[ubuntu-x] fdo bug #19034

Thomas Jaeger thjaeger at gmail.com
Wed Apr 8 20:26:38 BST 2009


I know this is kind of last-minute, I was hoping that Peter would come
up with a fix before jaunty comes out, but this is probably not going to
happen.  The bug in questions is this one:


The issue is associated to slave device cursors, basically an artifact
of how the xserver-1.6 code is derived from master.  There is no API to
access device cursors in 1.6, but it turns out that under certain
circumstances (I'm not exactly sure how this happens but it seems to be
some kind of race condition between XI and core grabs), it is possible
that a device cursor will be set anyway.  If it's a regular cursor (that
is what the bug report was originally about), this is not a problem
anymore since this will just modify the core cursor, but if it's an
animated cursor, we're in trouble:  The device cursor will keep
replacing the core cursor (so the user will notice an animated cursor
that shouldn't be there), and when the client destroys the animated
cursor, the device animated cursor will stay active leading to a server
crash the next time the cursor is updated.  There is a patch attached to
the fdo bug report that fixes the issue by basically doing the same
thing for an animated cursor that we do for a regular cursor:  Apply the
change to the associated master device.  This is safe for 1.6 since this
code path should never be hit in the first place, but unfortunately,
this is not the direction that Peter wants to go for master where each
device has its own sprite (I'm not sure how things are supposed to work
with animated cursors there).

The crash happens randomly when an application that grabs an Xi device
(such as easystroke) is running when clicking on firefox menus, but it's
fairly easy to reproduce reliably by setting up a timeout gesture in
easystroke to rotate the cube in compiz via Control+Shift+Button1 and
invoke the gesture when firefox is loading a page and showing a 'sandbox'.

The patch is available at

It would be great if it could be applied to the ubuntu package.  The
regression potential is very low: This code path is only hit under very
specific circumstances and when it is, it basically means that the
server is going to crash as soon as the client is closed.


More information about the Ubuntu-x mailing list