static int queue_event(struct wl_display *display, int len) { uint32_t p[2], id; int opcode, size; struct wl_proxy *proxy; struct wl_closure *closure; const struct wl_message *message; struct wl_event_queue *queue; wl_connection_copy(display->connection, p, sizeof p); id = p[0]; opcode = p[1] & 0xffff; size = p[1] >> 16; if (len < size) return 0; proxy = wl_map_lookup(&display->objects, id); if (proxy == WL_ZOMBIE_OBJECT) { wl_connection_consume(display->connection, size); return size; } else if (proxy == NULL) { wl_connection_consume(display->connection, size); return size; } message = &proxy->object.interface->events[opcode]; closure = wl_connection_demarshal(display->connection, size, &display->objects, message); if (!closure) return -1; if (create_proxies(proxy, closure) < 0) { wl_closure_destroy(closure); return -1; } if (wl_closure_lookup_objects(closure, &display->objects) != 0) { wl_closure_destroy(closure); return -1; } increase_closure_args_refcount(closure); proxy->refcount++; closure->proxy = proxy; if (proxy == &display->proxy) queue = &display->display_queue; else queue = proxy->queue; if (wl_list_empty(&queue->event_list)) pthread_cond_signal(&queue->cond); wl_list_insert(queue->event_list.prev, &closure->link); return size; }
int wl_closure_lookup_objects(struct wl_closure *closure, struct wl_map *objects) { struct wl_object *object; const struct wl_message *message; const char *signature; struct argument_details arg; int i, count; uint32_t id; message = closure->message; signature = message->signature; count = arg_count_for_signature(signature); for (i = 0; i < count; i++) { signature = get_next_argument(signature, &arg); switch (arg.type) { case 'o': id = closure->args[i].n; closure->args[i].o = NULL; object = wl_map_lookup(objects, id); if (object == WL_ZOMBIE_OBJECT) { /* references object we've already * destroyed client side */ object = NULL; } else if (object == NULL && id != 0) { wl_log("unknown object (%u), message %s(%s)\n", id, message->name, message->signature); object = NULL; errno = EINVAL; return -1; } if (object != NULL && message->types[i] != NULL && !wl_interface_equal((object)->interface, message->types[i])) { wl_log("invalid object (%u), type (%s), " "message %s(%s)\n", id, (object)->interface->name, message->name, message->signature); errno = EINVAL; return -1; } closure->args[i].o = object; } } return 0; }
static void display_handle_delete_id(void *data, struct wl_display *display, uint32_t id) { struct wl_proxy *proxy; pthread_mutex_lock(&display->mutex); proxy = wl_map_lookup(&display->objects, id); if (!proxy) wl_log("error: received delete_id for unknown id (%u)\n", id); if (proxy && proxy != WL_ZOMBIE_OBJECT) proxy->flags |= WL_PROXY_FLAG_ID_DELETED; else wl_map_remove(&display->objects, id); pthread_mutex_unlock(&display->mutex); }
struct wl_closure * wl_connection_demarshal(struct wl_connection *connection, uint32_t size, struct wl_map *objects, const struct wl_message *message) { uint32_t *p, *next, *end, length, **id; int *fd; char *extra, **s; unsigned int i, count, extra_space; const char *signature = message->signature; struct argument_details arg; struct wl_object **object; struct wl_array **array; struct wl_closure *closure; count = arg_count_for_signature(signature) + 2; if (count > ARRAY_LENGTH(closure->types)) { printf("too many args (%d)\n", count); errno = EINVAL; wl_connection_consume(connection, size); return NULL; } extra_space = wl_message_size_extra(message); closure = malloc(sizeof *closure + 8 + size + extra_space); if (closure == NULL) return NULL; closure->message = message; closure->types[0] = &ffi_type_pointer; closure->types[1] = &ffi_type_pointer; closure->start = closure->buffer; wl_connection_copy(connection, closure->buffer, size); p = &closure->buffer[2]; end = (uint32_t *) ((char *) p + size); extra = (char *) end; for (i = 2; i < count; i++) { signature = get_next_argument(signature, &arg); if (p + 1 > end) { printf("message too short, " "object (%d), message %s(%s)\n", *p, message->name, message->signature); errno = EINVAL; goto err; } switch (arg.type) { case 'u': closure->types[i] = &ffi_type_uint32; closure->args[i] = p++; break; case 'i': closure->types[i] = &ffi_type_sint32; closure->args[i] = p++; break; case 'f': closure->types[i] = &ffi_type_sint32; closure->args[i] = p++; break; case 's': closure->types[i] = &ffi_type_pointer; length = *p++; next = p + DIV_ROUNDUP(length, sizeof *p); if (next > end) { printf("message too short, " "object (%d), message %s(%s)\n", *p, message->name, message->signature); errno = EINVAL; goto err; } s = (char **) extra; extra += sizeof *s; closure->args[i] = s; if (length == 0) { *s = NULL; } else { *s = (char *) p; } if (length > 0 && (*s)[length - 1] != '\0') { printf("string not nul-terminated, " "message %s(%s)\n", message->name, message->signature); errno = EINVAL; goto err; } p = next; break; case 'o': closure->types[i] = &ffi_type_pointer; object = (struct wl_object **) extra; extra += sizeof *object; closure->args[i] = object; if (*p == 0 && !arg.nullable) { printf("NULL new ID received on non-nullable " "type, message %s(%s)\n", message->name, message->signature); *object = NULL; errno = EINVAL; goto err; } *object = wl_map_lookup(objects, *p); if (*object == WL_ZOMBIE_OBJECT) { /* references object we've already * destroyed client side */ *object = NULL; } else if (*object == NULL && *p != 0) { printf("unknown object (%u), message %s(%s)\n", *p, message->name, message->signature); *object = NULL; errno = EINVAL; goto err; } if (*object != NULL && message->types[i-2] != NULL && (*object)->interface != message->types[i-2]) { printf("invalid object (%u), type (%s), " "message %s(%s)\n", *p, (*object)->interface->name, message->name, message->signature); errno = EINVAL; goto err; } p++; break; case 'n': closure->types[i] = &ffi_type_pointer; id = (uint32_t **) extra; extra += sizeof *id; closure->args[i] = id; *id = p; if (*id == 0 && !arg.nullable) { printf("NULL new ID received on non-nullable " "type, message %s(%s)\n", message->name, message->signature); errno = EINVAL; goto err; } if (wl_map_reserve_new(objects, *p) < 0) { printf("not a valid new object id (%d), " "message %s(%s)\n", *p, message->name, message->signature); errno = EINVAL; goto err; } p++; break; case 'a': closure->types[i] = &ffi_type_pointer; length = *p++; next = p + DIV_ROUNDUP(length, sizeof *p); if (next > end) { printf("message too short, " "object (%d), message %s(%s)\n", *p, message->name, message->signature); errno = EINVAL; goto err; } array = (struct wl_array **) extra; extra += sizeof *array; closure->args[i] = array; *array = (struct wl_array *) extra; extra += sizeof **array; (*array)->size = length; (*array)->alloc = 0; (*array)->data = p; p = next; break; case 'h': closure->types[i] = &ffi_type_sint; fd = (int *) extra; extra += sizeof *fd; closure->args[i] = fd; wl_buffer_copy(&connection->fds_in, fd, sizeof *fd); connection->fds_in.tail += sizeof *fd; break; default: printf("unknown type\n"); assert(0); break; } } closure->count = i; ffi_prep_cif(&closure->cif, FFI_DEFAULT_ABI, closure->count, &ffi_type_void, closure->types); wl_connection_consume(connection, size); return closure; err: closure->count = i; wl_closure_destroy(closure); wl_connection_consume(connection, size); return NULL; }