49 lines
1.6 KiB
Bash
Executable file
49 lines
1.6 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
# Trigger rapid output power-cycling to provoke the Qt Wayland screen UAF.
|
|
#
|
|
# First, in another terminal:
|
|
# nix run .#screen-uaf-reproducer-unpatched (should crash)
|
|
# nix run .#screen-uaf-reproducer-patched (should survive)
|
|
#
|
|
# Then run this script to toggle the output.
|
|
#
|
|
# Usage: ./trigger.sh [iterations]
|
|
# iterations: number of off/on cycles (default 20)
|
|
|
|
set -euo pipefail
|
|
|
|
cycles="${1:-20}"
|
|
|
|
if command -v niri &>/dev/null && niri msg version &>/dev/null; then
|
|
echo "Detected Niri - using niri msg"
|
|
for i in $(seq 1 "$cycles"); do
|
|
echo "cycle $i/$cycles"
|
|
niri msg action power-off-monitors
|
|
sleep 0.3
|
|
niri msg action power-on-monitors
|
|
sleep 0.5
|
|
done
|
|
elif command -v wlr-randr &>/dev/null; then
|
|
output=$(wlr-randr --json 2>/dev/null | python3 -c \
|
|
"import sys,json; print(next(o['name'] for o in json.load(sys.stdin) if o['enabled']))" 2>/dev/null \
|
|
|| wlr-randr | grep -oP '^\S+' | head -1)
|
|
if [ -z "$output" ]; then
|
|
echo "error: could not detect an output via wlr-randr" >&2
|
|
exit 1
|
|
fi
|
|
echo "Detected wlroots compositor - toggling output $output"
|
|
for i in $(seq 1 "$cycles"); do
|
|
echo "cycle $i/$cycles"
|
|
wlr-randr --output "$output" --off
|
|
sleep 0.3
|
|
wlr-randr --output "$output" --on
|
|
sleep 0.5
|
|
done
|
|
else
|
|
echo "error: neither niri nor wlr-randr found" >&2
|
|
echo "Manually unplug/replug a monitor while the reproducer is running." >&2
|
|
exit 1
|
|
fi
|
|
|
|
echo "Done. If the reproducer is still alive, the bug did not trigger."
|
|
echo "Try increasing iterations or adding more surfaces."
|