[kwin] [Bug 358722] ASAN: Use after free

[Martin Gräßlin via KDE Bugzilla]

https://bugs.kde.org/show_bug.cgi?id=358722

Martin Gräßlin  changed:

   What|Removed |Added

  Latest Commit||http://commits.kde.org/kwin
   ||/fbf14306d7677ca9c860e3fcbc
   ||e31f535a0801ab
 Resolution|--- |FIXED
 Status|CONFIRMED   |RESOLVED

--- Comment #5 from Martin Gräßlin  ---
Git commit fbf14306d7677ca9c860e3fcbce31f535a0801ab by Martin Gräßlin.
Committed on 01/02/2016 at 07:31.
Pushed by graesslin into branch 'master'.

Set Workspace::m_compositor to null when Compositor gets destroyed

Fixes regression from 1998d5ac1ad92011505f0e00761ccc618099fa19.
REVIEW: 126925

M  +1-0workspace.cpp

http://commits.kde.org/kwin/fbf14306d7677ca9c860e3fcbce31f535a0801ab

-- 
You are receiving this mail because:
You are watching all bug changes.

[kwin] [Bug 358722] ASAN: Use after free

[Martin Gräßlin via KDE Bugzilla]

https://bugs.kde.org/show_bug.cgi?id=358722

Martin Gräßlin  changed:

   What|Removed |Added

URL||https://git.reviewboard.kde
   ||.org/r/126925/
  Flags||ReviewRequest+

-- 
You are receiving this mail because:
You are watching all bug changes.

[kwin] [Bug 358722] ASAN: Use after free

[Thomas Lübking via KDE Bugzilla]

https://bugs.kde.org/show_bug.cgi?id=358722

Thomas Lübking  changed:

   What|Removed |Added

 Status|UNCONFIRMED |CONFIRMED
 Ever confirmed|0   |1

--- Comment #4 from Thomas Lübking  ---
Workspace holds a pointer pointing Compositor::self() which is nuked by
Application::destroyCompositor() (so m_compositor in workspace now dangles)

This was previously prevented by noop'ing destroyCompositor() as long as there
was Workspace::self() and boke with

commit 1998d5ac1ad92011505f0e00761ccc618099fa19
Date:   Tue Nov 10 08:52:40 2015 +0100

[wayland] Improve tear-down to not crash if X11 applications are still
around

We need to destroy the compositor after Xwayland terminated and after
the internal Wayland connection is destroyed. This means when destroying
the Workspace we may no longer destroy the Compositor at the same time.
Also we need to ensure that other tear down functionality doesn't call
into the no longer existing internal client connection.

With this change kwin doesn't crash when exiting with Wayland and/or
X11 windows still open.


...
 void Application::destroyCompositor()
 {
-if (Workspace::self()) {
-// compositor is destroyed together with Workspace
-return;
-}
 delete Compositor::self();
 }
...

-- 
You are receiving this mail because:
You are watching all bug changes.

[kwin] [Bug 358722] ASAN: Use after free

[Kevin Funk via KDE Bugzilla]

https://bugs.kde.org/show_bug.cgi?id=358722

--- Comment #2 from Kevin Funk  ---
0x6121a0b8 is located 248 bytes inside of 264-byte region
[0x61219fc0,0x6121a0c8)
freed by thread T0 here:
#0 0x4dcee2 in operator delete(void*)
(/home/kfunk/devel/install/kf5/bin/kwin_x11+0x4dcee2)
#1 0x7f24ba715a50 in KWin::Compositor::~Compositor()
/home/kfunk/devel/src/kf5/kwin/composite.cpp:150:1

Yes :)

-- 
You are receiving this mail because:
You are watching all bug changes.

[kwin] [Bug 358722] ASAN: Use after free

[Kevin Funk via KDE Bugzilla]

https://bugs.kde.org/show_bug.cgi?id=358722

Kevin Funk  changed:

   What|Removed |Added

 CC||kf...@kde.org
   Severity|normal  |crash

-- 
You are receiving this mail because:
You are watching all bug changes.