wp-mixer, tray: fix two SIGSEGV crashes from missing null checks#423
Open
borisi1 wants to merge 2 commits intoWayfireWM:masterfrom
Open
wp-mixer, tray: fix two SIGSEGV crashes from missing null checks#423borisi1 wants to merge 2 commits intoWayfireWM:masterfrom
borisi1 wants to merge 2 commits intoWayfireWM:masterfrom
Conversation
The loop searching objects_to_controls for a matching PipeWire ID left 'control' uninitialized when the map was empty, and used end()->first (UB) as a termination check when no match was found. Both cases allowed execution to continue with a garbage pointer, leading to a SIGSEGV in Gtk::ToggleButton::set_active(). Initialize control to nullptr, drop the broken end() dereference, and use a post-loop null check with continue instead of return so other widgets are still updated.
get_cached_property may leave the variant uninitialized if the property is not yet in the D-Bus proxy cache (e.g. on fast restart before the watcher proxy has fully synced). Calling .get() on a null Glib::Variant calls g_variant_n_children(nullptr) -> SIGSEGV. Guard the loop with a null check on the variant.
borisi1
changed the title
trigg
approved these changes
Apr 21, 2026
Collaborator
trigg
left a comment
trigg
left a comment
There was a problem hiding this comment.
Code looks good, clear explanation.
Tentative approval and I plan to compile and test soon.
Thanks for the contribution
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes two independent SIGSEGV crashes
1. wp-mixer: uninitialized control pointer in
on_mixer_changedCrash address:
0xffffffffffffffe8(-0x18 — method call on null/freed object)Stack trace:
Root cause:
controlis declared uninitialized. Two bugs in the search loop:objects_to_controlsis empty (e.g. during startup or after restart), the loop body never executes andcontrolremains uninitialized — execution continues and callscontrol->set_btn_status_no_callbk()on garbage.map::end()(UB). In a range-for loop the iterator never equalsend(), so if no matching ID is found the loop exits withcontrolpointing to the last element (wrong object).Fix: Initialize
controltonullptr, remove the brokenend()dereference, and use a post-loop null check. Changedreturntocontinueso remaining widgets still get updated.2. tray: null
GVariantcrash inon_bus_acquiredStack trace:
Root cause:
get_cached_propertymay leave the variant uninitialized ifRegisteredStatusNotifierItemsis not yet in the D-Bus proxy cache (common on fast restart before the watcher proxy has fully synced). Calling.get()on a nullGlib::Variantcallsg_variant_n_children(nullptr)→ SIGSEGV.Fix: Guard the loop with a null check on the variant before calling
.get().Tested on