mollusk
cfc480044f
Found in a wider bug audit of the streaming/process-management code. - Viewer ctrl-c/SIGINT was ignored mid-stream: viewer::run raced the cancel token only against listener.accept(), not the bridge itself, so once the local player connected nothing checked it. CLI needed a second ctrl-c to quit and a GUI "Disconnect" only took effect via the child's 2s SIGKILL backstop (and the host saw the viewer ~2s longer). Now races the bridge against cancel, mirroring the host's handle_peer. (viewer/mod.rs) - Wayland portal pipewire fd leaked on a capture-setup error: wayland::start into_raw_fd'd the fd and relied on pipeline::spawn's after_spawn hook to close it, but setup_audio/gst-spawn can ?-return before the hook runs, leaking the fd per failed attempt. Now the OwnedFd is moved into the hook, so it's closed whether the hook runs or (on early error) the unused closure is dropped. (host/wayland.rs) - Detached players (mpv/vlc) zombied under the long-lived GUI: spawn_detached dropped the std Child, which has no orphan reaping, so each closed player left a <defunct> entry until the GUI exited. Now a detached thread wait()s it; the setsid'd player still survives a parent exit (init reaps it then). A double-fork was avoided deliberately — fork(2) + non-trivial work in this multithreaded process is unsound. (common/process.rs) 47 gui / 8 headless tests pass, clippy + fmt clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
39 lines
1.5 KiB
Rust
39 lines
1.5 KiB
Rust
use std::io;
|
|
use std::os::unix::process::CommandExt;
|
|
use std::process::{Command, Stdio};
|
|
|
|
/// Spawn a child process fully detached from this process group.
|
|
///
|
|
/// The child gets its own session via `setsid(2)` and null stdio, so it
|
|
/// survives the parent exiting and doesn't take a SIGKILL cascade when
|
|
/// pixelpass dies.
|
|
///
|
|
/// A detached reaper thread `wait()`s the child so it doesn't linger as a
|
|
/// `<defunct>` zombie under a long-lived parent — the `--gui` front-end launches
|
|
/// players itself and lives for the whole session, and `std::process::Child`
|
|
/// (unlike tokio's) has no orphan reaping, so simply dropping the handle would
|
|
/// leak a zombie per closed player. If the parent exits while the player is
|
|
/// still up, the reaper thread dies with it but the `setsid`'d player survives
|
|
/// and is reaped by init. (A double-fork would also avoid the zombie, but
|
|
/// `fork(2)` followed by non-trivial work in this multithreaded process is
|
|
/// unsound — the reaper thread is the safe equivalent.)
|
|
pub fn spawn_detached(prog: &str, args: &[&str]) -> io::Result<()> {
|
|
let child = unsafe {
|
|
Command::new(prog)
|
|
.args(args)
|
|
.stdin(Stdio::null())
|
|
.stdout(Stdio::null())
|
|
.stderr(Stdio::null())
|
|
.pre_exec(|| {
|
|
nix::unistd::setsid().ok();
|
|
Ok(())
|
|
})
|
|
.spawn()?
|
|
};
|
|
std::thread::spawn(move || {
|
|
let mut child = child;
|
|
let _ = child.wait();
|
|
});
|
|
Ok(())
|
|
}
|