Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cairo-dock popup cause wayfire to crash #2381

Closed
ssfdust opened this issue Jun 16, 2024 · 3 comments · Fixed by #2382
Closed

Cairo-dock popup cause wayfire to crash #2381

ssfdust opened this issue Jun 16, 2024 · 3 comments · Fixed by #2382
Labels
Milestone

Comments

@ssfdust
Copy link
Contributor

ssfdust commented Jun 16, 2024

Describe the bug
With the latest cairo-dock installed (from https://github.com/Cairo-Dock/cairo-dock-core), the About and Quick-Hide command from cairo-dock causes wayfire to crash.

It crash in wayland-server function, but when i start from sway, everything works as expected.

To Reproduce
Steps to reproduce the behavior:

  1. Start cairo-dock
  2. Right click the dock, select cairo-dock, then About
  3. wayfire crashes

Expected behavior
wayfire doesn't crash as sway does.

Screenshots or stacktrace
If applicable, add screenshots to help explain your problem.
If it is a crash, attach the backtrace (or the whole log file), Wayfire will print it in the end of the log file or stdout.
Backtrace with address sanitizer enabled (if possible):

=================================================================
==80752==ERROR: AddressSanitizer: heap-use-after-free on address 0x519000183de0 at pc 0x573009f3ea74 bp 0x7ffd3c0ef700 sp 0x7ffd3c0ef6f0
READ of size 8 at 0x519000183de0 thread T0
    #0 0x573009f3ea73 in std::__uniq_ptr_impl<wf::view_interface_t::view_priv_impl, std::default_delete<wf::view_interface_t::view_priv_impl> >::_M_ptr() const /usr/include/c++/14.1.1/bits/unique_ptr.h:193
    #1 0x573009f3ea73 in std::unique_ptr<wf::view_interface_t::view_priv_impl, std::default_delete<wf::view_interface_t::view_priv_impl> >::get() const /usr/include/c++/14.1.1/bits/unique_ptr.h:464
    #2 0x573009f3ea73 in std::unique_ptr<wf::view_interface_t::view_priv_impl, std::default_delete<wf::view_interface_t::view_priv_impl> >::operator->() const /usr/include/c++/14.1.1/bits/unique_ptr.h:457
    #3 0x573009f3ea73 in wayfire_xdg_popup::unmap() ../wayfire-git/src/view/xdg-shell.cpp:204
    #4 0x57300977ddaf in std::function<void (void*)>::operator()(void*) const /usr/include/c++/14.1.1/bits/std_function.h:591
    #5 0x57300977ddaf in wf::wl_listener_wrapper::emit(void*) ../wayfire-git/src/wl-listener-wrapper.tpp:57
    #6 0x7c3d6f5a342d in wl_signal_emit_mutable (/usr/lib/libwayland-server.so.0+0x842d) (BuildId: 915b81a9d6d73724356b2d67e54f4fd5da5249d5)
    #7 0x7c3d6f4fa4e9 in wlr_surface_unmap (/usr/lib/libwlroots.so.12+0x6d4e9) (BuildId: ac47a8a8d10f5eee7d661600608436f9ffa313fb)
    #8 0x7c3d6f4fc9c0  (/usr/lib/libwlroots.so.12+0x6f9c0) (BuildId: ac47a8a8d10f5eee7d661600608436f9ffa313fb)
    #9 0x7c3d6f4fcc8d  (/usr/lib/libwlroots.so.12+0x6fc8d) (BuildId: ac47a8a8d10f5eee7d661600608436f9ffa313fb)
    #10 0x7c3d6f4fce53  (/usr/lib/libwlroots.so.12+0x6fe53) (BuildId: ac47a8a8d10f5eee7d661600608436f9ffa313fb)
    #11 0x7c3d6f5a5af7  (/usr/lib/libwayland-server.so.0+0xaaf7) (BuildId: 915b81a9d6d73724356b2d67e54f4fd5da5249d5)
    #12 0x7c3d6e62a595  (/usr/lib/libffi.so.8+0x7595) (BuildId: eecfa567f01d70c2ca4b60a1f7931e5634e41eea)
    #13 0x7c3d6e62700d  (/usr/lib/libffi.so.8+0x400d) (BuildId: eecfa567f01d70c2ca4b60a1f7931e5634e41eea)
    #14 0x7c3d6e629bd2 in ffi_call (/usr/lib/libffi.so.8+0x6bd2) (BuildId: eecfa567f01d70c2ca4b60a1f7931e5634e41eea)
    #15 0x7c3d6f5a1e44  (/usr/lib/libwayland-server.so.0+0x6e44) (BuildId: 915b81a9d6d73724356b2d67e54f4fd5da5249d5)
    #16 0x7c3d6f5a6c41  (/usr/lib/libwayland-server.so.0+0xbc41) (BuildId: 915b81a9d6d73724356b2d67e54f4fd5da5249d5)
    #17 0x7c3d6f5a50a1 in wl_event_loop_dispatch (/usr/lib/libwayland-server.so.0+0xa0a1) (BuildId: 915b81a9d6d73724356b2d67e54f4fd5da5249d5)
    #18 0x7c3d6f5a710e in wl_display_run (/usr/lib/libwayland-server.so.0+0xc10e) (BuildId: 915b81a9d6d73724356b2d67e54f4fd5da5249d5)
    #19 0x573009723433 in main ../wayfire-git/src/main.cpp:481
    #20 0x7c3d6e655c87  (/usr/lib/libc.so.6+0x25c87) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b)
    #21 0x7c3d6e655d4b in __libc_start_main (/usr/lib/libc.so.6+0x25d4b) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b)
    #22 0x573009728ea4 in _start (/usr/bin/wayfire+0x20b2ea4) (BuildId: 55c0a9aba72a6e5d44f2cb66734fb3617212994d)

0x519000183de0 is located 96 bytes inside of 1080-byte region [0x519000183d80,0x5190001841b8)
freed by thread T0 here:
    #0 0x7c3d6fbc27e2 in operator delete(void*, unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:164
    #1 0x573009bd32e8 in wf::tracking_allocator_t<wf::view_interface_t>::deallocate_object(wf::view_interface_t*) ../wayfire-git/src/api/wayfire/nonstd/tracking-allocator.hpp:70
    #2 0x573009f6266e in void std::__invoke_impl<void, void (wf::tracking_allocator_t<wf::view_interface_t>::*&)(wf::view_interface_t*), wf::tracking_allocator_t<wf::view_interface_t>*&, wayfire_xdg_popup*&>(std::__invoke_memfun_deref, void (wf::tracking_allocator_t<wf::view_interface_t>::*&)(wf::view_interface_t*), wf::tracking_allocator_t<wf::view_interface_t>*&, wayfire_xdg_popup*&) /usr/include/c++/14.1.1/bits/invoke.h:74
    #3 0x573009f6266e in std::__invoke_result<void (wf::tracking_allocator_t<wf::view_interface_t>::*&)(wf::view_interface_t*), wf::tracking_allocator_t<wf::view_interface_t>*&, wayfire_xdg_popup*&>::type std::__invoke<void (wf::tracking_allocator_t<wf::view_interface_t>::*&)(wf::view_interface_t*), wf::tracking_allocator_t<wf::view_interface_t>*&, wayfire_xdg_popup*&>(void (wf::tracking_allocator_t<wf::view_interface_t>::*&)(wf::view_interface_t*), wf::tracking_allocator_t<wf::view_interface_t>*&, wayfire_xdg_popup*&) /usr/include/c++/14.1.1/bits/invoke.h:96
    #4 0x573009f6266e in void std::_Bind<void (wf::tracking_allocator_t<wf::view_interface_t>::*(wf::tracking_allocator_t<wf::view_interface_t>*, std::_Placeholder<1>))(wf::view_interface_t*)>::__call<void, wayfire_xdg_popup*&, 0ul, 1ul>(std::tuple<wayfire_xdg_popup*&>&&, std::_Index_tuple<0ul, 1ul>) /usr/include/c++/14.1.1/functional:513
    #5 0x573009f6266e in void std::_Bind<void (wf::tracking_allocator_t<wf::view_interface_t>::*(wf::tracking_allocator_t<wf::view_interface_t>*, std::_Placeholder<1>))(wf::view_interface_t*)>::operator()<wayfire_xdg_popup*&, void>(wayfire_xdg_popup*&) /usr/include/c++/14.1.1/functional:598
    #6 0x573009f6266e in std::_Sp_counted_deleter<wayfire_xdg_popup*, std::_Bind<void (wf::tracking_allocator_t<wf::view_interface_t>::*(wf::tracking_allocator_t<wf::view_interface_t>*, std::_Placeholder<1>))(wf::view_interface_t*)>, std::allocator<void>, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/include/c++/14.1.1/bits/shared_ptr_base.h:527
    #7 0x573009776264 in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release_last_use() /usr/include/c++/14.1.1/bits/shared_ptr_base.h:175
    #8 0x573009776264 in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release_last_use_cold() /usr/include/c++/14.1.1/bits/shared_ptr_base.h:199
    #9 0x573009f65709 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/include/c++/14.1.1/bits/shared_ptr_base.h:1069
    #10 0x573009f65709 in std::__shared_ptr<wayfire_xdg_popup, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/include/c++/14.1.1/bits/shared_ptr_base.h:1525
    #11 0x573009f65709 in std::shared_ptr<wayfire_xdg_popup>::~shared_ptr() /usr/include/c++/14.1.1/bits/shared_ptr.h:175
    #12 0x573009f65709 in xdg_popup_controller_t::~xdg_popup_controller_t() ../wayfire-git/src/view/xdg-shell.cpp:381
    #13 0x573009f65709 in auto xdg_popup_controller_t::xdg_popup_controller_t(wlr_xdg_popup*)::{lambda(auto:1)#1}::operator()<void*>(void*) const ../wayfire-git/src/view/xdg-shell.cpp:375
    #14 0x573009f65709 in void std::__invoke_impl<void, xdg_popup_controller_t::xdg_popup_controller_t(wlr_xdg_popup*)::{lambda(auto:1)#1}&, void*>(std::__invoke_other, xdg_popup_controller_t::xdg_popup_controller_t(wlr_xdg_popup*)::{lambda(auto:1)#1}&, void*&&) /usr/include/c++/14.1.1/bits/invoke.h:61
    #15 0x573009f65709 in std::enable_if<is_invocable_r_v<void, xdg_popup_controller_t::xdg_popup_controller_t(wlr_xdg_popup*)::{lambda(auto:1)#1}&, void*>, void>::type std::__invoke_r<void, xdg_popup_controller_t::xdg_popup_controller_t(wlr_xdg_popup*)::{lambda(auto:1)#1}&, void*>(xdg_popup_controller_t::xdg_popup_controller_t(wlr_xdg_popup*)::{lambda(auto:1)#1}&, void*&&) /usr/include/c++/14.1.1/bits/invoke.h:111
    #16 0x573009f65709 in std::_Function_handler<void (void*), xdg_popup_controller_t::xdg_popup_controller_t(wlr_xdg_popup*)::{lambda(auto:1)#1}>::_M_invoke(std::_Any_data const&, void*&&) /usr/include/c++/14.1.1/bits/std_function.h:290
    #17 0x57300977ddaf in std::function<void (void*)>::operator()(void*) const /usr/include/c++/14.1.1/bits/std_function.h:591
    #18 0x57300977ddaf in wf::wl_listener_wrapper::emit(void*) ../wayfire-git/src/wl-listener-wrapper.tpp:57
    #19 0x7c3d6f5a342d in wl_signal_emit_mutable (/usr/lib/libwayland-server.so.0+0x842d) (BuildId: 915b81a9d6d73724356b2d67e54f4fd5da5249d5)
    #20 0x7c3d6f4fca0e  (/usr/lib/libwlroots.so.12+0x6fa0e) (BuildId: ac47a8a8d10f5eee7d661600608436f9ffa313fb)

previously allocated by thread T0 here:
    #0 0x7c3d6fbc1682 in operator new(unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:95
    #1 0x573009f737d5 in std::shared_ptr<wayfire_xdg_popup> wf::tracking_allocator_t<wf::view_interface_t>::allocate<wayfire_xdg_popup, wlr_xdg_popup*>(wlr_xdg_popup*) ../wayfire-git/src/api/wayfire/nonstd/tracking-allocator.hpp:43
    #2 0x573009f5e029 in std::shared_ptr<wayfire_xdg_popup> wf::view_interface_t::create<wayfire_xdg_popup, wlr_xdg_popup*>(wlr_xdg_popup*) ../wayfire-git/src/api/wayfire/view.hpp:194
    #3 0x573009f5e029 in wayfire_xdg_popup::create(wlr_xdg_popup*) ../wayfire-git/src/view/xdg-shell.cpp:144
    #4 0x573009f75dc9 in xdg_popup_controller_t::xdg_popup_controller_t(wlr_xdg_popup*) ../wayfire-git/src/view/xdg-shell.cpp:377
    #5 0x573009f5fdfc in create_xdg_popup(wlr_xdg_popup*) ../wayfire-git/src/view/xdg-shell.cpp:393
    #6 0x57300977ddaf in std::function<void (void*)>::operator()(void*) const /usr/include/c++/14.1.1/bits/std_function.h:591
    #7 0x57300977ddaf in wf::wl_listener_wrapper::emit(void*) ../wayfire-git/src/wl-listener-wrapper.tpp:57
    #8 0x7c3d6f5a342d in wl_signal_emit_mutable (/usr/lib/libwayland-server.so.0+0x842d) (BuildId: 915b81a9d6d73724356b2d67e54f4fd5da5249d5)
    #9 0x7c3d6f4f9232  (/usr/lib/libwlroots.so.12+0x6c232) (BuildId: ac47a8a8d10f5eee7d661600608436f9ffa313fb)

SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/c++/14.1.1/bits/unique_ptr.h:193 in std::__uniq_ptr_impl<wf::view_interface_t::view_priv_impl, std::default_delete<wf::view_interface_t::view_priv_impl> >::_M_ptr() const
Shadow bytes around the buggy address:
  0x519000183b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x519000183b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x519000183c00: 00 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa
  0x519000183c80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x519000183d00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x519000183d80: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd
  0x519000183e00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x519000183e80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x519000183f00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x519000183f80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x519000184000: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==80752==ABORTING

Wayfire version
0.9.0-1123ecd8 (Jun 16 2024) branch master

@ssfdust ssfdust added the bug label Jun 16, 2024
@ammen99 ammen99 added this to the 0.9 milestone Jun 17, 2024
@ammen99
Copy link
Member

ammen99 commented Jun 17, 2024

I can reproduce. Interestingly enough there seem to be two separate but related issues. One of them ends with a crash in wlroots, another with a crash in Wayfire.

@ammen99
Copy link
Member

ammen99 commented Jun 18, 2024

Please try #2382

@ssfdust
Copy link
Contributor Author

ssfdust commented Jun 19, 2024

Thanks a lot, it won't crash any more

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants