Comment 16 for bug 358009

See also https://lists.ubuntu.com/archives/ubuntu-x/2009-April/000495.html

The issue is associated to slave device cursors, basically an artifact
of how the xserver-1.6 code is derived from master. There is no API to
access device cursors in 1.6, but it turns out that under certain
circumstances (I'm not exactly sure how this happens but it seems to be
some kind of race condition between XI and core grabs), it is possible
that a device cursor will be set anyway. If it's a regular cursor (that
is what the bug report was originally about), this is not a problem
anymore since this will just modify the core cursor, but if it's an
animated cursor, we're in trouble: The device cursor will keep
replacing the core cursor (so the user will notice an animated cursor
that shouldn't be there), and when the client destroys the animated
cursor, the device animated cursor will stay active leading to a server
crash the next time the cursor is updated. There is a patch attached to
the fdo bug report that fixes the issue by basically doing the same
thing for an animated cursor that we do for a regular cursor: Apply the
change to the associated master device. This is safe for 1.6 since this
code path should never be hit in the first place, but unfortunately,
this is not the direction that Peter wants to go for master where each
device has its own sprite (I'm not sure how things are supposed to work
with animated cursors there).

The crash happens randomly when an application that grabs an Xi device
(such as easystroke) is running when clicking on firefox menus, but it's
fairly easy to reproduce reliably by setting up a timeout gesture in
easystroke to rotate the cube in compiz via Control+Shift+Button1 and
invoke the gesture when firefox is loading a page and showing a 'sandbox'.

The patch is available at
http://bugs.freedesktop.org/attachment.cgi?id=21710