search

jordansissel / xdotool

fake keyboard/mouse input, window management, and more
Other
3.26k stars 319 forks source link

Crash of `xdotool search ... behave %@ focus getactivewindow` #194

Open fidergo-stephane-gourichon opened 7 years ago

fidergo-stephane-gourichon commented 7 years ago

Context

This command:

xdotool search --onlyvisible --class . behave %@ focus getactivewindow

Expected

Outputs ID of newly focused window any time focus changes.

Observed

Crashes with:

XGetWindowProperty[_NET_ACTIVE_WINDOW] failed (code=1)
xdo_get_active_window reported an error
Command failed.
XGetWindowProperty[_NET_ACTIVE_WINDOW] failed (code=1)
xdo_get_active_window reported an error
Command failed.
75497682
*** Error in `xdotool': double free or corruption (out): 0x00007ffc3e5b65c0 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7f01da31c7e5]
/lib/x86_64-linux-gnu/libc.so.6(+0x8037a)[0x7f01da32537a]
/lib/x86_64-linux-gnu/libc.so.6(cfree+0x4c)[0x7f01da32953c]
xdotool[0x402bca]
xdotool[0x407175]
xdotool[0x402fcd]
xdotool[0x408694]
xdotool[0x402fcd]
xdotool[0x4033ab]
xdotool[0x403904]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7f01da2c5830]
xdotool[0x402a09]
======= Memory map: ========
00400000-00410000 r-xp 00000000 08:02 5605                               /usr/bin/xdotool
0060f000-00610000 r--p 0000f000 08:02 5605                               /usr/bin/xdotool
00610000-00612000 rw-p 00010000 08:02 5605                               /usr/bin/xdotool
01c78000-021ba000 rw-p 00000000 00:00 0                                  [heap]
7f01d4000000-7f01d4021000 rw-p 00000000 00:00 0 
7f01d4021000-7f01d8000000 ---p 00000000 00:00 0 
7f01d8de8000-7f01d8dfe000 r-xp 00000000 08:02 266635                     /lib/x86_64-linux-gnu/libgcc_s.so.1
7f01d8dfe000-7f01d8ffd000 ---p 00016000 08:02 266635                     /lib/x86_64-linux-gnu/libgcc_s.so.1
7f01d8ffd000-7f01d8ffe000 rw-p 00015000 08:02 266635                     /lib/x86_64-linux-gnu/libgcc_s.so.1
7f01d8ffe000-7f01d9003000 r-xp 00000000 08:02 10853                      /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7f01d9003000-7f01d9202000 ---p 00005000 08:02 10853                      /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7f01d9202000-7f01d9203000 r--p 00004000 08:02 10853                      /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7f01d9203000-7f01d9204000 rw-p 00005000 08:02 10853                      /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7f01d9204000-7f01d9206000 r-xp 00000000 08:02 10842                      /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7f01d9206000-7f01d9406000 ---p 00002000 08:02 10842                      /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7f01d9406000-7f01d9407000 r--p 00002000 08:02 10842                      /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7f01d9407000-7f01d9408000 rw-p 00003000 08:02 10842                      /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7f01d9408000-7f01d9419000 r-xp 00000000 08:02 10855                      /usr/lib/x86_64-linux-gnu/libXext.so.6.4.0
7f01d9419000-7f01d9618000 ---p 00011000 08:02 10855                      /usr/lib/x86_64-linux-gnu/libXext.so.6.4.0
7f01d9618000-7f01d9619000 r--p 00010000 08:02 10855                      /usr/lib/x86_64-linux-gnu/libXext.so.6.4.0
7f01d9619000-7f01d961a000 rw-p 00011000 08:02 10855                      /usr/lib/x86_64-linux-gnu/libXext.so.6.4.0
7f01d961a000-7f01d9632000 r-xp 00000000 08:02 272940                     /lib/x86_64-linux-gnu/libpthread-2.23.so
7f01d9632000-7f01d9831000 ---p 00018000 08:02 272940                     /lib/x86_64-linux-gnu/libpthread-2.23.so
7f01d9831000-7f01d9832000 r--p 00017000 08:02 272940                     /lib/x86_64-linux-gnu/libpthread-2.23.so
7f01d9832000-7f01d9833000 rw-p 00018000 08:02 272940                     /lib/x86_64-linux-gnu/libpthread-2.23.so
7f01d9833000-7f01d9837000 rw-p 00000000 00:00 0 
7f01d9837000-7f01d983a000 r-xp 00000000 08:02 273097                     /lib/x86_64-linux-gnu/libdl-2.23.so
7f01d983a000-7f01d9a39000 ---p 00003000 08:02 273097                     /lib/x86_64-linux-gnu/libdl-2.23.so
7f01d9a39000-7f01d9a3a000 r--p 00002000 08:02 273097                     /lib/x86_64-linux-gnu/libdl-2.23.so
7f01d9a3a000-7f01d9a3b000 rw-p 00003000 08:02 273097                     /lib/x86_64-linux-gnu/libdl-2.23.so
7f01d9a3b000-7f01d9a5c000 r-xp 00000000 08:02 12074                      /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7f01d9a5c000-7f01d9c5b000 ---p 00021000 08:02 12074                      /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7f01d9c5b000-7f01d9c5c000 r--p 00020000 08:02 12074                      /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7f01d9c5c000-7f01d9c5d000 rw-p 00021000 08:02 12074                      /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7f01d9c5d000-7f01d9c9a000 r-xp 00000000 08:02 12097                      /usr/lib/x86_64-linux-gnu/libxkbcommon.so.0.0.0
7f01d9c9a000-7f01d9e99000 ---p 0003d000 08:02 12097                      /usr/lib/x86_64-linux-gnu/libxkbcommon.so.0.0.0
7f01d9e99000-7f01d9e9b000 r--p 0003c000 08:02 12097                      /usr/lib/x86_64-linux-gnu/libxkbcommon.so.0.0.0
7f01d9e9b000-7f01d9e9c000 rw-p 0003e000 08:02 12097                      /usr/lib/x86_64-linux-gnu/libxkbcommon.so.0.0.0
7f01d9e9c000-7f01d9e9e000 r-xp 00000000 08:02 10865                      /usr/lib/x86_64-linux-gnu/libXinerama.so.1.0.0
7f01d9e9e000-7f01da09d000 ---p 00002000 08:02 10865                      /usr/lib/x86_64-linux-gnu/libXinerama.so.1.0.0
7f01da09d000-7f01da09e000 r--p 00001000 08:02 10865                      /usr/lib/x86_64-linux-gnu/libXinerama.so.1.0.0
7f01da09e000-7f01da09f000 rw-p 00002000 08:02 10865                      /usr/lib/x86_64-linux-gnu/libXinerama.so.1.0.0
7f01da09f000-7f01da0a4000 r-xp 00000000 08:02 10881                      /usr/lib/x86_64-linux-gnu/libXtst.so.6.1.0
7f01da0a4000-7f01da2a3000 ---p 00005000 08:02 10881                      /usr/lib/x86_64-linux-gnu/libXtst.so.6.1.0
7f01da2a3000-7f01da2a4000 r--p 00004000 08:02 10881                      /usr/lib/x86_64-linux-gnu/libXtst.so.6.1.0
7f01da2a4000-7f01da2a5000 rw-p 00005000 08:02 10881                      /usr/lib/x86_64-linux-gnu/libXtst.so.6.1.0
7f01da2a5000-7f01da465000 r-xp 00000000 08:02 273891                     /lib/x86_64-linux-gnu/libc-2.23.so
7f01da465000-7f01da665000 ---p 001c0000 08:02 273891                     /lib/x86_64-linux-gnu/libc-2.23.so
7f01da665000-7f01da669000 r--p 001c0000 08:02 273891                     /lib/x86_64-linux-gnu/libc-2.23.so
7f01da669000-7f01da66b000 rw-p 001c4000 08:02 273891                     /lib/x86_64-linux-gnu/libc-2.23.so
7f01da66b000-7f01da66f000 rw-p 00000000 00:00 0 
7f01da66f000-7f01da676000 r-xp 00000000 08:02 272950                     /lib/x86_64-linux-gnu/librt-2.23.so
7f01da676000-7f01da875000 ---p 00007000 08:02 272950                     /lib/x86_64-linux-gnu/librt-2.23.so
7f01da875000-7f01da876000 r--p 00006000 08:02 272950                     /lib/x86_64-linux-gnu/librt-2.23.so
7f01da876000-7f01da877000 rw-p 00007000 08:02 272950                     /lib/x86_64-linux-gnu/librt-2.23.so
7f01da877000-7f01da9ac000 r-xp 00000000 08:02 10838                      /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7f01da9ac000-7f01dabac000 ---p 00135000 08:02 10838                      /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7f01dabac000-7f01dabad000 r--p 00135000 08:02 10838                      /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7f01dabad000-7f01dabb1000 rw-p 00136000 08:02 10838                      /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7f01dabb1000-7f01dacb9000 r-xp 00000000 08:02 273395                     /lib/x86_64-linux-gnu/libm-2.23.so
7f01dacb9000-7f01daeb8000 ---p 00108000 08:02 273395                     /lib/x86_64-linux-gnu/libm-2.23.so
7f01daeb8000-7f01daeb9000 r--p 00107000 08:02 273395                     /lib/x86_64-linux-gnu/libm-2.23.so
7f01daeb9000-7f01daeba000 rw-p 00108000 08:02 273395                     /lib/x86_64-linux-gnu/libm-2.23.so
7f01daeba000-7f01daec5000 r-xp 00000000 08:02 5604                       /usr/lib/x86_64-linux-gnu/libxdo.so.3
7f01daec5000-7f01db0c4000 ---p 0000b000 08:02 5604                       /usr/lib/x86_64-linux-gnu/libxdo.so.3
7f01db0c4000-7f01db0c5000 r--p 0000a000 08:02 5604                       /usr/lib/x86_64-linux-gnu/libxdo.so.3
7f01db0c5000-7f01db0c6000 rw-p 0000b000 08:02 5604                       /usr/lib/x86_64-linux-gnu/libxdo.so.3
7f01db0c6000-7f01db0ec000 r-xp 00000000 08:02 272934                     /lib/x86_64-linux-gnu/ld-2.23.so
7f01db2b1000-7f01db2b9000 rw-p 00000000 00:00 0 
7f01db2e8000-7f01db2eb000 rw-p 00000000 00:00 0 
7f01db2eb000-7f01db2ec000 r--p 00025000 08:02 272934                     /lib/x86_64-linux-gnu/ld-2.23.so
7f01db2ec000-7f01db2ed000 rw-p 00026000 08:02 272934                     /lib/x86_64-linux-gnu/ld-2.23.so
7f01db2ed000-7f01db2ee000 rw-p 00000000 00:00 0 
7ffc3e597000-7ffc3e5b9000 rw-p 00000000 00:00 0                          [stack]
7ffc3e5eb000-7ffc3e5ed000 r--p 00000000 00:00 0                          [vvar]
7ffc3e5ed000-7ffc3e5ef000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Abandon (core dumped)

Observed on Ubuntu 16.04 AMD64.

Comparison

Replacing getactivewindow with getwindowpid, it no longer crashes:

xdotool search --onlyvisible --class . behave %@ focus getwindowpid

It outputs duplicate ids but that's another, more minor, issue.

fidergo-stephane-gourichon commented 7 years ago

Gdb stacktrace, compiled from commit 1334329 "Document regular expressions".

(gdb) run
Starting program: .../xdotool search --onlyvisible --class . behave %@ focus getactivewindow

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGABRT, Aborted.
0x00007ffff6feb428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
54  ../sysdeps/unix/sysv/linux/raise.c: Aucun fichier ou dossier de ce type.
(gdb) bt
#0  0x00007ffff6feb428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1  0x00007ffff6fed02a in __GI_abort () at abort.c:89
#2  0x00007ffff702d7ea in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7ffff7146e98 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#3  0x00007ffff703637a in malloc_printerr (ar_ptr=<optimized out>, ptr=<optimized out>, str=0x7ffff7146fa8 "double free or corruption (out)", action=3) at malloc.c:5006
#4  _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3867
#5  0x00007ffff703a53c in __GI___libc_free (mem=<optimized out>) at malloc.c:2968
#6  0x0000000000402c6a in window_save (context=context@entry=0x7fffffffd3b0, window=33594520) at xdotool.c:62
#7  0x0000000000407815 in cmd_getactivewindow (context=0x7fffffffd3b0) at cmd_getactivewindow.c:41
#8  0x000000000040306d in context_execute (context=context@entry=0x7fffffffd3b0) at xdotool.c:587
#9  0x0000000000408d3f in cmd_behave (context=0x7fffffffd550) at cmd_behave.c:145
#10 0x000000000040306d in context_execute (context=context@entry=0x7fffffffd550) at xdotool.c:587
#11 0x0000000000403a7e in args_main (argv=<optimized out>, argc=8) at xdotool.c:560
#12 xdotool_main (argc=9, argv=0x7fffffffd748) at xdotool.c:318
#13 0x00007ffff6fd6830 in __libc_start_main (main=0x402a70 <main>, argc=9, argv=0x7fffffffd748, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffd738) at ../csu/libc-start.c:291
#14 0x0000000000402aa9 in _start ()
(gdb)
bjohas commented 5 years ago

I've got a similar issue (Ubuntu 19.04). Did you manage to fix this?

FascinatedBox commented 3 years ago

I think I have fixed it. Try this:

diff --git a/cmd_behave.c b/cmd_behave.c
index 6ddead0..748acb0 100644
--- a/cmd_behave.c
+++ b/cmd_behave.c
@@ -109,7 +109,10 @@ int cmd_behave(context_t *context) {
     // Copy context
     context_t tmpcontext = *context;

-    tmpcontext.nwindows = 1;
+    /* The appropriate window will be saved with window_save. */
+    tmpcontext.windows = NULL;
+    tmpcontext.nwindows = 0;
+
     Window hover; /* for LeaveNotify */
     switch (e.type) {
       case LeaveNotify:
@@ -132,16 +135,16 @@ int cmd_behave(context_t *context) {

         /* fall through */
       case EnterNotify:
-        tmpcontext.windows = &(e.xcrossing.window);
+        window_save(&tmpcontext, e.xcrossing.window);
         ret = context_execute(&tmpcontext);
         break;
       case FocusIn:
       case FocusOut:
-        tmpcontext.windows = &(e.xfocus.window);
+        window_save(&tmpcontext, e.xfocus.window);
         ret = context_execute(&tmpcontext);
         break;
       case ButtonRelease:
-        tmpcontext.windows = &(e.xbutton.window);
+        window_save(&tmpcontext, e.xbutton.window);
         ret = context_execute(&tmpcontext);
         break;
       default:
Ingvix commented 2 years ago

@FascinatedBox's patch seems to work for me at least.