1 /*
2 * Copyright © 2012 Intel Corporation
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice (including the
13 * next paragraph) shall be included in all copies or substantial
14 * portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
20 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
21 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE.
24 */
25
26 #include <math.h>
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <stdarg.h>
30 #include <stdint.h>
31 #include <string.h>
32 #include <assert.h>
33 #include <sys/socket.h>
34 #include <unistd.h>
35 #include <errno.h>
36 #include <sys/types.h>
37 #include <sys/stat.h>
38 #include <poll.h>
39
40 #include "wayland-private.h"
41 #include "test-runner.h"
42 #include "test-compositor.h"
43
44 static const char message[] = "Hello, world";
45
46 static struct wl_connection *
setup(int * s)47 setup(int *s)
48 {
49 struct wl_connection *connection;
50
51 assert(socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, s) == 0);
52
53 connection = wl_connection_create(s[0]);
54 assert(connection);
55
56 return connection;
57 }
58
TEST(connection_create)59 TEST(connection_create)
60 {
61 struct wl_connection *connection;
62 int s[2];
63
64 connection = setup(s);
65 wl_connection_destroy(connection);
66 close(s[0]);
67 close(s[1]);
68 }
69
TEST(connection_write)70 TEST(connection_write)
71 {
72 struct wl_connection *connection;
73 int s[2];
74 char buffer[64];
75
76 connection = setup(s);
77
78 assert(wl_connection_write(connection, message, sizeof message) == 0);
79 assert(wl_connection_flush(connection) == sizeof message);
80 assert(read(s[1], buffer, sizeof buffer) == sizeof message);
81 assert(memcmp(message, buffer, sizeof message) == 0);
82
83 wl_connection_destroy(connection);
84 close(s[0]);
85 close(s[1]);
86 }
87
TEST(connection_data)88 TEST(connection_data)
89 {
90 struct wl_connection *connection;
91 int s[2];
92 char buffer[64];
93
94 connection = setup(s);
95
96 assert(write(s[1], message, sizeof message) == sizeof message);
97 assert(wl_connection_read(connection) == sizeof message);
98 wl_connection_copy(connection, buffer, sizeof message);
99 assert(memcmp(message, buffer, sizeof message) == 0);
100 wl_connection_consume(connection, sizeof message);
101
102 wl_connection_destroy(connection);
103 close(s[0]);
104 close(s[1]);
105 }
106
TEST(connection_queue)107 TEST(connection_queue)
108 {
109 struct wl_connection *connection;
110 int s[2];
111 char buffer[64];
112
113 connection = setup(s);
114
115 /* Test that wl_connection_queue() puts data in the output
116 * buffer without flush it. Verify that the data did get in
117 * the buffer by writing another message and making sure that
118 * we receive the two messages on the other fd. */
119
120 assert(wl_connection_queue(connection, message, sizeof message) == 0);
121 assert(wl_connection_flush(connection) == 0);
122 assert(wl_connection_write(connection, message, sizeof message) == 0);
123 assert(wl_connection_flush(connection) == 2 * sizeof message);
124 assert(read(s[1], buffer, sizeof buffer) == 2 * sizeof message);
125 assert(memcmp(message, buffer, sizeof message) == 0);
126 assert(memcmp(message, buffer + sizeof message, sizeof message) == 0);
127
128 wl_connection_destroy(connection);
129 close(s[0]);
130 close(s[1]);
131 }
132
133 static void
va_list_wrapper(const char * signature,union wl_argument * args,int count,...)134 va_list_wrapper(const char *signature, union wl_argument *args, int count, ...)
135 {
136 va_list ap;
137 va_start(ap, count);
138 wl_argument_from_va_list(signature, args, count, ap);
139 va_end(ap);
140 }
141
TEST(argument_from_va_list)142 TEST(argument_from_va_list)
143 {
144 union wl_argument args[WL_CLOSURE_MAX_ARGS];
145 struct wl_object fake_object, fake_new_object;
146 struct wl_array fake_array;
147
148 va_list_wrapper("i", args, 1, 100);
149 assert(args[0].i == 100);
150
151 va_list_wrapper("is", args, 2, 101, "value");
152 assert(args[0].i == 101);
153 assert(strcmp(args[1].s, "value") == 0);
154
155 va_list_wrapper("?iuf?sonah", args, 8,
156 102, 103, wl_fixed_from_int(104), "value",
157 &fake_object, &fake_new_object, &fake_array, 106);
158 assert(args[0].i == 102);
159 assert(args[1].u == 103);
160 assert(args[2].f == wl_fixed_from_int(104));
161 assert(strcmp(args[3].s, "value") == 0);
162 assert(args[4].o == &fake_object);
163 assert(args[5].o == &fake_new_object);
164 assert(args[6].a == &fake_array);
165 assert(args[7].h == 106);
166 }
167
168 struct marshal_data {
169 struct wl_connection *read_connection;
170 struct wl_connection *write_connection;
171 int s[2];
172 uint32_t buffer[10];
173 union {
174 uint32_t u;
175 int32_t i;
176 const char *s;
177 int h;
178 } value;
179 };
180
181 static void
setup_marshal_data(struct marshal_data * data)182 setup_marshal_data(struct marshal_data *data)
183 {
184 assert(socketpair(AF_UNIX,
185 SOCK_STREAM | SOCK_CLOEXEC, 0, data->s) == 0);
186 data->read_connection = wl_connection_create(data->s[0]);
187 assert(data->read_connection);
188 data->write_connection = wl_connection_create(data->s[1]);
189 assert(data->write_connection);
190 }
191
192 static void
release_marshal_data(struct marshal_data * data)193 release_marshal_data(struct marshal_data *data)
194 {
195 close(wl_connection_destroy(data->read_connection));
196 close(wl_connection_destroy(data->write_connection));
197 }
198
199 static void
marshal(struct marshal_data * data,const char * format,int size,...)200 marshal(struct marshal_data *data, const char *format, int size, ...)
201 {
202 struct wl_closure *closure;
203 static const uint32_t opcode = 4444;
204 static struct wl_object sender = { NULL, NULL, 1234 };
205 struct wl_message message = { "test", format, NULL };
206 va_list ap;
207
208 va_start(ap, size);
209 closure = wl_closure_vmarshal(&sender, opcode, ap, &message);
210 va_end(ap);
211
212 assert(closure);
213 assert(wl_closure_send(closure, data->write_connection) == 0);
214 wl_closure_destroy(closure);
215 assert(wl_connection_flush(data->write_connection) == size);
216 assert(read(data->s[0], data->buffer, sizeof data->buffer) == size);
217
218 assert(data->buffer[0] == sender.id);
219 assert(data->buffer[1] == (opcode | (size << 16)));
220 }
221
TEST(connection_marshal)222 TEST(connection_marshal)
223 {
224 struct marshal_data data;
225 struct wl_object object;
226 struct wl_array array;
227 static const char text[] = "curry";
228
229 setup_marshal_data(&data);
230
231 marshal(&data, "i", 12, 42);
232 assert(data.buffer[2] == 42);
233
234 marshal(&data, "u", 12, 55);
235 assert(data.buffer[2] == 55);
236
237 marshal(&data, "s", 20, "frappo");
238 assert(data.buffer[2] == 7);
239 assert(strcmp((char *) &data.buffer[3], "frappo") == 0);
240
241 object.id = 557799;
242 marshal(&data, "o", 12, &object);
243 assert(data.buffer[2] == object.id);
244
245 marshal(&data, "n", 12, &object);
246 assert(data.buffer[2] == object.id);
247
248 marshal(&data, "?n", 12, NULL);
249 assert(data.buffer[2] == 0);
250
251 array.data = (void *) text;
252 array.size = sizeof text;
253 marshal(&data, "a", 20, &array);
254 assert(data.buffer[2] == array.size);
255 assert(memcmp(&data.buffer[3], text, array.size) == 0);
256
257 release_marshal_data(&data);
258 }
259
260 static void
expected_fail_marshal(int expected_error,const char * format,...)261 expected_fail_marshal(int expected_error, const char *format, ...)
262 {
263 struct wl_closure *closure;
264 static const uint32_t opcode = 4444;
265 static const struct wl_interface test_interface = {
266 .name = "test_object"
267 };
268 static struct wl_object sender = { 0 };
269 struct wl_message message = { "test", format, NULL };
270
271 sender.interface = &test_interface;
272 sender.id = 1234;
273 va_list ap;
274
275 va_start(ap, format);
276 closure = wl_closure_vmarshal(&sender, opcode, ap, &message);
277 va_end(ap);
278
279 assert(closure == NULL);
280 assert(errno == expected_error);
281 }
282
283 static void
expected_fail_marshal_send(struct marshal_data * data,int expected_error,const char * format,...)284 expected_fail_marshal_send(struct marshal_data *data, int expected_error,
285 const char *format, ...)
286 {
287 struct wl_closure *closure;
288 static const uint32_t opcode = 4444;
289 static struct wl_object sender = { NULL, NULL, 1234 };
290 struct wl_message message = { "test", format, NULL };
291 va_list ap;
292
293 va_start(ap, format);
294 closure = wl_closure_vmarshal(&sender, opcode, ap, &message);
295 va_end(ap);
296
297 assert(closure);
298 assert(wl_closure_send(closure, data->write_connection) < 0);
299 assert(errno == expected_error);
300
301 wl_closure_destroy(closure);
302 }
303
TEST(connection_marshal_nullables)304 TEST(connection_marshal_nullables)
305 {
306 struct marshal_data data;
307 struct wl_object object;
308 struct wl_array array;
309 const char text[] = "curry";
310
311 setup_marshal_data(&data);
312
313 expected_fail_marshal(EINVAL, "o", NULL);
314 expected_fail_marshal(EINVAL, "s", NULL);
315 expected_fail_marshal(EINVAL, "a", NULL);
316
317 marshal(&data, "?o", 12, NULL);
318 assert(data.buffer[2] == 0);
319
320 marshal(&data, "?a", 12, NULL);
321 assert(data.buffer[2] == 0);
322
323 marshal(&data, "?s", 12, NULL);
324 assert(data.buffer[2] == 0);
325
326 object.id = 55293;
327 marshal(&data, "?o", 12, &object);
328 assert(data.buffer[2] == object.id);
329
330 array.data = (void *) text;
331 array.size = sizeof text;
332 marshal(&data, "?a", 20, &array);
333 assert(data.buffer[2] == array.size);
334 assert(memcmp(&data.buffer[3], text, array.size) == 0);
335
336 marshal(&data, "?s", 20, text);
337 assert(data.buffer[2] == sizeof text);
338 assert(strcmp((char *) &data.buffer[3], text) == 0);
339
340 release_marshal_data(&data);
341 }
342
343 static void
validate_demarshal_u(struct marshal_data * data,struct wl_object * object,uint32_t u)344 validate_demarshal_u(struct marshal_data *data,
345 struct wl_object *object, uint32_t u)
346 {
347 assert(data->value.u == u);
348 }
349
350 static void
validate_demarshal_i(struct marshal_data * data,struct wl_object * object,int32_t i)351 validate_demarshal_i(struct marshal_data *data,
352 struct wl_object *object, int32_t i)
353 {
354 assert(data->value.i == i);
355 }
356
357 static void
validate_demarshal_s(struct marshal_data * data,struct wl_object * object,const char * s)358 validate_demarshal_s(struct marshal_data *data,
359 struct wl_object *object, const char *s)
360 {
361 if (data->value.s != NULL)
362 assert(strcmp(data->value.s, s) == 0);
363 else
364 assert(s == NULL);
365 }
366
367 static void
validate_demarshal_h(struct marshal_data * data,struct wl_object * object,int fd)368 validate_demarshal_h(struct marshal_data *data,
369 struct wl_object *object, int fd)
370 {
371 struct stat buf1, buf2;
372
373 assert(fd != data->value.h);
374 fstat(fd, &buf1);
375 fstat(data->value.h, &buf2);
376 assert(buf1.st_dev == buf2.st_dev);
377 assert(buf1.st_ino == buf2.st_ino);
378 close(fd);
379 close(data->value.h);
380 }
381
382 static void
validate_demarshal_f(struct marshal_data * data,struct wl_object * object,wl_fixed_t f)383 validate_demarshal_f(struct marshal_data *data,
384 struct wl_object *object, wl_fixed_t f)
385 {
386 assert(data->value.i == f);
387 }
388
389 static void
demarshal(struct marshal_data * data,const char * format,uint32_t * msg,void (* func)(void))390 demarshal(struct marshal_data *data, const char *format,
391 uint32_t *msg, void (*func)(void))
392 {
393 struct wl_message message = { "test", format, NULL };
394 struct wl_closure *closure;
395 struct wl_map objects;
396 struct wl_object object = { NULL, &func, 0 };
397 int size = msg[1];
398
399 assert(write(data->s[1], msg, size) == size);
400 assert(wl_connection_read(data->read_connection) == size);
401
402 wl_map_init(&objects, WL_MAP_SERVER_SIDE);
403 object.id = msg[0];
404 closure = wl_connection_demarshal(data->read_connection,
405 size, &objects, &message);
406 assert(closure);
407 wl_closure_invoke(closure, WL_CLOSURE_INVOKE_SERVER, &object, 0, data);
408 wl_closure_destroy(closure);
409 }
410
TEST(connection_demarshal)411 TEST(connection_demarshal)
412 {
413 struct marshal_data data;
414 uint32_t msg[10];
415
416 setup_marshal_data(&data);
417
418 data.value.u = 8000;
419 msg[0] = 400200; /* object id */
420 msg[1] = 12; /* size = 12, opcode = 0 */
421 msg[2] = data.value.u;
422 demarshal(&data, "u", msg, (void *) validate_demarshal_u);
423
424 data.value.i = -557799;
425 msg[0] = 400200;
426 msg[1] = 12;
427 msg[2] = data.value.i;
428 demarshal(&data, "i", msg, (void *) validate_demarshal_i);
429
430 data.value.s = "superdude";
431 msg[0] = 400200;
432 msg[1] = 24;
433 msg[2] = 10;
434 memcpy(&msg[3], data.value.s, msg[2]);
435 demarshal(&data, "s", msg, (void *) validate_demarshal_s);
436
437 data.value.s = "superdude";
438 msg[0] = 400200;
439 msg[1] = 24;
440 msg[2] = 10;
441 memcpy(&msg[3], data.value.s, msg[2]);
442 demarshal(&data, "?s", msg, (void *) validate_demarshal_s);
443
444 data.value.i = wl_fixed_from_double(-90000.2390);
445 msg[0] = 400200;
446 msg[1] = 12;
447 msg[2] = data.value.i;
448 demarshal(&data, "f", msg, (void *) validate_demarshal_f);
449
450 data.value.s = NULL;
451 msg[0] = 400200;
452 msg[1] = 12;
453 msg[2] = 0;
454 demarshal(&data, "?s", msg, (void *) validate_demarshal_s);
455
456 release_marshal_data(&data);
457 }
458
459 static void
marshal_demarshal(struct marshal_data * data,void (* func)(void),int size,const char * format,...)460 marshal_demarshal(struct marshal_data *data,
461 void (*func)(void), int size, const char *format, ...)
462 {
463 struct wl_closure *closure;
464 static const int opcode = 4444;
465 static struct wl_object sender = { NULL, NULL, 1234 };
466 struct wl_message message = { "test", format, NULL };
467 struct wl_map objects;
468 struct wl_object object = { NULL, &func, 0 };
469 va_list ap;
470 uint32_t msg[1] = { 1234 };
471
472 va_start(ap, format);
473 closure = wl_closure_vmarshal(&sender, opcode, ap, &message);
474 va_end(ap);
475
476 assert(closure);
477 assert(wl_closure_send(closure, data->write_connection) == 0);
478 wl_closure_destroy(closure);
479 assert(wl_connection_flush(data->write_connection) == size);
480
481 assert(wl_connection_read(data->read_connection) == size);
482
483 wl_map_init(&objects, WL_MAP_SERVER_SIDE);
484 object.id = msg[0];
485 closure = wl_connection_demarshal(data->read_connection,
486 size, &objects, &message);
487 assert(closure);
488 wl_closure_invoke(closure, WL_CLOSURE_INVOKE_SERVER, &object, 0, data);
489 wl_closure_destroy(closure);
490 }
491
TEST(connection_marshal_demarshal)492 TEST(connection_marshal_demarshal)
493 {
494 struct marshal_data data;
495 char f[] = "/tmp/wayland-tests-XXXXXX";
496
497 setup_marshal_data(&data);
498
499 data.value.u = 889911;
500 marshal_demarshal(&data, (void *) validate_demarshal_u,
501 12, "u", data.value.u);
502
503 data.value.i = -13;
504 marshal_demarshal(&data, (void *) validate_demarshal_i,
505 12, "i", data.value.i);
506
507 data.value.s = "cookie robots";
508 marshal_demarshal(&data, (void *) validate_demarshal_s,
509 28, "s", data.value.s);
510
511 data.value.s = "cookie robots";
512 marshal_demarshal(&data, (void *) validate_demarshal_s,
513 28, "?s", data.value.s);
514
515 data.value.h = mkstemp(f);
516 assert(data.value.h >= 0);
517 unlink(f);
518 marshal_demarshal(&data, (void *) validate_demarshal_h,
519 8, "h", data.value.h);
520
521 data.value.i = wl_fixed_from_double(1234.5678);
522 marshal_demarshal(&data, (void *) validate_demarshal_f,
523 12, "f", data.value.i);
524
525 data.value.i = wl_fixed_from_double(-90000.2390);
526 marshal_demarshal(&data, (void *) validate_demarshal_f,
527 12, "f", data.value.i);
528
529 data.value.i = wl_fixed_from_double((1 << 23) - 1 + 0.0941);
530 marshal_demarshal(&data, (void *) validate_demarshal_f,
531 12, "f", data.value.i);
532
533 release_marshal_data(&data);
534 }
535
536 static void
expected_fail_demarshal(struct marshal_data * data,const char * format,const uint32_t * msg,int expected_error)537 expected_fail_demarshal(struct marshal_data *data, const char *format,
538 const uint32_t *msg, int expected_error)
539 {
540 struct wl_message message = { "test", format, NULL };
541 struct wl_closure *closure;
542 struct wl_map objects;
543 int size = (msg[1] >> 16);
544
545 assert(write(data->s[1], msg, size) == size);
546 assert(wl_connection_read(data->read_connection) == size);
547
548 wl_map_init(&objects, WL_MAP_SERVER_SIDE);
549 closure = wl_connection_demarshal(data->read_connection,
550 size, &objects, &message);
551
552 assert(closure == NULL);
553 assert(errno == expected_error);
554 }
555
556 /* These tests are verifying that the demarshaling code will gracefuly handle
557 * clients lying about string and array lengths and giving values near
558 * UINT32_MAX. Before fixes f7fdface and f5b9e3b9 this test would crash on
559 * 32bit systems.
560 */
TEST(connection_demarshal_failures)561 TEST(connection_demarshal_failures)
562 {
563 struct marshal_data data;
564 unsigned int i;
565 uint32_t msg[3];
566
567 const uint32_t overflowing_values[] = {
568 /* Values very close to UINT32_MAX. Before f5b9e3b9 these
569 * would cause integer overflow in DIV_ROUNDUP. */
570 0xffffffff, 0xfffffffe, 0xfffffffd, 0xfffffffc,
571
572 /* Values at various offsets from UINT32_MAX. Before f7fdface
573 * these would overflow the "p" pointer on 32bit systems,
574 * effectively subtracting the offset from it. It had good
575 * chance to cause crash depending on what was stored at that
576 * offset before "p". */
577 0xfffff000, 0xffffd000, 0xffffc000, 0xffffb000
578 };
579
580 setup_marshal_data(&data);
581
582 /* sender_id, does not matter */
583 msg[0] = 0;
584
585 /* (size << 16 | opcode), opcode is 0, does not matter */
586 msg[1] = sizeof(msg) << 16;
587
588 for (i = 0; i < ARRAY_LENGTH(overflowing_values); i++) {
589 /* length of the string or array */
590 msg[2] = overflowing_values[i];
591
592 expected_fail_demarshal(&data, "s", msg, EINVAL);
593 expected_fail_demarshal(&data, "a", msg, EINVAL);
594 }
595
596 release_marshal_data(&data);
597 }
598
TEST(connection_marshal_alot)599 TEST(connection_marshal_alot)
600 {
601 struct marshal_data data;
602 char f[64];
603 int i;
604
605 setup_marshal_data(&data);
606
607 /* We iterate enough to make sure we wrap the circular buffers
608 * for both regular data an fds. */
609
610 for (i = 0; i < 2000; i++) {
611 strcpy(f, "/tmp/wayland-tests-XXXXXX");
612 data.value.h = mkstemp(f);
613 assert(data.value.h >= 0);
614 unlink(f);
615 marshal_demarshal(&data, (void *) validate_demarshal_h,
616 8, "h", data.value.h);
617 }
618
619 release_marshal_data(&data);
620 }
621
TEST(connection_marshal_too_big)622 TEST(connection_marshal_too_big)
623 {
624 struct marshal_data data;
625 char *big_string = malloc(5000);
626
627 assert(big_string);
628
629 memset(big_string, ' ', 4999);
630 big_string[4999] = '\0';
631
632 setup_marshal_data(&data);
633
634 expected_fail_marshal_send(&data, E2BIG, "s", big_string);
635
636 release_marshal_data(&data);
637 free(big_string);
638 }
639
640 static void
marshal_helper(const char * format,void * handler,...)641 marshal_helper(const char *format, void *handler, ...)
642 {
643 struct wl_closure *closure;
644 static struct wl_object sender = { NULL, NULL, 1234 };
645 struct wl_object object = { NULL, &handler, 0 };
646 static const int opcode = 4444;
647 struct wl_message message = { "test", format, NULL };
648 va_list ap;
649 int done;
650
651 va_start(ap, handler);
652 closure = wl_closure_vmarshal(&sender, opcode, ap, &message);
653 va_end(ap);
654
655 assert(closure);
656 done = 0;
657 wl_closure_invoke(closure, WL_CLOSURE_INVOKE_SERVER, &object, 0, &done);
658 wl_closure_destroy(closure);
659 assert(done);
660 }
661
662 static void
suu_handler(void * data,struct wl_object * object,const char * s,uint32_t u1,uint32_t u2)663 suu_handler(void *data, struct wl_object *object,
664 const char *s, uint32_t u1, uint32_t u2)
665 {
666 int *done = data;
667
668 assert(strcmp(s, "foo") == 0);
669 assert(u1 == 500);
670 assert(u2 == 404040);
671 *done = 1;
672 }
673
TEST(invoke_closure)674 TEST(invoke_closure)
675 {
676 marshal_helper("suu", suu_handler, "foo", 500, 404040);
677 }
678
679 static void
leak_closure(void)680 leak_closure(void)
681 {
682 struct wl_callback *cb;
683 struct pollfd pfd;
684 struct client *c = client_connect();
685
686 cb = wl_display_sync(c->wl_display);
687 assert(cb);
688 assert(wl_display_flush(c->wl_display) > 0);
689
690 /* we don't need it, it is referenced */
691 wl_callback_destroy(cb);
692
693 pfd.fd = wl_display_get_fd(c->wl_display);
694 pfd.events = POLLIN;
695
696 test_set_timeout(2);
697 assert(poll(&pfd, 1, -1) == 1);
698
699 /* read events, but do not dispatch them */
700 assert(wl_display_prepare_read(c->wl_display) == 0);
701 assert(wl_display_read_events(c->wl_display) == 0);
702
703 /*
704 * now we have wl_callback.done and wl_display.delete_id queued;
705 * if we now release the queue (in wl_display_disconnect())
706 * we should not leak memory
707 */
708
709 client_disconnect(c);
710 }
711
TEST(closure_leaks)712 TEST(closure_leaks)
713 {
714 struct display *d = display_create();
715
716 client_create_noarg(d, leak_closure);
717 display_run(d);
718
719 display_destroy(d);
720 }
721
722 static void
leak_after_error(void)723 leak_after_error(void)
724 {
725 struct client *c = client_connect();
726
727 /* this should return -1, because we'll send error
728 * from server. */
729 assert(stop_display(c, 1) == -1);
730 assert(wl_display_dispatch_pending(c->wl_display) == -1);
731 assert(wl_display_get_error(c->wl_display) == ENOMEM);
732
733 /* after we got error, we have display_resume event
734 * in the queue. It should be freed in wl_display_disconnect().
735 * Let's see! */
736
737 wl_proxy_destroy((struct wl_proxy *) c->tc);
738 wl_display_disconnect(c->wl_display);
739 free(c);
740 }
741
TEST(closure_leaks_after_error)742 TEST(closure_leaks_after_error)
743 {
744 struct display *d = display_create();
745 struct client_info *cl;
746
747 cl = client_create_noarg(d, leak_after_error);
748 display_run(d);
749
750 wl_client_post_no_memory(cl->wl_client);
751 display_resume(d);
752
753 display_destroy(d);
754 }
755
756 /** Raw read from socket expecting wl_display.error
757 *
758 * \param sockfd The socket to read from.
759 * \param expected_error The expected wl_display error code.
760 *
761 * Reads the socket and manually parses one message, expecting it to be a
762 * wl_display.error with the wl_display as the originating object.
763 * Asserts that the received error code is expected_error.
764 */
765 static void
expect_error_recv(int sockfd,uint32_t expected_error)766 expect_error_recv(int sockfd, uint32_t expected_error)
767 {
768 uint32_t buf[1024];
769 ssize_t slen;
770 uint32_t opcode;
771 int str_len;
772
773 slen = recv(sockfd, buf, sizeof buf, 0);
774 assert(slen >= 2 * (ssize_t)sizeof (uint32_t));
775 opcode = buf[1] & 0xffff;
776 fprintf(stderr, "Received %zd bytes, object %u, opcode %u\n",
777 slen, buf[0], opcode);
778
779 /* check error event */
780 assert(buf[0] == 1);
781 assert(opcode == WL_DISPLAY_ERROR);
782
783 str_len = buf[4];
784 assert(str_len > 0);
785 assert(str_len <= slen - 5 * (ssize_t)sizeof (uint32_t));
786 fprintf(stderr, "Error event on object %u, code %u, message \"%*s\"\n",
787 buf[2], buf[3], str_len, (const char *)&buf[5]);
788
789 assert(buf[3] == expected_error);
790 }
791
792 /* A test for https://gitlab.freedesktop.org/wayland/wayland/issues/52
793 * trying to provoke a read from uninitialized memory in
794 * wl_connection_demarshal() for sender_id and opcode.
795 *
796 * This test might not fail as is even with #52 unfixed, since there is no way
797 * to detect what happens and the crash with zero size depends on stack content.
798 * However, running under Valgrind would point out invalid reads and use of
799 * uninitialized values.
800 */
TEST(request_bogus_size)801 TEST(request_bogus_size)
802 {
803 struct wl_display *display;
804 struct wl_client *client;
805 int s[2];
806 uint32_t msg[3];
807 int bogus_size;
808
809 test_set_timeout(1);
810
811 /*
812 * The manufactured message has real size 12. Test all bogus sizes
813 * smaller than that, and zero as the last one since wl_closure_init
814 * handles zero specially and having garbage in the stack makes it more
815 * likely to crash in wl_connection_demarshal.
816 */
817 for (bogus_size = 11; bogus_size >= 0; bogus_size--) {
818 fprintf(stderr, "* bogus size %d\n", bogus_size);
819
820 assert(socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, s) == 0);
821 display = wl_display_create();
822 assert(display);
823 client = wl_client_create(display, s[0]);
824 assert(client);
825
826 /* manufacture a request that lies about its size */
827 msg[0] = 1; /* sender id: wl_display */
828 msg[1] = (bogus_size << 16) | WL_DISPLAY_SYNC; /* size and opcode */
829 msg[2] = 2; /* sync argument: new_id for wl_callback */
830
831 assert(send(s[1], msg, sizeof msg, 0) == sizeof msg);
832
833 wl_event_loop_dispatch(wl_display_get_event_loop(display), 0);
834
835 expect_error_recv(s[1], WL_DISPLAY_ERROR_INVALID_METHOD);
836
837 /* Do not wl_client_destroy, the error already caused it. */
838 close(s[1]);
839 wl_display_destroy(display);
840 }
841 }
842