Title: [230936] trunk/Source
- Revision
- 230936
- Author
- [email protected]
- Date
- 2018-04-23 18:07:06 -0700 (Mon, 23 Apr 2018)
Log Message
[WPE][GTK] Remove WlUniquePtr<wl_display> footgun
https://bugs.webkit.org/show_bug.cgi?id=184405
Reviewed by Carlos Garcia Campos.
Source/WebCore:
WlUniquePtr<wl_display> is a pretty big footgun because there are two different destruction
functions -- wl_display_disconnect() and wl_display_destroy() -- and which one you need to
use depends on how the wl_display() was created, and WebKit uses both in different places.
So WlUniquePtr<wl_display> is pretty unsafe. See bug #176490 for an example of fun caused
by using it incorrectly.
Let's use std::unique_ptr with custom deleter functors instead.
* platform/graphics/wayland/WlUniquePtr.h:
Source/WebKit:
Switch to std::unique_ptr.
* UIProcess/gtk/WaylandCompositor.cpp:
(WebKit::WaylandCompositor::WaylandCompositor):
* UIProcess/gtk/WaylandCompositor.h:
(WebKit::WaylandCompositor::DisplayDeleter::operator()):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (230935 => 230936)
--- trunk/Source/WebCore/ChangeLog 2018-04-24 00:37:42 UTC (rev 230935)
+++ trunk/Source/WebCore/ChangeLog 2018-04-24 01:07:06 UTC (rev 230936)
@@ -1,3 +1,20 @@
+2018-04-23 Michael Catanzaro <[email protected]>
+
+ [WPE][GTK] Remove WlUniquePtr<wl_display> footgun
+ https://bugs.webkit.org/show_bug.cgi?id=184405
+
+ Reviewed by Carlos Garcia Campos.
+
+ WlUniquePtr<wl_display> is a pretty big footgun because there are two different destruction
+ functions -- wl_display_disconnect() and wl_display_destroy() -- and which one you need to
+ use depends on how the wl_display() was created, and WebKit uses both in different places.
+ So WlUniquePtr<wl_display> is pretty unsafe. See bug #176490 for an example of fun caused
+ by using it incorrectly.
+
+ Let's use std::unique_ptr with custom deleter functors instead.
+
+ * platform/graphics/wayland/WlUniquePtr.h:
+
2018-04-23 Commit Queue <[email protected]>
Unreviewed, rolling out r230921, r230923, r230924, r230932,
Modified: trunk/Source/WebCore/platform/graphics/wayland/WlUniquePtr.h (230935 => 230936)
--- trunk/Source/WebCore/platform/graphics/wayland/WlUniquePtr.h 2018-04-24 00:37:42 UTC (rev 230935)
+++ trunk/Source/WebCore/platform/graphics/wayland/WlUniquePtr.h 2018-04-24 01:07:06 UTC (rev 230936)
@@ -38,8 +38,11 @@
template<typename T>
using WlUniquePtr = std::unique_ptr<T, WlPtrDeleter<T>>;
+// wl_display is omitted because there are two different destruction functions,
+// wl_display_disconnect() for the client process API and wl_display_destroy()
+// for the server process API. WebKit uses both, so specializing a deleter here
+// would be a footgun.
#define FOR_EACH_WAYLAND_DELETER(macro) \
- macro(struct wl_display, wl_display_destroy) \
macro(struct wl_global, wl_global_destroy) \
macro(struct wl_surface, wl_surface_destroy) \
macro(struct wl_compositor, wl_compositor_destroy) \
Modified: trunk/Source/WebKit/ChangeLog (230935 => 230936)
--- trunk/Source/WebKit/ChangeLog 2018-04-24 00:37:42 UTC (rev 230935)
+++ trunk/Source/WebKit/ChangeLog 2018-04-24 01:07:06 UTC (rev 230936)
@@ -1,3 +1,17 @@
+2018-04-23 Michael Catanzaro <[email protected]>
+
+ [WPE][GTK] Remove WlUniquePtr<wl_display> footgun
+ https://bugs.webkit.org/show_bug.cgi?id=184405
+
+ Reviewed by Carlos Garcia Campos.
+
+ Switch to std::unique_ptr.
+
+ * UIProcess/gtk/WaylandCompositor.cpp:
+ (WebKit::WaylandCompositor::WaylandCompositor):
+ * UIProcess/gtk/WaylandCompositor.h:
+ (WebKit::WaylandCompositor::DisplayDeleter::operator()):
+
2018-04-23 Commit Queue <[email protected]>
Unreviewed, rolling out r230921, r230923, r230924, r230932,
Modified: trunk/Source/WebKit/UIProcess/gtk/WaylandCompositor.cpp (230935 => 230936)
--- trunk/Source/WebKit/UIProcess/gtk/WaylandCompositor.cpp 2018-04-24 00:37:42 UTC (rev 230935)
+++ trunk/Source/WebKit/UIProcess/gtk/WaylandCompositor.cpp 2018-04-24 01:07:06 UTC (rev 230936)
@@ -476,7 +476,7 @@
WaylandCompositor::WaylandCompositor()
{
- WlUniquePtr<struct wl_display> display(wl_display_create());
+ std::unique_ptr<struct wl_display, DisplayDeleter> display(wl_display_create());
if (!display) {
WTFLogAlways("Nested Wayland compositor could not create display object");
return;
Modified: trunk/Source/WebKit/UIProcess/gtk/WaylandCompositor.h (230935 => 230936)
--- trunk/Source/WebKit/UIProcess/gtk/WaylandCompositor.h 2018-04-24 00:37:42 UTC (rev 230935)
+++ trunk/Source/WebKit/UIProcess/gtk/WaylandCompositor.h 2018-04-24 01:07:06 UTC (rev 230936)
@@ -31,6 +31,7 @@
#include <WebCore/RefPtrCairo.h>
#include <WebCore/WlUniquePtr.h>
#include <gtk/gtk.h>
+#include <wayland-server.h>
#include <wtf/HashMap.h>
#include <wtf/NeverDestroyed.h>
#include <wtf/Noncopyable.h>
@@ -123,7 +124,12 @@
bool initializeEGL();
String m_displayName;
- WebCore::WlUniquePtr<struct wl_display> m_display;
+
+ struct DisplayDeleter {
+ void operator() (struct wl_display* display) { wl_display_destroy(display); }
+ };
+ std::unique_ptr<struct wl_display, DisplayDeleter> m_display;
+
WebCore::WlUniquePtr<struct wl_global> m_compositorGlobal;
WebCore::WlUniquePtr<struct wl_global> m_webkitgtkGlobal;
GRefPtr<GSource> m_eventSource;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
