[PATCH xserver 3/4] animcur: Run the timer from the device, not the screen

[Adam Jackson]

On Mon, 2018-01-08 at 12:39 -0800, Aaron Plattner wrote:
> Nothing like deploying code in the wild to find bugs. :(

Hah! So it goes.

> The user on the forum reported a crash after this patch and I reproduced it locally:
> 
> Thread 1 "Xorg" received signal SIGSEGV, Segmentation fault.
> 0x000055604b0b8acd in dixGetPrivateAddr (privates=0x3e8, key=0x55604b40ace0 <AnimCurScreenPrivateKeyRec>) at ../include/privates.h:123
> 123	../include/privates.h: No such file or directory.
> (gdb) bt
> #0  0x000055604b0b8acd in dixGetPrivateAddr (privates=0x3e8, key=0x55604b40ace0 <AnimCurScreenPrivateKeyRec>) at ../include/privates.h:123
> #1  0x000055604b0b8b5d in dixLookupPrivate (privates=0x3e8, key=0x55604b40ace0 <AnimCurScreenPrivateKeyRec>) at ../include/privates.h:165
> #2  0x000055604b0b8d79 in AnimCurTimerNotify (timer=0x55604d751a30, now=45483869, arg=0x55604d31cb70) at animcur.c:134
> #3  0x000055604b15fc70 in DoTimer ()
> #4  0x000055604b15fcd7 in DoTimers ()
> #5  0x000055604b15ffa7 in WaitForSomething ()
> #6  0x000055604af90ec1 in Dispatch () at dispatch.c:422
> #7  0x000055604af9e7dd in dix_main (argc=14, argv=0x7ffd9f1c4c78, envp=0x7ffd9f1c4cf0) at main.c:287
> #8  0x00007f64f5282f4a in __libc_start_main () at /usr/lib/libc.so.6
> #9  0x000055604af82a8a in _start ()
> #2  0x000055604b0b8d79 in AnimCurTimerNotify (timer=0x55604d751a30, now=45483869, arg=0x55604d31cb70) at animcur.c:134
> 134	in animcur.c
> (gdb) p pScreen
> $8 = (ScreenPtr) 0x0
> 
> I'm not sure how this is happening, yet.

Yeah that's a puzzler. The only place that should zero out anim.pScreen
is the "switch to static cursor" path in AnimCurDisplayCursor, but that
path also cancels the timer so AnimCurTimerNotify shouldn't get called
for that device anymore. Maybe I missed something about how multiple
cursors work?

- ajax