From 579f2934de21847c6f31ce5417afab81d6d3d37b Mon Sep 17 00:00:00 2001
From: Rob Bradford <rob@linux.intel.com>
Date: Mon, 21 May 2012 18:04:15 +0100
Subject: [PATCH] shell: Remove fading animation from animation list when
 surface destroyed

Fixes crash with a backtrace like this:

==2418== Invalid read of size 8
==2418==    at 0x8AC5B70: unresponsive_fade_frame (shell.c:374)
==2418==    by 0x409FE0: weston_output_finish_frame (compositor.c:1060)
==2418==    by 0x567043B: wl_event_loop_dispatch (event-loop.c:389)
==2418==    by 0x566E84C: wl_display_run (wayland-server.c:1003)
==2418==    by 0x4055EB: main (compositor.c:2937)
==2418==  Address 0x8aba650 is 80 bytes inside a block of size 656 free'd
==2418==    at 0x4A0662E: free (vg_replace_malloc.c:366)
==2418==    by 0x566D93B: wl_resource_destroy (wayland-server.c:408)
==2418==    by 0x566D30E: destroy_resource (wayland-server.h:166)
==2418==    by 0x566D93B: wl_resource_destroy (wayland-server.c:408)
==2418==    by 0x34ECE05D63: ffi_call_unix64 (unix64.S:75)
==2418==    by 0x34ECE05784: ffi_call (ffi64.c:486)
==2418==    by 0x5671AAE: wl_closure_invoke (connection.c:770)
==2418==    by 0x566DBAA: wl_client_connection_data (wayland-server.c:255)
==2418==    by 0x5670497: wl_event_loop_dispatch (event-loop.c:410)
==2418==    by 0x566E84C: wl_display_run (wayland-server.c:1003)
==2418==    by 0x4055EB: main (compositor.c:2937)a

and

==2418== Invalid read of size 8
==2418==    at 0x34F1E180E1: pixman_region32_union (pixman-region.c:1405)
==2418==    by 0x407F66: weston_surface_damage (compositor.c:551)
==2418==    by 0x409FE0: weston_output_finish_frame (compositor.c:1060)
==2418==    by 0x567043B: wl_event_loop_dispatch (event-loop.c:389)
==2418==    by 0x566E84C: wl_display_run (wayland-server.c:1003)
==2418==    by 0x4055EB: main (compositor.c:2937)
==2418==  Address 0x851dfe8 is 136 bytes inside a block of size 680 free'd
==2418==    at 0x4A0662E: free (vg_replace_malloc.c:366)
==2418==    by 0x566D93B: wl_resource_destroy (wayland-server.c:408)
==2418==    by 0x34ECE05D63: ffi_call_unix64 (unix64.S:75)
==2418==    by 0x34ECE05784: ffi_call (ffi64.c:486)
==2418==    by 0x5671AAE: wl_closure_invoke (connection.c:770)
==2418==    by 0x566DBAA: wl_client_connection_data (wayland-server.c:255)
==2418==    by 0x5670497: wl_event_loop_dispatch (event-loop.c:410)
==2418==    by 0x566E84C: wl_display_run (wayland-server.c:1003)
==2418==    by 0x4055EB: main (compositor.c:2937)
---
 src/shell.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/shell.c b/src/shell.c
index 52c21e50..60f8643d 100644
--- a/src/shell.c
+++ b/src/shell.c
@@ -1200,6 +1200,9 @@ destroy_shell_surface(struct shell_surface *shsurf)
 	shsurf->surface->configure = NULL;
 	ping_timer_destroy(shsurf);
 
+	if (shsurf->unresponsive_animation.exists)
+		wl_list_remove(&shsurf->unresponsive_animation.current.link);
+
 	wl_list_remove(&shsurf->link);
 	free(shsurf);
 }