-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
this fixes some lua-triggerable crashes that happened because e.g. a client_t*
was interpreted as a wibox_t*. Commit messages explain more.
@jd:
No idea if
a) my fixes are correct (more testing needed, I only tested some stuff).
b) I covered all the necessary places (I just grepped for luaA_object_ref).
c) when I started this list I had three bullet points in mind, but I can't
remember the third one. :/
Uli
- --
"Do you know that books smell like nutmeg or some spice from a foreign land?"
-- Faber in Fahrenheit 451
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBCAAGBQJKoPE0AAoJECLkKOvLj8sGQpwH/31zNkiEDB27eDD3L0lyqHE8
CLS15fOEEdSuhb3/JifgsPJ5gmipLeo0U71i+2MJgGuYJKXrw8zNC9l/EN6+9ybW
/elfPS14zwg0eriJQwqYyyQNHWmUFEkkAukI2OFfOUdXhvoL3sfKoz2qoqLXnrCJ
H25Ubr8TAWUXa9MhJFQaztl5oFSusOPL0COOtEiHNc1AMbQ88beUryzq3Nyg8Ktr
bPswWvqvf7PixhFgq+aDcPrwTUVHWTKSBEgEKNLBBXBZ7arBhgDQiMEQtnom+R4k
DS0c7PVRqYr40/WgAa7Ln0GGEL7o0HgCgsUc8l//ZwFMa1gyJJFOh4ZjxFiJuZE=
=thr2
-----END PGP SIGNATURE-----
>From 4ab243d887d764e5632b344dfa85735a631df4b5 Mon Sep 17 00:00:00 2001
From: Uli Schlachter <[email protected]>
Date: Fri, 4 Sep 2009 12:38:06 +0200
Subject: [PATCH 1/2] Add some missing luaA_checkudata() calls
luaA_object_ref_item doesn't check the type of object it returns which resulted
in stuff like this:
wibox.shape_clip = wibox
wibox.shape_bounding = wibox
imagebox.image = imagebox
textbox.bg_image = textbox
All of the above calls would result in a crash (unverified) and all of them
where fixed.
This should fix all places which use luaA_object_ref_item(). The others already
did a proper type check.
Signed-off-by: Uli Schlachter <[email protected]>
---
wibox.c | 2 ++
widgets/imagebox.c | 1 +
widgets/textbox.c | 1 +
3 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/wibox.c b/wibox.c
index a6e9610..3c51f66 100644
--- a/wibox.c
+++ b/wibox.c
@@ -1463,6 +1463,7 @@ luaA_wibox_set_border_width(lua_State *L, wibox_t *wibox)
static int
luaA_wibox_set_shape_bounding(lua_State *L, wibox_t *wibox)
{
+ luaA_checkudata(L, -1, &image_class);
luaA_object_unref_item(L, -3, wibox->shape.bounding);
wibox->shape.bounding = luaA_object_ref_item(L, -3, -1);
wibox->need_shape_update = true;
@@ -1479,6 +1480,7 @@ luaA_wibox_get_shape_bounding(lua_State *L, wibox_t *wibox)
static int
luaA_wibox_set_shape_clip(lua_State *L, wibox_t *wibox)
{
+ luaA_checkudata(L, -1, &image_class);
luaA_object_unref_item(L, -3, wibox->shape.clip);
wibox->shape.clip = luaA_object_ref_item(L, -3, -1);
wibox->need_shape_update = true;
diff --git a/widgets/imagebox.c b/widgets/imagebox.c
index b913282..45a5dad 100644
--- a/widgets/imagebox.c
+++ b/widgets/imagebox.c
@@ -133,6 +133,7 @@ luaA_imagebox_newindex(lua_State *L, awesome_token_t token)
size_t len;
case A_TK_IMAGE:
+ luaA_checkudata(L, 1, &image_class);
luaA_object_unref_item(L, 1, d->image);
d->image = luaA_object_ref_item(L, 1, 3);
break;
diff --git a/widgets/textbox.c b/widgets/textbox.c
index 42a0454..598572c 100644
--- a/widgets/textbox.c
+++ b/widgets/textbox.c
@@ -346,6 +346,7 @@ luaA_textbox_newindex(lua_State *L, awesome_token_t token)
d->bg_resize = luaA_checkboolean(L, 3);
break;
case A_TK_BG_IMAGE:
+ luaA_checkudata(L, 1, &image_class);
luaA_object_unref_item(L, 1, d->bg_image);
d->bg_image = luaA_object_ref_item(L, 1, 3);
break;
--
1.6.3.3
>From d93ab48fed5898fd72153e7c3c2d1f8a21b95bc2 Mon Sep 17 00:00:00 2001
From: Uli Schlachter <[email protected]>
Date: Fri, 4 Sep 2009 12:46:20 +0200
Subject: [PATCH 2/2] Add some missing class type checks
Some functions didn't check the class of objects they were passed but just
casted them to the type they expected. This lead to code like e.g. the following
to crash awesome:
c.titlebar = c
This adds a new function luaA_object_ref_class() which works like
luaA_object_ref(), but which also checks the class of the object.
Additionally, this function is now used in all necessary places.
Signed-off-by: Uli Schlachter <[email protected]>
---
common/luaobject.h | 14 ++++++++++++++
root.c | 2 +-
tag.c | 4 ++--
titlebar.c | 2 +-
wibox.c | 2 +-
5 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/common/luaobject.h b/common/luaobject.h
index 19aca17..056368b 100644
--- a/common/luaobject.h
+++ b/common/luaobject.h
@@ -106,6 +106,20 @@ luaA_object_ref(lua_State *L, int oud)
return p;
}
+/** Reference an object and return a pointer to it checking its type.
+ * That only works with userdata.
+ * \param L The Lua VM state.
+ * \param oud The object index on the stack.
+ * \param class The class of object expected
+ * \return The object reference, or NULL if not referenceable.
+ */
+static inline void *
+luaA_object_ref_class(lua_State *L, int oud, lua_class_t *class)
+{
+ luaA_checkudata(L, oud, class);
+ return luaA_object_ref(L, oud);
+}
+
/** Unreference an object and return a pointer to it.
* That only works with userdata, table, thread or function.
* \param L The Lua VM state.
diff --git a/root.c b/root.c
index b91067a..f9540ef 100644
--- a/root.c
+++ b/root.c
@@ -126,7 +126,7 @@ luaA_root_keys(lua_State *L)
lua_pushnil(L);
while(lua_next(L, 1))
- key_array_append(&globalconf.keys, luaA_object_ref(L, -1));
+ key_array_append(&globalconf.keys, luaA_object_ref_class(L, -1, &key_class));
int nscreen = xcb_setup_roots_length(xcb_get_setup(globalconf.connection));
diff --git a/tag.c b/tag.c
index dfb5365..31357f9 100644
--- a/tag.c
+++ b/tag.c
@@ -127,7 +127,7 @@ tag_append_to_screen(lua_State *L, int udx, screen_t *s)
int phys_screen = screen_virttophys(screen_index);
tag->screen = s;
- tag_array_append(&s->tags, luaA_object_ref(globalconf.L, udx));
+ tag_array_append(&s->tags, luaA_object_ref_class(globalconf.L, udx, &tag_class));
ewmh_update_net_numbers_of_desktop(phys_screen);
ewmh_update_net_desktop_names(phys_screen);
ewmh_update_workarea(phys_screen);
@@ -210,7 +210,7 @@ tag_client_emit_signal(lua_State *L, tag_t *t, client_t *c, const char *signame)
void
tag_client(client_t *c)
{
- tag_t *t = luaA_object_ref(globalconf.L, -1);
+ tag_t *t = luaA_object_ref_class(globalconf.L, -1, &tag_class);
/* don't tag twice */
if(is_client_tagged(c, t))
diff --git a/titlebar.c b/titlebar.c
index 2a36330..9d73efe 100644
--- a/titlebar.c
+++ b/titlebar.c
@@ -224,7 +224,7 @@ void
titlebar_client_attach(client_t *c)
{
/* check if we can register the object */
- wibox_t *t = luaA_object_ref(globalconf.L, -1);
+ wibox_t *t = luaA_object_ref_class(globalconf.L, -1, &wibox_class);
titlebar_client_detach(c);
diff --git a/wibox.c b/wibox.c
index 3c51f66..feb8403 100644
--- a/wibox.c
+++ b/wibox.c
@@ -738,7 +738,7 @@ wibox_attach(lua_State *L, int udx, screen_t *s)
/* duplicate wibox */
lua_pushvalue(L, udx);
/* ref it */
- wibox_t *wibox = luaA_object_ref(globalconf.L, -1);
+ wibox_t *wibox = luaA_object_ref_class(globalconf.L, -1, &wibox_class);
wibox_detach(L, udx);
--
1.6.3.3
