xwayland: Prevent nested iteration over frame callback list (!1086) · Merge requests · xorg / xserver

Michel Dänzer requested to merge daenzer/xserver:xwl_for_each_frame_callback into master Mar 06, 2023

It could happen with the following call path:

frame_callback
 xwl_present_frame_callback
  xwl_present_msc_bump
   xwl_present_execute
    xwl_present_flip
     xwl_window_create_frame_callback

The nested loop called xwl_present_reset_timer, which may end up calling xorg_list_del for the entry after the one frame_callback started the chain for. This resulted in the outer loop never terminating, because its next element wasn't hooked up to the list anymore.

We avoid this by calling xwl_present_reset_timer as needed in frame_callback, and bailing from xwl_window_create_frame_callback if it was called from the former.

We also catch nested calls and FatalError if they ever happen again due to another bug.

Closes: #1442 (closed)

Edited Mar 10, 2023 by Michel Dänzer

Admin message

xwayland: Prevent nested iteration over frame callback list

Merge request reports