Signed-off-by: Alex Yang <aycyang@google.com>

e3908eb3

by Peter Hutterer at 2023-07-07T21:18:08+10:00

Add a triage-policies file for bugbot

With a default template for the common case of "this is not a protocol bug".

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

72da004b

by Simon Ser at 2023-07-19T11:01:17+00:00

protocol: fix whitespace

This file uses tabs instead of 8 spaces.

Signed-off-by: Simon Ser <contact@emersion.fr>

7b27881c

by Simon Ser at 2023-08-02T16:47:07+02:00

cursor: check return value of snprintf()

Fixes a new warning in GCC 7:

    FAILED: cursor/libwayland-cursor.so.0.22.90.p/xcursor.c.o
    cc -Icursor/libwayland-cursor.so.0.22.90.p -Icursor -I../cursor -I. -I.. -Isrc -I../src -fdiagnostics-color=always -pipe -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -Werror -std=c99 -O3 -D_POSIX_C_SOURCE=200809L -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -fvisibility=hidden -fPIC '-DICONDIR="/usr/share/X11/icons"' -MD -MQ cursor/libwayland-cursor.so.0.22.90.p/xcursor.c.o -MF cursor/libwayland-cursor.so.0.22.90.p/xcursor.c.o.d -o cursor/libwayland-cursor.so.0.22.90.p/xcursor.c.o -c ../cursor/xcursor.c
    ../cursor/xcursor.c: In function 'xcursor_load_theme':
    ../cursor/xcursor.c:596:39: error: '%s' directive output between 7 and 7 bytes may cause result to exceed 'INT_MAX' [-Werror=format-truncation=]
      596 |         snprintf(full, full_size, "%s/%s/%s", dir, subdir, file);
          |                                       ^~
    ......
      764 |                 full = xcursor_build_fullname(dir, "cursors", "");
          |                                                    ~~~~~~~~~
    ../cursor/xcursor.c:596:41: error: '/' directive output between 1 and 1 bytes may cause result to exceed 'INT_MAX' [-Werror=format-truncation=]
      596 |         snprintf(full, full_size, "%s/%s/%s", dir, subdir, file);
          |                                         ^
    cc1: all warnings being treated as errors

Signed-off-by: Simon Ser <contact@emersion.fr>

a81f947a

by Simon Ser at 2023-08-02T16:47:07+02:00

ci: upgrade ci-templates

Newer ci-templates contains bugfixes.

While at it, stop using a GitLab YAML reference, because we only
use this value in one spot.

Signed-off-by: Simon Ser <contact@emersion.fr>

63b00505

by Simon Ser at 2023-08-02T16:47:07+02:00

ci: upgrade Debian to bookworm

This is the current Debian stable release.

Signed-off-by: Simon Ser <contact@emersion.fr>

379a6f67

by Simon Ser at 2023-08-02T16:47:07+02:00

ci: upgrade FreeBSD to 13.2

Signed-off-by: Simon Ser <contact@emersion.fr>

edb943dc

by David Edmundson at 2023-08-07T13:38:01+00:00

client: Add method to get display for a given proxy

This can be useful for additional validation purposes when handling
proxies. This is similar to existing server side API
wl_global_get_display.

Signed-off-by: David Edmundson <david@davidedmundson.co.uk>

50ea9c5b

by David Benjamin at 2023-11-08T08:41:16-05:00

connection: avoid calling memcpy on NULL, 0

Due to what is arguably a mistake in the C language specification,
passing NULL to memcpy and friends is undefined behavior (UB) even when
the count is 0. C additionally mistakenly leaves NULL + 0 and NULL -
NULL undefined. (C++ fixes this mistake.) These are very problematic
because (NULL, 0) is a natural representation of the empty slice.

Some details:
https://github.com/llvm/llvm-project/issues/49459
https://www.imperialviolet.org/2016/06/26/nonnull.html

Unfortunately, despite how clearly this is a mistake, glibc headers and
GCC now try to exploit this specification mistake and will miscompile
code, so C projects need to workaround this. In particular, UBSan from
Clang will flag this as a bug (although Clang itself has the good sense
to never lean on this bug). We've run into a few UBSan errors in
Chromium stemming from Wayland's memcpy calls. Add runtime guards as
needed to avoid these cases.

Note: Chromium's copy of wayland has
https://gitlab.freedesktop.org/wayland/wayland/-/merge_requests/188
applied. It is possible the ring_buffer_copy UB cases are only reachable
with that MR applied, I'm not sure. But it seemed simplest to just add
the fix to wayland as-is. Then when/if that MR lands, it will pick this
up.

Signed-off-by: David Benjamin <davidben@google.com>

e4eb42d0

by Simon Ser at 2023-11-21T15:36:00+00:00

protocol: refer to wl_surface.offset in wl_data_device.start_drag

Passing an offset to wl_surface.attach is not supported in the
latest version of the interface.

Signed-off-by: Simon Ser <contact@emersion.fr>

3007718b

by Simon Ser at 2023-11-21T15:44:31+00:00

gitlab: make issue template the default

The issue template is hard to notice because it's not the default.
Users have to explicitly select it from the easy-to-miss dropdown
to get the warning.

Make the template the default one, so that new users are less likely
to miss it.

Signed-off-by: Simon Ser <contact@emersion.fr>

2a91f01d

by Simon Ser at 2023-11-21T15:47:13+00:00

util: simplify wl_fixed_from_double()

Same as 0e0ae7e290f2 ("util: simplify wl_fixed_to_double()"), but
for the reverse function.

Signed-off-by: Simon Ser <contact@emersion.fr>

8a19dc19

by Kirill Chibisov at 2023-11-21T15:50:11+00:00

protocol: clarify defaults with wl_compositor@v6

This should be sufficient for clients to not decide to fallback to
output based logic to determine scaling/transform when compositor
doesn't send any of the v6 events.

Signed-off-by: Kirill Chibisov <contact@kchibisov.com>

82d8b218

by Kirill Primak at 2023-11-21T15:54:58+00:00

protocol: improve wl_subsurface.{set_position,place_above} description

Don't mention when the parent surface state is applied; the parent
surface isn't necessarily a sub-surface.

Signed-off-by: Kirill Primak <vyivel@eclair.cafe>

86588fbd

by Francesco Guastella at 2023-12-10T14:58:04+00:00

build: define tests in egl/meson.build when the 'tests' option is enabled

Signed-off-by: Francesco Guastella <guastella.francesco@gmail.com>

6626d4d9

by Julian Orth at 2023-12-27T18:02:07+00:00

protocol: wl_subsurface will never be focused

The spec does not describe which actions cause the compositor to assign
keyboard focus to a surface, leaving this up to the compositor.
Compositors differ in their behavior when the user clicks on a
sub-surface. Some will move the keyboard focus to the subsurface whereas
others will only ever assign the keyboard focus to toplevel surfaces.
Some applications (e.g. firefox) seem to require the second behavior.

This patch specifies that sub-surfaces never get the keyboard focus.

Signed-off-by: Julian Orth <ju.orth@gmail.com>

0e139cfb

by Simon Ser at 2024-01-15T14:29:10+01:00

build: add a gen-scanner-test target

This adds a command to re-generate the test data. This needs to be
done when either an XML source file or the scanner's output is
changed.

Signed-off-by: Simon Ser <contact@emersion.fr>

6daa1b87

by Consolatis at 2024-01-19T14:08:16+00:00

cursor: add aliases for cursor name spec

The cursor name spec [1] describes how cursors should be named,
and is widely used. Add aliases so that users can pass these
names to libwayland-cursor without having to add fallbacks for
X11 cursor names.

[1]: https://www.freedesktop.org/wiki/Specifications/cursor-spec/

Signed-off-by: Simon Ser <contact@emersion.fr>

dc1da181

by Simon Ser at 2024-01-19T14:14:15+00:00

protocol: document wl_surface.offset for sub-surfaces

Document that the request is ignored, since this is the behavior
of most compositors.

Signed-off-by: Simon Ser <contact@emersion.fr>

56b9c92b

by Simon Ser at 2024-01-19T14:21:59+00:00

util: use C23 typeof if available

Instead of using the non-standard __typeof__, prefer the standard
typeof operator introduced in C23.

Signed-off-by: Simon Ser <contact@emersion.fr>

647398ea

by Simon Ser at 2024-01-19T14:21:59+00:00

util: use C23 deprecated attribute

Signed-off-by: Simon Ser <contact@emersion.fr>

8072ab0a

by Ben Widawsky at 2024-01-19T14:35:06+00:00

protocol: clarify scale expecations

Since the positivity of zero is debatable, and, in some cases scale was simply
underspecified, clarify the situation.

Signed-off-by: Ben Widawsky <ben@bwidawsk.net>

9e233e31

by Simon Ser at 2024-01-19T15:12:29+00:00

shm: fix resource versions

This was hardcoded to 1 regardless of the version passed to the
callback or the version of the parent resource.

Signed-off-by: Simon Ser <contact@emersion.fr>

f06736a8

by Simon Ser at 2024-01-19T15:12:29+00:00

protocol: add wl_shm.release request

Allows clients to cleanly release wl_shm objects. Useful for clients
using multiple wl_registry objects (e.g. via libraries).

Signed-off-by: Simon Ser <contact@emersion.fr>

fd42f70b

by Simon Ser at 2024-01-19T15:12:29+00:00

shm: implement version 2

This version adds a release request.

Signed-off-by: Simon Ser <contact@emersion.fr>

8c49ee31

by Andreas Cord-Landwehr at 2024-01-19T15:18:23+00:00

Consider pkgconfig sysroot for pkgdatadir

For libs/cflags this is done automatically, but not for manually accessed
variables. This matches what wayland-protocols does.

Signed-off-by: Andreas Cord-Landwehr <cordlandwehr@kde.org>

9867bdb1

by John Lindgren at 2024-01-19T15:25:54+00:00

connection: Small simplification to wl_connection_write()

wl_connection_write() contained an exact copy of the logic in
wl_connection_queue().  Simplify things by just calling
wl_connection_queue() from wl_connection_write().

Signed-off-by: John Lindgren <john@jlindgren.net>

2f17d480

by Erik Chen at 2024-01-19T15:51:33+00:00

connection: Spruce up logging for client errors.

Some code paths that lead to a client error and connection termination
have no associated logging, or insufficient logging. This makes it
difficult to understand what went wrong. This commit adds or supplements
logging for all these code paths.

Signed-off-by: Erik Chen <erikchen@chromium.org>

b42218f7

by Derek Foreman at 2024-01-22T12:34:14+00:00

client: Allow setting names for queues

Allow setting a name for an event queue. The queue is used only for
printing additional debug information.

Debug output can now show the name of the event queue an event is
dispatched from, or the event queue of a proxy when a request is made.

Signed-off-by: Derek Foreman <derek.foreman@collabora.com>

88ece8a4

by Mikhail Gusarov at 2024-01-22T12:37:26+00:00

doc: Improve wording for packed IDs

"is incompatible with the implementation in libwayland" is a common
source of confusion as evidenced by repeated discussions in IRC
channel.

Improve the wording by making clear that
- packing IDs is a protocol requirement
- there are implementations (including libwayland) that enforce it

Signed-off-by: Mikhail Gusarov <dottedmag@dottedmag.net>

8f499bf4

by Kirill Primak at 2024-01-27T15:17:28+00:00

protocol: clarify pending wl_buffer destruction

This matches the current behavior of KWin, Mutter, and Weston.

References: https://gitlab.freedesktop.org/wayland/wayland/-/issues/387
Signed-off-by: Kirill Primak <vyivel@eclair.cafe>

d275bc7f

by Thomas Lukaszewicz at 2024-02-07T09:45:41+00:00

Mitigate UAF crashes due to iteration over freed wl_resources

Currently it is possible to iterate over client-owned resources
during client destruction that have had their associated memory
released.

This can occur when client code calls wl_client_destroy(). The
following sequence illustrates how this may occur.

 1. The server initiates destruction of the connected client via
    call to wl_client_destroy().

 2. Resource destroy listeners / destructors are invoked and
    resource memory is freed one resource at a time [1].

 3. If a listener / destructor for a resource results in a call
    to wl_client_for_each_resource(), the iteration will proceed
    over resources that have been previously freed in step 2,
    resulting in UAFs / crashes.

The issue is that resources remain in the client's object map
even after they have had their memory freed, and are removed
from the map only after each individual resource has had its
memory released.

This patch corrects this by ensuring resource destruction first
invokes listeners / destructors and then removing them from the
client's object map before releasing the associated memory.

[1] https://gitlab.freedesktop.org/wayland/wayland/-/blob/main/src/wayland-server.c?ref_type=heads#L928

Signed-off-by: Thomas Lukaszewicz thomaslukaszewicz@gmail.com

6a7284c6

by Kirill Primak at 2024-02-08T17:18:28+00:00

event-loop: use wl_priv_signal for the destroy signal

Signed-off-by: Kirill Primak <vyivel@eclair.cafe>

9c4213ed

by Sebastian Wick at 2024-02-15T10:53:21+00:00

server: add wl_client_get_user_data/wl_client_set_user_data

The only way to attach some data to a wl_client seems to be setting up a
destroy listener and use wl_container_of. Let's make it straight forward
to attach some data.

Having an explicit destroy callback for the user data makes managing the
user data lifetime much more convenient. All other callbacks, be they
wl_resource request listeners, destroy listeners or destructors, or
wl_client destroy listeners, can assume that the wl_client user data
still exists if it was set. Otherwise making that guarantee would be
complicated.

Co-authored-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Signed-off-by: Sebastian Wick <sebastian@sebastianwick.net>

a74aa933

by Simon Ser at 2024-02-21T09:14:23+00:00

protocol: mention wl_surface events from wl_output.{scale,transform}

The wl_output events should not be used anymore for guessing the
preferred scale and transform of a surface. We have explicit events
for that now.

Signed-off-by: Simon Ser <contact@emersion.fr>

791912c6

by Sébastien Marie at 2024-02-21T15:46:41+00:00

compat: prefer waitpid() over waitid()

while both are defined by POSIX, waitpid() is more common than waitid().

Signed-off-by: Sebastien Marie <semarie@online.fr>

d80bce5f

by Sébastien Marie at 2024-02-21T15:46:41+00:00

build: fix build and provide compat for OpenBSD

- wayland-egl-abi-check: try to use llvm-nm first instead of BSD nm (incompatible options)
- avoid forcing _POSIX_C_SOURCE=200809L (SOCK_CLOEXEC become available)
- epoll(7) is provided by a userspace wrapper around kqueue(2) as FreeBSD
- when using SO_PEERCRED, the struct to use is `struct sockpeercred` instead of `struct ucred` on OpenBSD
- provide a compatibility layer for count_open_fds() using sysctl(2) as FreeBSD

Signed-off-by: Sebastien Marie <semarie@online.fr>

47de8726

by Thomas Lukaszewicz at 2024-02-23T00:40:32+00:00

Mitigate UAF crashes due to wl_client_destroy reentrancy

There are situations in which a call into wl_client_destroy() can
result in a reentrant call into wl_client_destroy() - which
results in UAF / double free crashes.

For example, this can occur in the following scenario.

1. Server receives a message notifying it that a client has
   disconnected (WL_EVENT_HANGUP [1])

2. This beings client destruction with a call to wl_client_destroy()

3. wl_client_destroy() kicks off callbacks as client-associated
   resources are cleaned up and their destructors and destruction
   signals are invoked.

4. These callbacks eventually lead to an explicit call to
   wl_display_flush_clients() as the server attempts to flush
   events to other connected clients.

5. Since the client has already begun destruction, when it is
   reached in the iteration the flush fails wl_client_destroy()
   is called again [2].

This patch guards against this reentrant condition by removing
the client from the display's client list when wl_client_destroy()
is first called. This prevents access / iteration over the client
after wl_client_destroy() is called.

In the example above, wl_display_flush_clients() will pass over
the client currently undergoing destruction and the reentrant
call is avoided.

[1] https://gitlab.freedesktop.org/wayland/wayland/-/blob/8f499bf4045f88f3a4b4b0a445befca467bebe20/src/wayland-server.c#L342

[2] https://gitlab.freedesktop.org/wayland/wayland/-/blob/8f499bf4045f88f3a4b4b0a445befca467bebe20/src/wayland-server.c#L1512

Signed-off-by: Thomas Lukaszewicz [thomaslukaszewicz@gmail.com](mailto:thomaslukaszewicz@gmail.com)

155dd63b

by Simon Ser at 2024-03-06T14:17:48+01:00

Introduce enum wl_arg_type

This is less cryptic to read than letters, and allows the compiler
to check switch statements exhaustiveness.

Signed-off-by: Simon Ser <contact@emersion.fr>

830883e5

by Simon Ser at 2024-03-06T14:18:18+01:00

connection: simplify wl_closure_lookup_objects() loop

Decrease the indentation a bit. No functional change.

Signed-off-by: Simon Ser <contact@emersion.fr>

7a1e7dd5

by Simon Ser at 2024-03-06T14:18:18+01:00

client: simplify create_outgoing_proxy() loop

Decrease the indentation a bit. No functional change.

Signed-off-by: Simon Ser <contact@emersion.fr>

440defbd

by Simon Ser at 2024-03-06T14:18:37+01:00

client: simplify create_proxies() loop

Decrease the indentation a bit. No functional change.

Signed-off-by: Simon Ser <contact@emersion.fr>

44b1c0c7

by Simon Ser at 2024-03-06T19:09:35+01:00

connection: use enum wl_arg_type in wl_message_count_arrays()

Missed it in 155dd63b58b8 ("Introduce enum wl_arg_type").

Signed-off-by: Simon Ser <contact@emersion.fr>

aa2a6d56

by Simon Ser at 2024-03-12T13:04:51+00:00

protocol: document that color channels provide electrical values

Expand the work done in [1] to document that all channels store
electrical values. See the discussion in [2].

[1]: https://gitlab.freedesktop.org/wayland/wayland/-/merge_requests/316
[2]: https://gitlab.freedesktop.org/wayland/wayland/-/merge_requests/250#note_2311377

Signed-off-by: Simon Ser <contact@emersion.fr>

8a7ecd77

by David Benjamin at 2024-03-24T20:00:01-04:00

util: fix undefined behavior in wl_array_for_each

If a wl_array has size zero, wl_array_for_each computes NULL + 0 to get
to the end pointer. This should be fine, and indeed it would be fine in
C++. But the C specification has a mistake here and it is actually
undefined behavior. See
https://davidben.net/2024/01/15/empty-slices.html

Clang's -fsanitize=undefined flags this. I ran into this in Chromium's
build with wayland-scanner on one of our XML files.

../../third_party/wayland/src/src/scanner.c:1853:2: runtime error: applying zero offset to null pointer
    #0 0x55c979b8e02c in emit_code third_party/wayland/src/src/scanner.c:1853:2
    #1 0x55c979b89323 in main third_party/wayland/src/src/scanner.c
    #2 0x7f8dfdb8c6c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #3 0x7f8dfdb8c784 in __libc_start_main csu/../csu/libc-start.c:360:3
    #4 0x55c979b70f39 in _start (...)

An empty XML file is sufficient to hit this case, so I've added it as a
test. To reproduce, undo the fix and include only the test, then build
with:

  CC=clang CFLAGS="-fno-sanitize-recover=undefined" meson build/ -Db_sanitize=undefined -Db_lundef=false
  ninja -C build test

Signed-off-by: David Benjamin <davidben@google.com>

26214840

by Jordan Williams at 2024-03-28T13:13:47+00:00

egl: Disable symbols check for static builds

The symbols check only works for dynamic libraries.
When building statically, the test fails.
This is caused by the check filtering out non-dynamic symbols with nm.
This change skips the check when building only static libraries.

Signed-off-by: Jordan Williams <jordan@jwillikers.com>

fbd74607

by Simon Ser at 2024-03-28T13:21:28+00:00

scanner: add new enum-header mode

This generates a header with only enum definitions. This is useful
to share enum headers between libraries and library users.

Signed-off-by: Simon Ser <contact@emersion.fr>

2e0dbb70

by Simon Ser at 2024-03-28T13:21:28+00:00

tests: add scanner test for enum-header

Signed-off-by: Simon Ser <contact@emersion.fr>

4945f266

by Isaac Freund at 2024-03-28T13:27:54+00:00

wl_touch.cancel: document lack of frame event

This appears to be what at least wlroots-based compositors and kwin do
in practice. However, it's not abundantly clear from the protocol text
what the expected behavior here is. This patch fixes that.

Signed-off-by: Isaac Freund <mail@isaacfreund.com>

36cef865

by Simon Ser at 2024-03-28T17:56:34+01:00

util: convert macros to inline functions

Functionally equivalent except the usual macro footguns are avoided
and type safety is increased.

Signed-off-by: Simon Ser <contact@emersion.fr>

d074d529

by Manuel Stoeckl at 2024-04-08T14:05:32+00:00

connection: Dynamically resize connection buffers

When using fixed size connection buffers, if either the client or the
server is sending requests faster than the other end can cope with, the
connection buffers will fill up, eventually killing the connection.

This can be a problem for example with Xwayland mapping a lot of
windows, faster than the Wayland compositor can cope with, or a
high-rate mouse flooding the Wayland client with pointer events.

To avoid the issue, resize the connection buffers dynamically when they
get full.

Both data and fd buffers are resized on demand.

The default max buffer size is controlled via the wl_display interface
while each client's connection buffer size is adjustable for finer
control.

The purpose is to explicitly have larger connection buffers for specific
clients such as Xwayland, or set a larger buffer size for the client
with pointer focus to deal with a higher input events rate.

v0: Manuel:
   Dynamically resize connection buffers - Both data and fd buffers are
   resized on demand.
v1: Olivier
1. Add support for unbounded buffers on the client side and growable
   (yet limited) connection buffers on the server side.
2. Add the API to set the default maximum size and a limit for a given
   client.
3. Add tests for growable connection buffers and adjustable limits.
v2: Additional fixes by John:
1. Fix the size calculation in ring_buffer_check_space()
2. Fix wl_connection_read() to return gracefully once it has read up to
   the max buffer size, rather than returning an error.
3. If wl_connection_flush() fails with EAGAIN but the transmit
   ring-buffer has space remaining (or can be expanded),
   wl_connection_queue() should store the message rather than
   returning an error.
4. When the receive ring-buffer is at capacity but more data is
   available to be read, wl_connection_read() should attempt to
   expand the ring-buffer in order to read the remaining data.
v3: Thomas Lukaszewicz <tluk@chromium.org>
   Add a test for unbounded buffers
v4: Add a client API as well to force bounded buffers (unbounded
    by default (Olivier)
v5: Simplify ring_buffer_ensure_space() (Sebastian)

Co-authored-by: Olivier Fourdan <ofourdan@redhat.com>
Co-authored-by: John Lindgren <john@jlindgren.net>
Co-authored-by: Sebastian Wick <sebastian@sebastianwick.net>
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Signed-off-by: John Lindgren <john@jlindgren.net>
Signed-off-by: Sebastian Wick <sebastian@sebastianwick.net>
Closes: https://gitlab.freedesktop.org/wayland/wayland/-/issues/237

ad4ed173

by Simon Ser at 2024-04-09T00:48:18+00:00

ci: bump Meson version to 0.57

Signed-off-by: Simon Ser <contact@emersion.fr>

e7df1f2a

by Simon Ser at 2024-04-09T00:48:18+00:00

build: bump minimum Meson version to 0.57

Fixes the following warning:

    tests/meson.build:91: WARNING: Project targets '>= 0.56.0' but uses feature introduced in '0.57.0': env arg in run_target.

Signed-off-by: Simon Ser <contact@emersion.fr>

37699a98

by Simon Ser at 2024-04-09T00:48:18+00:00

ci: use --fatal-meson-warnings

Turns Meson warnings into errors. Useful to avoid missing warnings.

Signed-off-by: Simon Ser <contact@emersion.fr>

c5d145a6

by Simon Ser at 2024-04-09T00:48:18+00:00

ci: turn on -Dwerror=true for FreeBSD

It was turned on for Linux only.

Signed-off-by: Simon Ser <contact@emersion.fr>

03e30454

by 6t8k at 2024-04-21T19:17:46+02:00

cursor: memfd_create: try MFD_NOEXEC_SEAL

Effective from Linux 6.3 onward, this creates the memfd without execute
permissions and prevents that setting from ever being changed. A
run-time fallback is made to not using MFD_NOEXEC_SEAL when a
libwayland-cursor compiled on Linux >= 6.3 is run on Linux < 6.3.

This is a defense-in-depth security measure and silences a respective
kernel warning; see: https://lwn.net/Articles/918106/

This implementation is adopted from dnkl's `foot` terminal emulator.

Signed-off-by: 6t8k <6t8k@noreply.codeberg.org>

af1dc3ef

by Colin Kinloch at 2024-04-23T08:43:44+00:00

protocol: Undefine wl_display_sync callback data

Signed-off-by: Colin Kinloch <colin.kinloch@collabora.com>

5eeaac6e

by Julian Orth at 2024-04-23T09:08:09+00:00

Clarify behavior of buffer transformations

The new text describes how

- Mutter
- Plasma
- Sway 1.8
- Jay

behave.

Sway 1.9 flipped the behavior of 90 degree and 270 degree
set_buffer_transform requests. [mpv] also changed the behavior of its
vo_wayland_dmabuf backend which makes it only work correctly on sway
1.9.

[mpv]: https://github.com/mpv-player/mpv/pull/12509

It seems that the previous text was open to interpretation or at least
caused some amount of confusion.

Signed-off-by: Julian Orth <ju.orth@gmail.com>

b258d5f3

by Simon Ser at 2024-04-23T09:17:02+00:00

scanner: add validators for enums

Right now compositors need to manually check that enum values sent
by the client are valid. In particular:

- Check that the value sent by the client is not outside of the enum.
- Check that the version of the enum entry is consistent with the
  object version.

Automatically generate validator functions to perform these tasks.

Signed-off-by: Simon Ser <contact@emersion.fr>
Closes: https://gitlab.freedesktop.org/wayland/wayland/-/issues/104

16aee2ec

by Chloé Vulquin at 2024-04-24T12:28:38+02:00

xcursor: catch theme inheritance loops

As of currently, when an xcursor theme depends on itself or another theme
that will eventually depend on it, `xcursor_load_theme` will recurse
infinitely while processing the inherits.

This change introduces a stack-allocated linked list of visited nodes
by name, and skips any already visited nodes in the inherit list.

Side effects:
* Since the linked list is stack-allocated, there is a potential for an
  overflow if there is a very long list of dependencies. If this turns out
  to be a legitimate concern, the linked list is trivial to convert to
  being heap-allocated.
* There is an existing linked list (technically doubly linked list)
  implementation in the wayland codebase. As of currently, the xcursor
  codebase does not refer to it. Consequently, this change writes a
  minimal single linked list implementation to utilize directly.

This changeset fixes #317.

Signed-off-by: Chloé Vulquin <toast@bunkerlabs.net>

ee12e69b

by Simon Ser at 2024-04-24T16:18:28+00:00

Add support for the deprecated-since XML attribute

This marks a request, event or enum entry as deprecated since a
given version.

Note that it's not clear what it means if an entry is deprecated
at some version, and the enum is used from some completely different
interface than where it was defined. However, that's a more general
issue with enums, see:
https://gitlab.freedesktop.org/wayland/wayland/-/issues/435

Signed-off-by: Simon Ser <contact@emersion.fr>
References: https://gitlab.freedesktop.org/wayland/wayland/-/issues/89

da8e1bbc

by Simon Ser at 2024-04-24T16:18:28+00:00

protocol: mark wl_pointer.axis_discrete as deprecated

Since version 8, this event isn't sent anymore.

Signed-off-by: Simon Ser <contact@emersion.fr>

80c65f86

by Simon Ser at 2024-04-24T16:18:28+00:00

tests: add deprecated-since attributes

Add a new event and enum entry to small.xml with a deprecated-since
attribute to exercise the scanner code generation.

Signed-off-by: Simon Ser <contact@emersion.fr>

6e1db539

by Simon Ser at 2024-04-24T16:27:50+00:00

client: fix invalid doc command for WL_MARSHAL_FLAG_DESTROY

Fixes the following warning:

    src/wayland-client-core.h:125: warning: Found non-existing group 'wl_proxy' for the command '@ingroup', ignoring command

"\memberof" cannot be used here because it only works on functions.
The docs for "\memberof" say that "\relates" works in a similar way.

While at it, use a "\" command instead of a "@" command for
consistency with the rest of the file.

Signed-off-by: Simon Ser <contact@emersion.fr>

9069af78

by Sebastian Wick at 2024-04-24T16:32:06+00:00

protocol: define content updates and their internal queue

Multiple protocols use the term content update without a fill
definition. It makes sense to define it in the core protocol so that not
every other protocol has to define it.

This is supposed to retain the current semantics and only changes the
documentation while defining new terms.

Signed-off-by: Sebastian Wick <sebastian.wick@redhat.com>

e60c631f

by Derek Foreman at 2024-04-24T16:40:18+00:00

client: print debug events that have no listener

Currently WAYLAND_DEBUG text ignores events that have no listener.

It can be helpful to know when you're receiving unhandled events,
as you may have forgotten to add a listener, or adding a dispatch
may have magically seemed to fix code that doesn't appear to be
dispatching anything.

Signed-off-by: Derek Foreman <derek.foreman@collabora.com>

69633202

by Simon Ser at 2024-04-25T17:46:07+02:00

build: bump to version 1.22.91 for the alpha release

Signed-off-by: Simon Ser <contact@emersion.fr>

9e4f2569

by Julian Orth at 2024-05-09T14:43:19+00:00

protocol: explicitly describe wl_keyboard state

And the allowed state transitions.

There has been some confusion regarding which state transitions are
allowed. This change should clarify this.

Signed-off-by: Julian Orth <ju.orth@gmail.com>

f8703209

by Simon Ser at 2024-05-09T16:50:40+02:00

build: bump to version 1.22.92 for the beta release

Signed-off-by: Simon Ser <contact@emersion.fr>

17965d99

by Vlad Zahorodnii at 2024-05-16T12:57:42+03:00

server: Clarify fd ownership in wl_client_create()

It's unclear whether one needs to call close() if wl_client_create()
fails. Hopefully this change makes it more clear.

Signed-off-by: Vlad Zahorodnii <vlad.zahorodnii@kde.org>

4bade629

by Simon Ser at 2024-05-22T08:55:03+00:00

server: document wl_display_add_socket_fd() ownership

wl_socket_destroy() will close the socket.

Signed-off-by: Simon Ser <contact@emersion.fr>

0b1626f4

by Simon Ser at 2024-05-23T18:12:41+02:00

build: bump to version 1.22.93 for the RC1 release

Signed-off-by: Simon Ser <contact@emersion.fr>

26c419e0

by Hugo Osvaldo Barrera at 2024-05-29T14:23:38+02:00

protocol: clarify divergence in compositor behaviour

This is intended to only document the current situation. Whether further
behaviour will be defined is out of scope and left for protocol v7.

See: https://gitlab.freedesktop.org/wayland/wayland/-/merge_requests/363
Signed-off-by: Hugo Osvaldo Barrera <hugo@whynothugo.nl>

a156431e

by Simon Ser at 2024-05-30T20:59:51+02:00

build: bump to version 1.23.0 for the official release

Signed-off-by: Simon Ser <contact@emersion.fr>

1d5772b7

by Simon Ser at 2024-05-30T21:07:24+02:00

build: re-open main branch for regular development

Signed-off-by: Simon Ser <contact@emersion.fr>

caaa308c

by Simon Ser at 2024-07-09T18:22:10+02:00

scanner: extract validator function emission to helper function

This function will grow in the next commit.

Signed-off-by: Simon Ser <contact@emersion.fr>

c669d992

by Simon Ser at 2024-07-09T18:22:10+02:00

scanner: fix validator for bitfields

Bitfields are valid if the value only contains bits inside of
the supported entries for the given version.

Signed-off-by: Simon Ser <contact@emersion.fr>

fa1811ce

by Simon Ser at 2024-07-09T18:22:10+02:00

tests: add enum bitfield test

Signed-off-by: Simon Ser <contact@emersion.fr>

0cecde30

by meltq at 2024-07-11T17:44:04+00:00

src: switch asserts to wl_abort

assert()s can be compiled away by #defining NDEBUG. Some build systems
do this. Using wl_abort gives a human readable error message and it
isn't compiled away. This commit closes issue #230.

Signed-off-by: meltq <tejasvipin76@gmail.com>

f6f0a3cd

by Sebastian Wick at 2024-07-26T18:33:28+02:00

client: Handle proxies with no queue

wl_proxy_get_queue can return NULL if the queue of the proxy was already
destroyed with wl_event_queue_destroy. In this case, the queue also has
no name anymore.

Fixes: b42218f ("client: Allow setting names for queues")
Signed-off-by: Sebastian Wick <sebastian.wick@redhat.com>

a6a4e081

by Kirill Primak at 2024-08-09T20:25:11+00:00

Put WL_DEPRECATED in front of the function declarations

This fixes the following clang error when using C23:

../src/wayland-server-core.h:680:41: error: 'deprecated' attribute cannot be applied to types
  680 |                      int32_t stride, uint32_t format) WL_DEPRECATED;
      |                                                       ^
../src/wayland-util.h:52:25: note: expanded from macro 'WL_DEPRECATED'
   52 | #define WL_DEPRECATED [[deprecated]]
      |                         ^

Signed-off-by: Kirill Primak <vyivel@eclair.cafe>

64248963

by Kirill Primak at 2024-08-09T20:29:24+00:00

server: add wl_resource_post_error() docs

Signed-off-by: Kirill Primak <vyivel@eclair.cafe>

65454cf7

by Kirill Primak at 2024-08-09T20:29:24+00:00

server: expose wl_resource_post_error_vargs()

Signed-off-by: Kirill Primak <vyivel@eclair.cafe>

2bbd80c8

by Sebastian Wick at 2024-08-09T20:33:05+00:00

doc: Require strings to be UTF-8

Nothing checks this yet but this gives us the opportunity to do so when
we want.

Signed-off-by: Sebastian Wick <sebastian.wick@redhat.com>

58bb6c72

by Derek Foreman at 2024-08-09T20:38:52+00:00

src: Finish assert() clean-up

>From cleanup commit 0cecde304:
assert()s can be compiled away by #defining NDEBUG. Some build systems
do this. Using wl_abort gives a human readable error message and it
isn't compiled away.

That commit missed one final assert, presumably due to missing it with
grep because of a coding style issue. Fix that up, and remove inclusion
of <assert.h> as appropriate.

Signed-off-by: Derek Foreman <derek.foreman@collabora.com>

efa64805

by Simon Ser at 2024-08-09T20:46:58+00:00

ci: use detached MR pipelines

See the freedesktop wiki [1]. This allows external contributors to
have CI run properly.

[1]: https://gitlab.freedesktop.org/freedesktop/freedesktop/-/wikis/GitLab-CI#for-project-developers

Signed-off-by: Simon Ser <contact@emersion.fr>

5b692b50

by Fangzhou Ge at 2024-08-12T15:49:14-04:00

client: Log the object and methods when marshalling or sending fails

The log that appears before a display_error can be captured as crash
signature. Useful to know what it is.

This is cherry-picked from chromium https://crrev.com/c/4697877

Signed-off-by: Fangzhou Ge <fangzhoug@chromium.org>

0239b082

by Joaquim Monteiro at 2024-08-15T14:13:57+01:00

meson: Fix use of install_data() without specifying install_dir

This was broken (when in a subproject) before Meson 1.3.0, and so
Meson warns against this unless the project targets 1.3.0 or newer.

Signed-off-by: Joaquim Monteiro <joaquim.monteiro@protonmail.com>

6c4a6950

by Demi Marie Obenour at 2024-08-18T17:08:56+00:00

connection: Reject strings containing NUL bytes

libwayland cannot construct these messages as it uses strlen() to
determine string lengths.  libwayland is also guaranteed to misinterpret
these messages, since message handlers only get a pointer and no length.
Therefore, reject strings containing NUL bytes.

Also remove a redundant check from the unmarshalling code.  The
zero-length case has already been checked for.

Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>

2b8f9401

by Simon Ser at 2024-08-24T17:43:43+02:00

scanner: extract validator function emission to helper function

This function will grow in the next commit.

Signed-off-by: Simon Ser <contact@emersion.fr>
(cherry picked from commit caaa308c0d4025928917115c98c75edf7c796cd4)

f72f2aec

by Simon Ser at 2024-08-24T17:43:43+02:00

scanner: fix validator for bitfields

Bitfields are valid if the value only contains bits inside of
the supported entries for the given version.

Signed-off-by: Simon Ser <contact@emersion.fr>
(cherry picked from commit c669d992599d74af2762fbf71a4336af2e311c45)

619d99cb

by Simon Ser at 2024-08-24T17:43:43+02:00

tests: add enum bitfield test

Signed-off-by: Simon Ser <contact@emersion.fr>
(cherry picked from commit fa1811ce3e1475a95aa39e00cfa083797661d651)

c5c418de

by Sebastian Wick at 2024-08-24T17:43:43+02:00

client: Handle proxies with no queue

wl_proxy_get_queue can return NULL if the queue of the proxy was already
destroyed with wl_event_queue_destroy. In this case, the queue also has
no name anymore.

Fixes: b42218f ("client: Allow setting names for queues")
Signed-off-by: Sebastian Wick <sebastian.wick@redhat.com>
(cherry picked from commit f6f0a3cdec1c23c0adfe1deb9c53e8fdbb998ea4)

7e2ec460

by Kirill Primak at 2024-08-24T17:43:43+02:00

Put WL_DEPRECATED in front of the function declarations

This fixes the following clang error when using C23:

../src/wayland-server-core.h:680:41: error: 'deprecated' attribute cannot be applied to types
  680 |                      int32_t stride, uint32_t format) WL_DEPRECATED;
      |                                                       ^
../src/wayland-util.h:52:25: note: expanded from macro 'WL_DEPRECATED'
   52 | #define WL_DEPRECATED [[deprecated]]
      |                         ^

Signed-off-by: Kirill Primak <vyivel@eclair.cafe>
(cherry picked from commit a6a4e081da12140ffe1881d83be0981966ba6daf)

cc34a7a4

by Joaquim Monteiro at 2024-08-24T17:43:43+02:00

meson: Fix use of install_data() without specifying install_dir

This was broken (when in a subproject) before Meson 1.3.0, and so
Meson warns against this unless the project targets 1.3.0 or newer.

Signed-off-by: Joaquim Monteiro <joaquim.monteiro@protonmail.com>
(cherry picked from commit 0239b082b9d312275ce1112b61d795072596ce2d)

a9fec8dd

by Simon Ser at 2024-08-24T17:43:55+02:00

build: bump version to 1.23.1 for the bugfix release

Signed-off-by: Simon Ser <contact@emersion.fr>

7c6259e9

by Julian Orth at 2024-09-10T07:36:48+00:00

protocol: clients should not emulate key-press events on enter

The previous change introducing the logical state caused some confusion.
Clarify that most application should not use the list of pressed keys.

Signed-off-by: Julian Orth <ju.orth@gmail.com>

1b0d45e9

by Andri Yngvason at 2024-09-23T15:23:45+00:00

Add wl_keyboard key repeat events

This allows the compositor to take over the responsibility of repeating
keys.

Signed-off-by: Andri Yngvason <andri@yngvason.is>

38f91fe6

by Simon Ser at 2024-10-05T14:06:51+00:00

protocol: document that wl_surface.offset is role-specific

This request doesn't make sense for all surface roles. For instance,
for maximized/tiled/fullscreen xdg_toplevel, for xdg_popup, for
layer-shell surfaces, etc.

Signed-off-by: Simon Ser <contact@emersion.fr>

f67db75e

by YaoBing Xiao at 2024-10-18T16:49:45+08:00

cursor: add check to ensure wl_shm_create_pool succeeded

Signed-off-by: YaoBing Xiao <xiaoyaobing@uniontech.com>

10df74c2

by Julian Orth at 2024-11-18T09:25:20+00:00

protocol: add wl_fixes interface

This commit describes a new wl_fixes interface that can be used to
destroy wl_registry objects.

Users of libwayland-client should use it as follows:

- call wl_fixes_destroy_registry(registry)
- call wl_registry_destroy(registry)

Users of libwayland-server should, in their implementation of the
request, call wl_resource_destroy(registry).

It should be similar in other protocol implementations.

Signed-off-by: Julian Orth <ju.orth@gmail.com>

4273a5ed

by Demi Marie Obenour at 2024-11-29T19:19:45-05:00

connection: Avoid undefined pointer arithmetic

Creating a pointer that is more than one element past the end of an
array is undefined behavior, even if the pointer is not dereferenced.
Avoid this undefined behavior by using `p >= end` instead of
`p + 1 > end` and `SOMETHING > end - p` instead of
`p + SOMETHING > end`.

Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>

290c36bc

by Demi Marie Obenour at 2024-11-30T11:31:36-05:00

tests: Avoid calling function with wrong type

Calling a function with the wrong type is immediate undefined behavior,
even if the ABI says it should be harmless.  UBSAN picks it up
immediately, and any decent control-flow integrity mechanism will as
well.

Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>

9cb3d7aa

by Demi Marie Obenour at 2024-11-30T16:02:55-05:00

connection: Fix wrong format string

Prevents undefined behavior if there is not enough space in the buffer
for a queued message.

Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>

f246e619

by Haihua Hu at 2025-01-09T09:58:32+09:00

util: reduce error of wl_fixed_from_double()

when cast double to fixed pointer, there will be big
error, eg 1919.9998 to 1919. Call round before cast
to get nearest value 1920 of 1919.9998

Signed-off-by: Haihua Hu <jared.hu@nxp.com>

597a6b94

by Daniel Stone at 2025-01-21T16:43:45+00:00

ci: Update ci-templates

This includes an explicit way to specify the container architecture,
which fixes our rebuilds on ARMv7.

Signed-off-by: Daniel Stone <daniels@collabora.com>

bdba21ec

by Sebastian Wick at 2025-01-22T14:28:50+00:00

server: add const qualifier to function arguments where possible

Makes it possible to e.g. `call wl_client_get_credentials` with a `const
struct wl_client *` from a global filter callback.

Signed-off-by: Sebastian Wick <sebastian.wick@redhat.com>

37469d5c