sway

i3-compatible Wayland compositor
git clone https://git.awy.one/sway
Log | Files | Refs | README | LICENSE
commit f11c5d562e3507a5e8b21491d61a6e43e81e43ad
parent 1267e47de913d2cda2644ad89bba4e9c55842cd3
Author: Simon Ser <contact@emersion.fr>
Date:   Fri, 12 Apr 2024 18:42:50 +0200

config/output: fix NULL derefs in store_output_config()

    ../sway/config/output.c:33:21: runtime error: member access within null pointer of type 'struct sway_output'
    AddressSanitizer:DEADLYSIGNAL
    =================================================================
    ==7856==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000080 (pc 0x63da8558205c bp 0x7ffdc35881a0 sp 0x7ffdc3588160 T0)
    ==7856==The signal is caused by a READ memory access.
    ==7856==Hint: address points to the zero page.
        #0 0x63da8558205c in output_get_identifier ../sway/config/output.c:33
        #1 0x63da855865c3 in store_output_config ../sway/config/output.c:220
        #2 0x63da855d4066 in cmd_output ../sway/commands/output.c:106
        #3 0x63da8547f2e3 in config_command ../sway/commands.c:425
        #4 0x63da8548f3fc in read_config ../sway/config.c:822
        #5 0x63da8548a224 in load_config ../sway/config.c:435
        #6 0x63da8548b065 in load_main_config ../sway/config.c:507
        #7 0x63da854bee8d in main ../sway/main.c:351
        #8 0x77e2ea643ccf  (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
        #9 0x77e2ea643d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
        #10 0x63da8547ad64 in _start (/home/simon/src/sway/build/sway/sway+0x372d64) (BuildId: 3fa2e8838c1c32713b40aec6b1e84bbe4db5bde8)

Fixes: 1267e47de913 ("config/output: Refactor handling of tiered configs")

Diffstat:

Msway/config/output.c | 7+++++--


1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/sway/config/output.c b/sway/config/output.c
@@ -217,7 +217,10 @@ void store_output_config(struct output_config *oc) {
 	}
 
 	char id[128];
-	output_get_identifier(id, sizeof(id), output);
+	if (output) {
+		output_get_identifier(id, sizeof(id), output);
+	}
+
 	for (int i = 0; i < config->output_configs->length; i++) {
 		struct output_config *old = config->output_configs->items[i];
 
@@ -240,7 +243,7 @@ void store_output_config(struct output_config *oc) {
 
 		// If the new config matches an output's name, and the old config
 		// matches on that output's identifier, supersede it.
-		if (strcmp(old->name, id) == 0 &&
+		if (output && strcmp(old->name, id) == 0 &&
 				strcmp(oc->name, output->wlr_output->name) == 0) {
 			supersede_output_config(old, oc);
 		}