scan_visible_region() scans through each value of a uint8_t array and checks
whether that value is 255. Right now it always checks one value too much
though, resulting in a buffer overflow. Fix that by checking the array
bounds before actually accessing the array.
Found by running gnome-shell with address sanitizer and starting
GIMP.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2856>
Both Clutter and Cogl use g_return(_val)_if_fail() to safeguard
introspected API. Release builds were dropping these checks, which could
result in a much more crashy experience, especially when considering
extensions, but also due to bugs in the shell code itself.
This won't affect any major distro, because they all use "plain" builds.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2930>
Both GRAB_OP_KEYBOARD_MOVING and GRAB_OP_KEYBOARD_RESIZING_* are
defined as GRAB_OP_WINDOW_BASE with FLAG_KEYBOARD set, but the
latter have additional bits set to indicate the direction.
That is, the GRAB_OP_KEYBOARD_MOVING bitmask cannot be used to
differentiate between move- and resize operations. Instead,
check that no direction bits are set.
https://gitlab.gnome.org/GNOME/mutter/-/issues/2684
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2908>
The unknown color space's only purpose is to signal that the current KMS
state has a unknown color space set. It is not one of the color spaces
that can be set. We already only try to set a color space if the default
color space is supported so we should use the default color space as a
fallback instead of the unknown color space.
Fixes: https://gitlab.gnome.org/GNOME/mutter/-/issues/2693
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2915>
With the move away from GTK3, and the indirect dependency on GTK4
grown in the GNOME Shell side, we've indirectly gotten a small sneaky
behavioral change: The GTK4 library will, right on dlopen, get
DESKTOP_AUTOSTART_ID for itself and delete it from the environment.
This happens before our own X11 session management code is
initialized, which confuses the hell out of it, into thinking
initialization is actually shutdown, gnome-session does not follow
along with this request, which leaves GNOME Shell into a confused
startup state where it never calls SmcSaveYourselfDone() and grinds
startup to a halt until gnome-session decides to move things forward.
In order to fix this, get the DESKTOP_AUTOSTART_ID before we lend
control to GNOME Shell bits and GTK4 is possibly initialized, and
feed it directly to our X11 session manager bits.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2906>
We might get told to restore the old monitor configuration by the
monitor configuration prompt, in case the user pressed "revert" or
equivalent. This might be in response to a button press, and those
happen during frame clock dispatch. If we would restore an old
configuration during dispatch, it means we would reconfigure the
monitors including their stage views while dispatching, which means we'd
destroy the frame clock while it's dispatching.
Doing that causes problems, as the frame clock isn't expecting to be
destroyed mid-function. Specifically,
We'd enter
clutter_frame_clock_dispatch (clutter-frame-clock.c:811)
frame_clock_source_dispatch (clutter-frame-clock.c:839)
g_main_dispatch (gmain.c:3454)
g_main_context_dispatch (gmain.c:4172)
g_main_context_iterate.constprop.0 (gmain.c:4248)
g_main_loop_run (gmain.c:4448)
meta_context_run_main_loop (meta-context.c:482)
main (main.c:663)
which would first call
_clutter_process_event (clutter-main.c:920)
_clutter_stage_process_queued_events (clutter-stage.c:757)
handle_frame_clock_before_frame (clutter-stage-view.c:1150)
which would emit e.g. a button event all the way to a button press
handler, which would e.g. deny the new configuration:
restore_previous_config (meta-monitor-manager.c:1931)
confirm_configuration (meta-monitor-manager.c:2866)
meta_monitor_manager_confirm_configuration (meta-monitor-manager.c:2880)
meta_plugin_complete_display_change (meta-plugin.c:172)
That would then regenerate the monitor configuration and stage view
layout, which would destroy the old stage view and frame clock.
meta_stage_native_rebuild_views (meta-stage-native.c:68)
meta_backend_native_update_screen_size (meta-backend-native.c:457)
meta_backend_sync_screen_size (meta-backend.c:266)
meta_backend_monitors_changed (meta-backend.c:337)
meta_monitor_manager_notify_monitors_changed (meta-monitor-manager.c:3595)
meta_monitor_manager_rebuild (meta-monitor-manager.c:3683)
meta_monitor_manager_native_apply_monitors_config (meta-monitor-manager-native.c:343)
meta_monitor_manager_apply_monitors_config (meta-monitor-manager.c:704)
After returning back to the original clutter_frame_clock_dispatch()
frame, various state in the frame clock will be gone and we'd crash.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2901>
Commit 7e9d9c7eb9 added new API to replace GTK for accelerator
parsing.
Unfortunately there is another case in gnome-shell, where we have
to get the label from the logical binding name rather than the
modifier+keysym combination.
Add another small method to cover that use case.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2899>
Normally, mutter implicitly allows a window being shown to take
focus. This is normally desired, except it steals input from
GNOME Shell self. Avoid focusing the just shown window in those
situations.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2878>
When a X11 application is started, typically what happens is:
- A startup notification token is created, with a _TIME%d suffix
- The application being spawned receives it through the environment
- (dbus piping, maybe)
- The application replies the startup notification token, and
fetches the timestamp from it
- The application makes a _NET_ACTIVE_WINDOW client message request
with this timestamp
- Mutter handles this client request and activates/focuses the window
Prevent this last step if windows are not interactable (e.g. there is
a compositor grab) and ignore the focus request. This specifically
applies to X11 clients requesting focus themselves, and unlike previous
approaches, doesn't try to prevent focus changes that do come through
interaction with Mutter/GNOME Shell.
This should only break if applications do not observe _NET_ACTIVE_WINDOW
and perform XSetInputFocus on themselves, but in that case the X11
keyboard focus is stolen from our hands already.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2878>
This is the mask that lets us receive among other events the rather
important CreateNotify, that tells us about new winows. This has went by
rather unnoticed except for cases where multiple windows show up very
quickly directly after the frames client spawned, because the drag icon
surface cache eventually already did select that particular mask.
Make things more reliably by explicitly setting the mask for the events
we rely on to function.
This fixes flaky stacking tests that map multiple X11 windows in a row.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2894>
2d8fa26c8e ("core: Pass "frame action" grab operations as an
"unconstrained" grab op") changed the behaviour to treat non-grab
related window moving that has the "user action" flag set to still apply
the "constrain_titlebar_visible" constraint.
The fact that it wasn't applied before was relied upon by some
extensions. While it should arguably exist a better API that for such
extensions to use that have a bit more predictable behavior, until that
is so, restore the old semantics.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2891>
Linear sampling can influence the value of surrounding pixels beyond
the scaled framebuffer extents calculated during stage view rendering,
resulting in flickering graphical artifacts due to unaccounted pixel
changes. This is exhibited in xfreerdp and wlfreerdp at 150% display
scaling.
Fix this by ensuring that all pixels that may be affected by linear
scaling is included in the framebuffer redraw clip by padding the actor
redraw clip.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2771>
We have the drm/InfoFrame encoding and our MetaOutputHdrMetadata
encoding. Check that we can correctly convert between each other by
doing a encode/decode and decode/encode roundtrip and then checking for
equality.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2879>
The existence of the KMS property just means that we can send an
InfoFrame but we also have to make sure the sink actually supports the
metadata type 1 and the selected transfer function.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2879>
