Prevent access of freed workspace in _workspace_show
The bug triggers when _workspace_show calls tree_close_internal and old == old_focus. Ie, when the old workspace was empty and needs to be closed but then is accessed as output_push_sticky_windows's argument: Breakpoint 1, output_push_sticky_windows (to_focus=0x55555589c8a0) at ../../i3/src/output.c:102 102 con_move_to_workspace(current, visible_ws, true, false, current != to_focus->parent); (gdb) print con_exists(to_focus) $1 = false The access violation can also be prevented by checking if con_exists(old_focus) but it shouldn't be necessary: the old_focus container can only be killed when it is an empty workspace. With --enable-sanitizers this causes i3 to exit but with --disable-sanitizers the access violation doesn't reliably cause a crash and the con_move_to_workspace call continues with: (gdb) print current != to_focus->parent $2 = 1 Since current->type is CT_FLOATING_CON and to_focus->type is CT_WORKSPACE, in this specific case ignore_focus would always be true. So, in this case, passing NULL instead of old_focus to output_push_sticky_windows doesn't change the behaviour of i3. Fixes #3075.
This commit is contained in:
parent
9d2d602d60
commit
d134745c4f
|
@ -99,7 +99,8 @@ void output_push_sticky_windows(Con *to_focus) {
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (con_is_sticky(current)) {
|
if (con_is_sticky(current)) {
|
||||||
con_move_to_workspace(current, visible_ws, true, false, current != to_focus->parent);
|
bool ignore_focus = (to_focus == NULL) || (current != to_focus->parent);
|
||||||
|
con_move_to_workspace(current, visible_ws, true, false, ignore_focus);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -459,6 +459,11 @@ static void _workspace_show(Con *workspace) {
|
||||||
|
|
||||||
y(free);
|
y(free);
|
||||||
|
|
||||||
|
/* Avoid calling output_push_sticky_windows later with a freed container. */
|
||||||
|
if (old == old_focus) {
|
||||||
|
old_focus = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
ewmh_update_number_of_desktops();
|
ewmh_update_number_of_desktops();
|
||||||
ewmh_update_desktop_names();
|
ewmh_update_desktop_names();
|
||||||
ewmh_update_desktop_viewport();
|
ewmh_update_desktop_viewport();
|
||||||
|
|
|
@ -0,0 +1,41 @@
|
||||||
|
#!perl
|
||||||
|
# vim:ts=4:sw=4:expandtab
|
||||||
|
#
|
||||||
|
# Please read the following documents before working on tests:
|
||||||
|
# • https://build.i3wm.org/docs/testsuite.html
|
||||||
|
# (or docs/testsuite)
|
||||||
|
#
|
||||||
|
# • https://build.i3wm.org/docs/lib-i3test.html
|
||||||
|
# (alternatively: perldoc ./testcases/lib/i3test.pm)
|
||||||
|
#
|
||||||
|
# • https://build.i3wm.org/docs/ipc.html
|
||||||
|
# (or docs/ipc)
|
||||||
|
#
|
||||||
|
# • http://onyxneon.com/books/modern_perl/modern_perl_a4.pdf
|
||||||
|
# (unless you are already familiar with Perl)
|
||||||
|
#
|
||||||
|
# Verifies that i3 does not crash when opening a floating sticky on one output
|
||||||
|
# and then switching empty workspaces on the other output.
|
||||||
|
# Ticket: #3075
|
||||||
|
# Bug still in: 4.14-191-g9d2d602d
|
||||||
|
use i3test i3_config => <<EOT;
|
||||||
|
# i3 config file (v4)
|
||||||
|
font -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1
|
||||||
|
fake-outputs 1024x768+0+0,1024x768+1024+0
|
||||||
|
EOT
|
||||||
|
|
||||||
|
# A window on the left output.
|
||||||
|
fresh_workspace(output => 0);
|
||||||
|
open_window;
|
||||||
|
cmd 'sticky enable, floating enable';
|
||||||
|
|
||||||
|
# Switch to the right output and open a new workspace.
|
||||||
|
my $ws = fresh_workspace(output => 1);
|
||||||
|
does_i3_live;
|
||||||
|
|
||||||
|
# Verify results.
|
||||||
|
is(@{get_ws($ws)->{floating_nodes}}, 0, 'workspace in right output is empty');
|
||||||
|
$ws = fresh_workspace(output => 0);
|
||||||
|
is(@{get_ws($ws)->{floating_nodes}}, 1, 'new workspace in left output has the sticky container');
|
||||||
|
|
||||||
|
done_testing;
|
Loading…
Reference in New Issue