Crash when menu popup open and cursor gets out quickly

[alejor]

I got a consistent crash when open Thunar, open the menu and down some levels and move suddenly the cursor to the rightmost edge of the screen. I got the coredump and also managed to add a simple check on the code.

Core was generated by `sway'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f8a89e9cc62 in xdg_pointer_grab_enter (grab=0x55ecb135dbc8, surface=0x0, sx=0, sy=0)
    at ../types/xdg_shell/wlr_xdg_popup.c:21
21	../types/xdg_shell/wlr_xdg_popup.c: No existe el fichero o el directorio.
[Current thread is 1 (Thread 0x7f8a88f4a940 (LWP 9457))]
(gdb) bt
#0  0x00007f8a89e9cc62 in xdg_pointer_grab_enter (grab=0x55ecb135dbc8, surface=0x0, sx=0, sy=0)
    at ../types/xdg_shell/wlr_xdg_popup.c:21
#1  0x000055ecaf02b16b in handle_pointer_motion
    (seat=0x55ecb0ded2b0, time_msec=4570544, dx=<optimized out>, dy=<optimized out>)
    at ../sway/sway/input/seatop_default.c:463
#2  0x000055ecaf0234b8 in pointer_motion
    (cursor=0x55ecb0ded8d0, time_msec=4570544, device=0x55ecb111de80, dx=50, dy=0, dx_unaccel=25, dy_unaccel=0) at ../sway/sway/input/cursor.c:324
#3  0x000055ecaf02359e in handle_pointer_motion_relative
    (listener=<optimized out>, data=<optimized out>) at ../sway/sway/input/cursor.c:332
#4  0x00007f8a89ebbece in wlr_signal_emit_safe (signal=<optimized out>, data=0x7ffd32aba7d0)
    at ../util/signal.c:27
#5  0x00007f8a89ebbece in wlr_signal_emit_safe (signal=<optimized out>, data=data@entry=0x7ffd32aba7d0)
    at ../util/signal.c:27
#6  0x00007f8a89e844ba in handle_pointer_motion (event=<optimized out>, libinput_dev=<optimized out>)
    at ../backend/libinput/pointer.c:41
#7  0x00007f8a89e8326c in handle_libinput_readable
    (fd=<optimized out>, mask=<optimized out>, _backend=0x55ecb069d250)
    at ../backend/libinput/backend.c:41
#8  0x00007f8a89f09faa in wl_event_loop_dispatch () at /usr/lib/libwayland-server.so.0
#9  0x00007f8a89f084e7 in wl_display_run () at /usr/lib/libwayland-server.so.0
#10 0x000055ecaf00c59d in main (argc=1, argv=0x7ffd32ababe8) at ../sway/sway/main.c:409
(gdb) 

I changed the line 21 to add a simple check
Original line:
if (wl_resource_get_client(surface->resource) == popup_grab->client) {
Change:
if (surface != NULL && wl_resource_get_client(surface->resource) == popup_grab->client) {

With this change, I can not longer reproduce the crash.

[alejor]

https://imgur.com/a/UVfMX5t screen setup just before the crash

[Xyene]

Thanks for tracking this down — this is the same bug as swaywm/sway#5294, introduced in swaywm/sway@091f580. It'd probably be worth opening this as a PR.

[alejor]

Well, I figured out adding that check because on

 #0  0x00007f8a89e9cc62 in xdg_pointer_grab_enter (grab=0x55ecb135dbc8, surface=0x0, sx=0, sy=0)    at ../types/xdg_shell/wlr_xdg_popup.c:21

stated surface = 0x0 so NULL, but the root cause surface is null in this case is unknown to me. I never had been fill a pull request so I'm not sure to propose a PR now. Can you help us with the PR? Thanks for your kind help :)

[Xyene]

There's a bit of a guide over in CONTRIBUTING.md that you can take a look over; it should (hopefully) make things clear. I'm not super familiar with wlroots code so I can't tell you for sure if your fix is correct (whoever reviews the PR can do that :), but conditional on swaywm/sway@091f580 being correct, your fix doesn't look wrong — to me, at least. That commit purposefully sends in a NULL surface down into xdg_pointer_grab_enter.

[alejor]

Thanks Xyene for your guide,

[Xyene]

Going to close this ticket for now since we already have another open, but thanks for submitting the patch!