Skip to content

heap-use-afte-free in weston_desktop_seat_popup_grab_remove_surface()

Run Weston with drm-backend (I have three monitors), start weston-terminal, right-click on the terminal header, choose "close" from the drop-down menu. Address sanitizer will crash Weston with:

[15:26:59.128] Detected an unmapped surface or view in the layer list, which should not occur.
               Warning: the above message will not be printed again.
=================================================================
==405997==ERROR: AddressSanitizer: heap-use-after-free on address 0x6130000227b8 at pc 0x7f6ee5347207 bp 0x7fffaa211670 sp 0x7fffaa211668
READ of size 8 at 0x6130000227b8 thread T0
child 406012 exited
    #0 0x7f6ee5347206 in weston_desktop_surface_get_surface ../../git/weston/libweston/desktop/surface.c:603
    #1 0x7f6ee533fd88 in weston_desktop_seat_popup_grab_end ../../git/weston/libweston/desktop/seat.c:497
    #2 0x7f6ee5340906 in weston_desktop_seat_popup_grab_remove_surface ../../git/weston/libweston/desktop/seat.c:553
    #3 0x7f6ee534ab90 in weston_desktop_surface_popup_ungrab ../../git/weston/libweston/desktop/surface.c:872
    #4 0x7f6ee53584ff in weston_desktop_xdg_popup_destroy ../../git/weston/libweston/desktop/xdg-shell.c:1104
    #5 0x7f6ee535bfaf in weston_desktop_xdg_surface_destroy ../../git/weston/libweston/desktop/xdg-shell.c:1546
    #6 0x7f6ee5342644 in weston_desktop_surface_destroy ../../git/weston/libweston/desktop/surface.c:162
    #7 0x7f6ee5343c68 in weston_desktop_surface_client_destroyed ../../git/weston/libweston/desktop/surface.c:255
    #8 0x7f6ee533aca4 in wl_signal_emit /home/pq/local/include/wayland-server-core.h:496
    #9 0x7f6ee533af42 in weston_desktop_client_destroy ../../git/weston/libweston/desktop/client.c:60
    #10 0x7f6ee533b326 in weston_desktop_client_handle_destroy ../../git/weston/libweston/desktop/client.c:84
    #11 0x7f6ee68f9e16 in destroy_resource ../../git/wayland/src/wayland-server.c:732
    #12 0x7f6ee68fff2f in for_each_helper ../../git/wayland/src/wayland-util.c:416
    #13 0x7f6ee69004ae in wl_map_for_each ../../git/wayland/src/wayland-util.c:430
    #14 0x7f6ee68fa83f in wl_client_destroy ../../git/wayland/src/wayland-server.c:928
    #15 0x7f6ee68fa944 in destroy_client_with_error ../../git/wayland/src/wayland-server.c:325
    #16 0x7f6ee68fa944 in wl_client_connection_data ../../git/wayland/src/wayland-server.c:454
    #17 0x7f6ee68fd591 in wl_event_loop_dispatch ../../git/wayland/src/event-loop.c:1027
    #18 0x7f6ee68fb2e4 in wl_display_run ../../git/wayland/src/wayland-server.c:1493
    #19 0x7f6ee6166eee in wet_main ../../git/weston/frontend/main.c:4413
    #20 0x55b7519d917d in main ../../git/weston/frontend/executable.c:33
    #21 0x7f6ee58461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #22 0x7f6ee5846284 in __libc_start_main_impl ../csu/libc-start.c:360
    #23 0x55b7519d9090 in _start (/home/pq/local/bin/weston+0x1090)

0x6130000227b8 is located 56 bytes inside of 336-byte region [0x613000022780,0x6130000228d0)
freed by thread T0 here:
    #0 0x7f6ee62b76a8 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
    #1 0x7f6ee5342ea7 in weston_desktop_surface_destroy ../../git/weston/libweston/desktop/surface.c:181
    #2 0x7f6ee5343c68 in weston_desktop_surface_client_destroyed ../../git/weston/libweston/desktop/surface.c:255
    #3 0x7f6ee533aca4 in wl_signal_emit /home/pq/local/include/wayland-server-core.h:496
    #4 0x7f6ee533af42 in weston_desktop_client_destroy ../../git/weston/libweston/desktop/client.c:60
    #5 0x7f6ee533b326 in weston_desktop_client_handle_destroy ../../git/weston/libweston/desktop/client.c:84
    #6 0x7f6ee68f9e16 in destroy_resource ../../git/wayland/src/wayland-server.c:732

previously allocated by thread T0 here:
    #0 0x7f6ee62b83b7 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:77
    #1 0x7f6ee5340f97 in zalloc ../../git/weston/include/libweston/zalloc.h:38
    #2 0x7f6ee5343d49 in weston_desktop_surface_create ../../git/weston/libweston/desktop/surface.c:269
    #3 0x7f6ee535ca5d in weston_desktop_xdg_shell_protocol_get_xdg_surface ../../git/weston/libweston/desktop/xdg-shell.c:1677
    #4 0x7f6ee6046f79  (/lib/x86_64-linux-gnu/libffi.so.8+0x6f79)
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information