search

lbonn / rofi

Rofi: A window switcher, run dialog and dmenu replacement - fork with wayland support
Other
876 stars 35 forks source link

[BUG] Segmentation fault while moving a cursor to another monitor #105

Closed Iamnotagenius closed 6 months ago

Iamnotagenius commented 7 months ago

Rofi version (rofi -v or git commit in case of build issue)

1.7.5+wayland2-154-g36621af0

Configuration

https://gist.github.com/Iamnotagenius/cdabbaa2a1d04c5a98c01b6cda3a119a

Theme

https://gist.github.com/Iamnotagenius/635fda6440e1afa3a4b6649049b64553

Timing report

https://gist.github.com/Iamnotagenius/6e39b45c661e5c6383a43c3e18e6a48a

Launch command

./debug/rofi -show drun -me-select-entry '' -me-accept-entry MousePrimary

Step to reproduce

Expected behavior

It crashes with segmentation fault.

Actual behavior

IT should not crash.

Additional information

I'm using Hyprland and have two-monitor setup. I did some research with gdb and found out the crash happens at

Thread 1 "rofi" received signal SIGSEGV, Segmentation fault.
0x00007ffff78274b3 in ?? () from /usr/lib/libwayland-client.so.0
@(gdb) up
#1  0x00007ffff78276bf in wl_proxy_destroy () from /usr/lib/libwayland-client.so.0
@(gdb)
#2  0x00005555555cabb6 in wl_callback_destroy (wl_callback=0x5555557ffbd0) at /usr/include/wayland-client-protocol.h:1250
1250        wl_proxy_destroy((struct wl_proxy *) wl_callback);
@(gdb)
#3  0x00005555555cc939 in wayland_cursor_frame_callback (data=0x5555555fb880 <wayland_>, callback=0x5555557ffbd0, time=0) at ../source/wayland/display.c:525
525     wl_callback_destroy(wayland->cursor.frame_cb);

Using wayland display server protocol

I've checked if the issue exists in the latest stable release

lbonn commented 6 months ago

@Iamnotagenius Sadly, I could not reproduce it with a quick test on a recent hyprland.

Is this still happening and do you have more details on the hyprland version / setup?

Iamnotagenius commented 6 months ago

I'm on the latest release, 0.34.0:

❯ hyprctl version
Hyprland, built from branch main at commit 03ebbe18ed8517ee22591eac82cd54322f42cb7d  (props: bump ver to 0.34.0).
Date: Mon Jan 1 12:03:15 2024
Tag: 

flags: (if any)

It is still present (I pulled changes and tested on 5bc2f092).

Iamnotagenius commented 6 months ago

Maybe this info would help.

The config part from my hyprland.conf:

monitor = HDMI-A-1,preferred,1440x0,1
monitor = DP-2,preferred,0x208,1

The output of hyprctl monitors:

Monitor DP-2 (ID 0):
    1440x900@59.88700 at 0x208
    description: ViewSonic Corporation VA1932 Series RMG104421085 (DP-2 via HDMI)
    make: ViewSonic Corporation
    model: VA1932 Series
    serial: RMG104421085
    active workspace: 4 (4)
    special workspace: 0 ()
    reserved: 0 24 0 0
    scale: 1.00
    transform: 0
    focused: no
    dpmsStatus: 1
    vrr: 0
    activelyTearing: false

Monitor HDMI-A-1 (ID 1):
    1920x1080@60.00000 at 1440x0
    description: Samsung Electric Company C24F390 HLLMC00801 (HDMI-A-1)
    make: Samsung Electric Company
    model: C24F390
    serial: HLLMC00801
    active workspace: 1 (1)
    special workspace: 0 ()
    reserved: 0 24 0 0
    scale: 1.00
    transform: 0
    focused: yes
    dpmsStatus: 1
    vrr: 0
    activelyTearing: false
alebastr commented 6 months ago

@lbonn you need an animated xcursor theme to reproduce this. wayland->cursor.frame_cb is not cleared after wl_callback_destroy in wayland_pointer_leave, resulting in use-after-free on the next wayland_pointer_enter call. Following patch should fix that.

--- a/source/wayland/display.c
+++ b/source/wayland/display.c
@@ -651,6 +651,7 @@ static void wayland_pointer_leave(void *data, struct wl_pointer *pointer,

   if (wayland->cursor.frame_cb != NULL) {
     wl_callback_destroy(wayland->cursor.frame_cb);
+    wayland->cursor.frame_cb = NULL;
   }
 }

I'll send a PR if I finish cursor-shape-v1 changes today, but feel free to patch it yourself if I don't get it ready in time.

Iamnotagenius commented 6 months ago

Yep, this patch does fix the issue.