From f842843df2c77f5badaace6858d3336151ce0827 Mon Sep 17 00:00:00 2001 From: Sven Gothel Date: Mon, 2 Oct 2023 19:42:42 +0200 Subject: Bug 1468 - SIGSEGV on use after free when destroying NEWT Window/Display via a native dispatch'ed event like key/mouse/touch input SIGSEGV on use after free of native X11 Display* at XEventsQueued in DisplayDriver.DispatchMessages0. This potentially happens when an application destroys the NEWT Window/Display from an action being called directly from DisplayDriver.DispatchMessages0 (itself), i.e. keyboard or mouse input. DisplayDriver.DispatchMessages0 stays in the event loop and the next XEventsQueued call causes a SIGSEGV due to already deleted display driver connection and hence invalid native X11 Display*. This issue also exist for other Windowing System drivers, where the native (dispatch) method sticks to a loop and still (re)uses the window or display handle. One is WindowsWindow, where touch events are looped, but such handler could have closed the window. Querying the status of a window / display instance before dispatching is not be good enough - resource could already be GC'ed, so we also would need to query jobject status - would imply an addition Java callback +++ This fix: Having the Java callbacks return a boolean with the value Window.isNativeValid(). This way the dispatch logic - can bail out right away w/o using the resource anymore - must be reviewed by myself due to changed Call{Void->Boolean}*(..) invocation change. This review shall resolve potential similar issues. +++ Tested on X11/Linux/GNU, Windows and MacOS with new TestDestroyGLAutoDrawableNewtAWT, which tests all destruction invocation variants. --- src/newt/classes/com/jogamp/newt/Window.java | 3 ++- src/newt/classes/com/jogamp/newt/opengl/GLWindow.java | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'src/newt/classes/com') diff --git a/src/newt/classes/com/jogamp/newt/Window.java b/src/newt/classes/com/jogamp/newt/Window.java index e43961e98..82f878a98 100644 --- a/src/newt/classes/com/jogamp/newt/Window.java +++ b/src/newt/classes/com/jogamp/newt/Window.java @@ -1029,8 +1029,9 @@ public interface Window extends NativeWindow, WindowClosingProtocol, ScalableSur * @param y dirty-region x-pos in pixel units * @param width dirty-region width in pixel units * @param height dirty-region height in pixel units + * @return true if window {@link #isNativeValid()} */ - void windowRepaint(int x, int y, int width, int height); + boolean windowRepaint(int x, int y, int width, int height); /** * Enqueues a {@link com.jogamp.newt.event.NEWTEvent NEWT event}. diff --git a/src/newt/classes/com/jogamp/newt/opengl/GLWindow.java b/src/newt/classes/com/jogamp/newt/opengl/GLWindow.java index cbac22e26..09f5e1ebf 100644 --- a/src/newt/classes/com/jogamp/newt/opengl/GLWindow.java +++ b/src/newt/classes/com/jogamp/newt/opengl/GLWindow.java @@ -844,8 +844,8 @@ public class GLWindow extends GLAutoDrawableBase implements GLAutoDrawable, Wind // Window completion // @Override - public final void windowRepaint(final int x, final int y, final int width, final int height) { - window.windowRepaint(x, y, width, height); + public final boolean windowRepaint(final int x, final int y, final int width, final int height) { + return window.windowRepaint(x, y, width, height); } @Override -- cgit v1.2.3