xwayland: Use xwl_present_reset_timer in xwl_present_timer_callback

Apart from simplifying the code, this should also prevent a condition
(which might only be possible with the following fix) reported in
https://gitlab.freedesktop.org/wayland/weston/issues/115#note_52467:

1. xwl_present_timer_callback indirectly calls xwl_present_reset_timer
   -> xwl_present_free_timer
2. xwl_present_timer_callback then returns a non-0 value, so DoTimer
   calls TimerSet with the old xwl_present_window->frame_timer pointer
   which was freed in step 1 => use after free

Calling xwl_present_reset_timer explicitly passes NULL to TimerSet if
step 1 freed xwl_present_window->frame_timer, and it will allocate a new
one.

(cherry picked from commit 5e8b9a3a563047e3998d45e761f7a50e4b0f6cb3)

1 files changed, 2 insertions, 11 deletions

diff --git a/hw/xwayland/xwayland-present.c b/hw/xwayland/xwayland-present.c
index fb5c6499e..c758350b1 100644
--- a/hw/xwayland/xwayland-present.c
+++ b/hw/xwayland/xwayland-present.c
@@ -216,24 +216,15 @@ xwl_present_timer_callback(OsTimerPtr timer,
                            void *arg)
 {
     struct xwl_present_window *xwl_present_window = arg;
-    WindowPtr present_window = xwl_present_window->window;
-    struct xwl_window *xwl_window = xwl_window_from_window(present_window);
 
     xwl_present_window->frame_timer_firing = TRUE;
     xwl_present_window->msc++;
     xwl_present_window->ust = GetTimeInMicros();
 
     xwl_present_events_notify(xwl_present_window);
+    xwl_present_reset_timer(xwl_present_window);
 
-    if (xwl_present_has_events(xwl_present_window)) {
-        /* Still events, restart timer */
-        return xwl_present_is_flipping(present_window, xwl_window) ? TIMER_LEN_FLIP :
-                                                                     TIMER_LEN_COPY;
-    } else {
-        /* No more events, do not restart timer and delete it instead */
-        xwl_present_free_timer(xwl_present_window);
-        return 0;
-    }
+    return 0;
 }
 
 static void