kosslan/quickshell
1
0
Fork 0
forked from quickshell/quickshell
Code Pull requests Activity

wayland: fix UAF in layershell surface destructor

Browse source
This commit is contained in:
outfoxxed 2024-05-31 00:24:58 -07:00
parent 7feae55ebe
commit 6c9526761c
Signed by: outfoxxed
GPG key ID: 4C88A185FB89301E
3 changed files with 18 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/wayland/wlr_layershell/surface.cpp
View file

@ -7,7 +7,6 @@
#include <private/qwaylandsurface_p.h> #include <private/qwaylandsurface_p.h>
#include <private/qwaylandwindow_p.h> #include <private/qwaylandwindow_p.h>
#include <qlogging.h> #include <qlogging.h>
#include <qpoint.h>
#include <qrect.h> #include <qrect.h>
#include <qsize.h> #include <qsize.h>
#include <qtversionchecks.h> #include <qtversionchecks.h>
@ -18,6 +17,10 @@
#include "shell_integration.hpp" #include "shell_integration.hpp"
#include "window.hpp" #include "window.hpp"
#if QT_VERSION < QT_VERSION_CHECK(6, 7, 0)
#include <qpoint.h>
#endif
// clang-format off // clang-format off
[[nodiscard]] QtWayland::zwlr_layer_shell_v1::layer toWaylandLayer(const WlrLayer::Enum& layer) noexcept; [[nodiscard]] QtWayland::zwlr_layer_shell_v1::layer toWaylandLayer(const WlrLayer::Enum& layer) noexcept;
[[nodiscard]] QtWayland::zwlr_layer_surface_v1::anchor toWaylandAnchors(const Anchors& anchors) noexcept; [[nodiscard]] QtWayland::zwlr_layer_surface_v1::anchor toWaylandAnchors(const Anchors& anchors) noexcept;
@ -72,7 +75,10 @@ QSWaylandLayerSurface::QSWaylandLayerSurface(
} }
QSWaylandLayerSurface::~QSWaylandLayerSurface() { QSWaylandLayerSurface::~QSWaylandLayerSurface() {
if (this->ext != nullptr) {
this->ext->surface = nullptr; this->ext->surface = nullptr;
}
this->destroy(); this->destroy();
} }
@ -106,6 +112,7 @@ void QSWaylandLayerSurface::applyConfigure() {
} }
void QSWaylandLayerSurface::setWindowGeometry(const QRect& geometry) { void QSWaylandLayerSurface::setWindowGeometry(const QRect& geometry) {
if (this->ext == nullptr) return;
auto size = constrainedSize(this->ext->mAnchors, geometry.size()); auto size = constrainedSize(this->ext->mAnchors, geometry.size());
this->set_size(size.width(), size.height()); this->set_size(size.width(), size.height());
} }

6
src/wayland/wlr_layershell/window.cpp
View file

@ -13,6 +13,12 @@
#include "shell_integration.hpp" #include "shell_integration.hpp"
#include "surface.hpp" #include "surface.hpp"
LayershellWindowExtension::~LayershellWindowExtension() {
if (this->surface != nullptr) {
this->surface->ext = nullptr;
}
}
LayershellWindowExtension* LayershellWindowExtension::get(QWindow* window) { LayershellWindowExtension* LayershellWindowExtension::get(QWindow* window) {
auto v = window->property("layershell_ext"); auto v = window->property("layershell_ext");

3
src/wayland/wlr_layershell/window.hpp
View file

@ -2,6 +2,7 @@
#include <qobject.h> #include <qobject.h>
#include <qscreen.h> #include <qscreen.h>
#include <qtclasshelpermacros.h>
#include <qtmetamacros.h> #include <qtmetamacros.h>
#include <qtypes.h> #include <qtypes.h>
#include <qwindow.h> #include <qwindow.h>
@ -56,6 +57,8 @@ class LayershellWindowExtension: public QObject {
public: public:
LayershellWindowExtension(QObject* parent = nullptr): QObject(parent) {} LayershellWindowExtension(QObject* parent = nullptr): QObject(parent) {}
~LayershellWindowExtension() override;
Q_DISABLE_COPY_MOVE(LayershellWindowExtension);
// returns the layershell extension if attached, otherwise nullptr // returns the layershell extension if attached, otherwise nullptr
static LayershellWindowExtension* get(QWindow* window); static LayershellWindowExtension* get(QWindow* window);