From 8d6e14c991346a70830cd9788e213d77191aba6e Mon Sep 17 00:00:00 2001 From: Pekka Paalanen Date: Thu, 22 Feb 2018 16:54:17 +0200 Subject: [PATCH] compositor-wayland: handle wl_keyboard.enter(NULL) Destroying an output (wl_surface) can race against the parent compositor sending wl_keyboard.enter. When this race is lost, wayland-backend receives wl_keyboard.enter with a NULL wl_surface for the surface it just destroyed. Handle this case by ignoring such enter events. Since it is theoretically possible to follow enter with key events, drop those too. The modifiers event is sent before enter, so we cannot drop that on the same condition. wl_keyboard.leave handler seems to already handle the NULL focus case, but there is a question if the notify_keyboard_focus_out() call should be avoided. This patch fixes a hard to reproduce crash. I was running weston/x11 with two outputs, and weston/wayland --sprawl inside that, then closing the parent compositor windows one by one. Sometimes it would trigger this crash. Signed-off-by: Pekka Paalanen Reviewed-by: Daniel Stone --- libweston/compositor-wayland.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libweston/compositor-wayland.c b/libweston/compositor-wayland.c index c6b92611..9c401d2e 100644 --- a/libweston/compositor-wayland.c +++ b/libweston/compositor-wayland.c @@ -1858,6 +1858,11 @@ input_handle_keyboard_enter(void *data, weston_output_schedule_repaint(&focus->base); } + if (!surface) { + input->keyboard_focus = NULL; + return; + } + input->keyboard_focus = wl_surface_get_user_data(surface); input->keyboard_focus->keyboard_count++; @@ -1907,6 +1912,9 @@ input_handle_key(void *data, struct wl_keyboard *keyboard, struct wayland_input *input = data; struct timespec ts; + if (!input->keyboard_focus) + return; + timespec_from_msec(&ts, time); input->key_serial = serial;