wayland: Invalid write in reconfigure_listener
valgrind tells me:
==939116== Invalid write of size 4 ==939116== at 0x4D6CB84: reconfigure_callback (gdksurface-wayland.c:4761) ==939116== by 0x5FF1AEF: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.2) ==939116== by 0x5FF12AA: ffi_call (in /usr/lib64/libffi.so.6.0.2) ==939116== by 0x5EC67E1: ??? (in /usr/lib64/libwayland-client.so.0.3.0) ==939116== by 0x5EC2DB9: ??? (in /usr/lib64/libwayland-client.so.0.3.0) ==939116== by 0x5EC44AB: wl_display_dispatch_queue_pending (in /usr/lib64/libwayland-client.so.0.3.0) ==939116== by 0x4D5D264: _gdk_wayland_display_queue_events (gdkeventsource.c:228) ==939116== by 0x4D20CF3: gdk_display_get_event (gdkdisplay.c:427) ==939116== by 0x4D5CFB9: gdk_event_source_dispatch (gdkeventsource.c:137) ==939116== by 0x528732A: g_main_dispatch (gmain.c:3325) ==939116== by 0x528732A: g_main_context_dispatch (gmain.c:4016) ==939116== by 0x52875A7: g_main_context_iterate.constprop.0 (gmain.c:4092) ==939116== by 0x528764E: g_main_context_iteration (gmain.c:4157) ==939116== Address 0x1ffefff2a4 is on thread 1's stack ==939116== 1916 bytes below stack pointer
This is from code that was just introduced in gdksurface-wayland.c:
wl_callback_add_listener (callback, &reconfigure_listener, &done); while (is_realized_toplevel (surface) && !impl->initial_configure_received && !done) wl_display_dispatch_queue (display_wayland->wl_display, impl->event_queue);
Here we are passing a stack address (&done) tothe callback listener, and then pretend to wait for the callback to happen. But not really. Adding a printf after the while loop confirms that we exit the loop without done being set to TRUE, because one of the other conditions was satisfied, and then we leave the scope, the stack address becomes invalid, and later, the callback is called. Oops.
I don't know the wayland api well enough to say if there is an alternative to making this loop just wait for done and nothing else. There doesn't seem to be a way to remove listeners again.
Noticed in passing: the reconfigure_listener callback does not destroy the callback object - all our other callback listeners do. Again, I don't know the Wayland api well enough, but it sure looks like a leak to me.