Locale modifiers may be freed whenever XSetLocaleModifiers gets
called, even if the locale hasn't changed. This means that we cannot
save a pointer to those modifiers in the XimInstCallback record and
must, instead, make a copy of them instead.

This fixes a problem uncovered when running wish under libasan as
follows (on current Debian unstable):

	$ LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libasan.so.6 wish
Reported-by: Vittorio Zecca <zeccav@gmail.com>
Signed-off-by: Keith Packard <keithp@keithp.com>

v2:
	Remove incorrect 'else' token found by @alanc

Using Arch as base distribution here because we can expect our dependencies to
be up-to-date. We rely on the Arch for our dependencies rather than building
those from git (notably: xorg-macros, xtrans and libxcb).
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

Frediano Ziglio authored Jan 29, 2020 and Peter Hutterer committed Nov 16, 2020

In poll_for_response is it possible that event replies are skipped
and a more up to date message reply is returned.
This will cause next poll_for_event call to fail aborting the program.

This was proved using some slow ssh tunnel or using some program
to slow down server replies (I used a combination of xtrace and strace).

How the race happens:
- program enters into poll_for_response;
- poll_for_event is called but the server didn't still send the reply;
- pending_requests is not NULL because we send a request (see call
  to  append_pending_request in _XSend);
- xcb_poll_for_reply64 is called from poll_for_response;
- xcb_poll_for_reply64 will read from server, at this point
  server reply with an event (say sequence N) and the reply to our
  last request (say sequence N+1);
- xcb_poll_for_reply64 returns the reply for the request we asked;
- last_request_read is set to N+1 sequence in poll_for_response;
- poll_for_response returns the response to the request;
- poll_for_event is called (for instance from another poll_for_response);
- event with sequence N is retrieved;
- the N sequence is widen, however, as the "new" number computed from
  last_request_read is less than N the number is widened to N + 2^32
  (assuming last_request_read is still contained in 32 bit);
- poll_for_event enters the nested if statement as req is NULL;
- we compare the widen N (which now does not fit into 32 bit) with
  request (which fits into 32 bit) hitting the throw_thread_fail_assert.

To avoid the race condition and to avoid the sequence to go back
I check again for new events after getting the response and
return this last event if present saving the reply to return it
later.

To test the race and the fix it's helpful to add a delay (I used a
"usleep(5000)") before calling xcb_poll_for_reply64.

Original patch written by Frediano Ziglio, see
!34

Reworked primarily for readability by Peter Hutterer, see
!53

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

This patch is based on research done by Dmitry Osipenko to uncover the
cause of a large class of Xlib lockups.

_XError must unlock and re-lock the display around the call to the
user error handler function. When re-locking the display, two
functions are called to ensure that the display is ready to generate a request:

    _XIDHandler(dpy);
    _XSeqSyncFunction(dpy);

The first ensures that there is at least one XID available to use
(possibly calling _xcb_generate_id to do so). The second makes sure a
reply is received at least every 65535 requests to keep sequence
numbers in sync (possibly generating a GetInputFocus request and
synchronously awaiting the reply).

If the second of these does generate a GetInputFocus request and wait
for the reply, then a pending error will cause recursion into _XError,
which deadlocks the display.

One seemingly easy fix is to have _XError avoid those calls by
invoking InternalLockDisplay instead of LockDisplay. That function
does everything that LockDisplay does *except* call those final two
functions which may end up receiving an error.

However, that doesn't protect the system from applications which call
some legal Xlib function from within their error handler. Any Xlib
function which cannot generate protocol or wait for events is valid,
including many which invoke LockDisplay.

What we need to do is make LockDisplay skip these two function calls
precisely when it is called from within the _XError context for the
same display.

This patch accomplishes this by creating a list of threads in the
display which are in _XError, and then having LockDisplay check the
current thread against those list elements.
Inspired-by: Dmitry Osipenko <digetx@gmail.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Tested-by: Dmitry Osipenko <digetx@gmail.com>
Reviewed-by: Dmitry Osipenko <digetx@gmail.com>

Benno Schulenberg authored Nov 13, 2020 and Alan Coopersmith committed Nov 13, 2020

Also put an extra space before the lone combining characters
so they have some room to breathe.
Signed-off-by: Benno Schulenberg <bensberg@telfort.nl>

Benno Schulenberg authored Nov 13, 2020 and Alan Coopersmith committed Nov 13, 2020

Combining characters are not dead keys -- they have an immediate effect
and combine with the preceding character.  So they cannot be used in
compose sequences.
Signed-off-by: Benno Schulenberg <bensberg@telfort.nl>

Benno Schulenberg authored Nov 02, 2020 and Alan Coopersmith committed Nov 13, 2020

Fixes #107, for the most part.
Signed-off-by: Benno Schulenberg <bensberg@telfort.nl>

Most locale context users call _XlcCurrentLC, which returns a pointer
which never needs to be passed to _XCloseLC, meaning it has unbounded
lifetime, so that locale data can never be freed.

Remove all reference counting and just leave all locales that were
ever used in memory.
Signed-off-by: Keith Packard <keithp@keithp.com>
Acked-by: Martin Peres <martin.peres@mupuf.org>

Jacek Caban authored Aug 14, 2017 and Keith Packard committed Nov 09, 2020

Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=55678
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=68538
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=69088



The way it's currently cached is not thread safe. As long as locale doesn't change, the same object is reused anyway.
Signed-off-by: Jacek Caban <jacek@codeweavers.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Acked-by: Martin Peres <martin.peres@mupuf.org>

These functions were caching encoding conversion functions in static
variables which is not thread safe. Let the conversion loader do its
job and cache locale to converters there. It's less efficient, but
it's also (now) thread safe.
Signed-off-by: Keith Packard <keithp@keithp.com>
Acked-by: Martin Peres <martin.peres@mupuf.org>

Jacek Caban authored Aug 14, 2017 and Keith Packard committed Nov 09, 2020

Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=55678
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=68538
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=69088

Signed-off-by: Jacek Caban <jacek@codeweavers.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Acked-by: Martin Peres <martin.peres@mupuf.org>

Antti Savolainen authored Sep 08, 2020 and Keith Packard committed Nov 08, 2020

Signed-off-by: Antti Savolainen <antti.savo@gmail.com>

Benno Schulenberg authored Oct 23, 2020 and Alan Coopersmith committed Nov 05, 2020

It was strange that the accented letters Ž and ž can be composed with
sequences that start with "v" ("v Z" and "v z"), but not Č and č and
Š and š (and other letters with a caron).  For these letters, compose
sequences that start with a "c" had to be used, which was frustrating
because it is hard to remember that "c" stands for "caron", AND the
graphically more obvious "v" is right next to it.

(Unfortunately, the sequence "v l" is already taken for vertical line.
Maybe the compose sequences for vertical line could be reduced to just
"V L" and "L V"?)
Signed-off-by: Benno Schulenberg <bensberg@telfort.nl>

Also improve the grammar of the initial comment.
Signed-off-by: Benno Schulenberg <bensberg@telfort.nl>

Signed-off-by: Benno Schulenberg <bensberg@telfort.nl>

These artificial languages are meant to be international and are
thus not specific to any country.  If one would want to support
aliases like ia_FR or ia_CH, then one would also have to support
ia_AU, ia_DE, ia_ES, et cetera, et cetera.  That would be silly.
Signed-off-by: Benno Schulenberg <bensberg@telfort.nl>

They were found with:

    while read one two; do
        if [[ $one == $two: ]]; then echo $two; fi;
    done  <nls/locale.alias.pre
Signed-off-by: Benno Schulenberg <bensberg@telfort.nl>

This function complements XSetIOErrorHandler(), allowing to override
the default behavior that trusts on I/O errors never coming back
(i.e. exit()ing the process).

This is meant as a mechanism for Wayland compositors (that are too
a X11 client + compositing manager) to unfasten seatbelts and jump
through the car window. It might get lucky and land on a stack of
pillows.

In consequence, some functions labeled as _X_NORETURN can as a
matter of fact return. So those hints were removed.
Signed-off-by: Carlos Garnacho <carlosg@gnome.org>
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>

Ensure current state is cut short on _XIOError(), possible reentrancy
should be skipped through the XlibDisplayIOError flag checks.
Signed-off-by: Carlos Garnacho <carlosg@gnome.org>
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>

Ross Burton authored Jan 22, 2020 and Alan Coopersmith committed Oct 10, 2020

CPP is used to generate files, but as cpp reads files from the build host the
output has a number of blank lines at the beginning which varies depending on
what GCC and friends is used.

Pathalogical example:

 $ cpp -undef -traditional /dev/null
 # 1 "/dev/null"
 # 1 "<built-in>"
 # 1 "<command-line>"
 # 31 "<command-line>"
 # 1 "/usr/include/stdc-predef.h" 1 3 4

 # 17 "/usr/include/stdc-predef.h" 3 4

 [ 40 blank line ]

 # 32 "<command-line>" 2
 # 1 "/dev/null"

So depending on the content of stdc-predef.h and what other headers CPP will
load, the amount of whitespace in the generates files varies. This can result in
differences in reproducible environments, and file conflicts in multilib
environments.

As whitespace is irrelevant to these machine-readable files, extend the sed to
just delete blank lines.

If the compiler knows of a better algorithm for counting the number of
bits set in a word for the target CPU, let it use that, instead of the
classic algorithm optimized for PDP-6.

Based on libXext commit 490a25e6f8a4d2482af4364c700b68ad11a4d10b
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

Krzesimir Nowak authored Jun 01, 2020 and Adam Jackson committed Sep 21, 2020

Reported by valgrind:

```
==118175== 17 bytes in 1 blocks are definitely lost in loss record 13 of 1,675
==118175==    at 0x483A809: malloc (vg_replace_malloc.c:307)
==118175==    by 0x5CD1B46: _XlcDefaultMapModifiers (in /usr/lib64/libX11.so.6.3.0)
==118175==    by 0x5CD1F1A: XSetLocaleModifiers (in /usr/lib64/libX11.so.6.3.0)
==118175==    by 0x496841C: X11_InitKeyboard (SDL_x11keyboard.c:324)
==118175==    by 0x496F0CA: X11_VideoInit (SDL_x11video.c:455)
==118175==    by 0x494747B: SDL_VideoInit_REAL (SDL_video.c:532)
==118175==    by 0x489E886: SDL_InitSubSystem_REAL (SDL.c:206)
==118175==    by 0x402634: main (fade.cc:35)
```

Gets rid of:
src/xkb/XKBBind.c: In function ‘XLookupKeysym’:
src/xkb/XKBBind.c:234:5: warning: ‘XKeycodeToKeysym’ is deprecated
[https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wdeprecated-declarations-Wdeprecated-declarations

]
  234 |     return XKeycodeToKeysym(dpy, event->keycode, col);
      |     ^~~~~~
src/xkb/XKBBind.c:96:1: note: declared here
   96 | XKeycodeToKeysym(Display *dpy,
      | ^~~~~~~~~~~~~~~~
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

While we don't expect large enough ints to need it, we don't
enforce a maximum size, so gcc assumes the worst and warns:

../../../src/xlibi18n/lcUTF8.c: In function ‘create_tofontcs_conv’:
../../../src/xlibi18n/lcUTF8.c:1736:34: warning: ‘.charset.name’ directive output may be truncated writing 13 bytes into a region of size between 8 and 17 [-Wformat-truncation=]
 1736 |  snprintf(buf, sizeof(buf), "fs%d.charset.name", i);
      |                                  ^~~~~~~~~~~~~
../../../src/xlibi18n/lcUTF8.c:1736:2: note: ‘snprintf’ output between 17 and 26 bytes into a destination of size 20
 1736 |  snprintf(buf, sizeof(buf), "fs%d.charset.name", i);
      |  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../src/xlibi18n/lcUTF8.c:1739:46: warning: ‘snprintf’ output may be truncated before the last format character [-Wformat-truncation=]
 1739 |      snprintf(buf, sizeof(buf), "fs%d.charset", i);
      |                                              ^
../../../src/xlibi18n/lcUTF8.c:1739:6: note: ‘snprintf’ output between 12 and 21 bytes into a destination of size 20
 1739 |      snprintf(buf, sizeof(buf), "fs%d.charset", i);
      |      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../src/xlibi18n/lcUTF8.c:1754:41: warning: ‘.charset.name’ directive output may be truncated writing 13 bytes into a region of size between 8 and 17 [-Wformat-truncation=]
 1754 |         snprintf(buf, sizeof(buf), "fs%d.charset.name", i);
      |                                         ^~~~~~~~~~~~~
../../../src/xlibi18n/lcUTF8.c:1754:9: note: ‘snprintf’ output between 17 and 26 bytes into a destination of size 20
 1754 |         snprintf(buf, sizeof(buf), "fs%d.charset.name", i);
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../src/xlibi18n/lcUTF8.c:1757:53: warning: ‘snprintf’ output may be truncated before the last format character [-Wformat-truncation=]
 1757 |             snprintf(buf, sizeof(buf), "fs%d.charset", i);
      |                                                     ^
../../../src/xlibi18n/lcUTF8.c:1757:13: note: ‘snprintf’ output between 12 and 21 bytes into a destination of size 20
 1757 |             snprintf(buf, sizeof(buf), "fs%d.charset", i);
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

Avoids gcc warnings that we're using strncpy wrong to copy a known-length
set of characters without a terminating '\0' to a buffer whose length we
are checking separately.  (Should also be imperceptibly faster since we
no longer check if each byte is '\0' when we already know it won't be.)
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

Quiets gcc 10.2 warning of:
src/xcms/LRGB.c: In function ‘LINEAR_RGB_InitSCCData’:
src/xcms/LRGB.c:798:1: warning: label ‘FreeBlueTblElements’ defined
 but not used
[https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wunused-label-Wunused-label

]
  798 | FreeBlueTblElements:
      | ^~~~~~~~~~~~~~~~~~~
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

Allows us to depend on _X_COLD directly instead of having to check for it.

(Since we also use _X_UNUSED, 7.0.22 or later was implicitly required
 already but not checked for.)
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

Maya Rashish authored Aug 23, 2020 and Alan Coopersmith committed Aug 28, 2020

This causes issues when compiling code for C++17.

Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>

CVE-2020-14363

This can lead to a double free later, as reported by Jayden Rivers.
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>

Niclas Zeising authored Aug 11, 2020 and Alan Coopersmith committed Aug 17, 2020

Fix a bug where some input clients can't connect to the input server.
This fixes #117.

FreeBSD bugzilla reference:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248549

Signed-off-by: Niclas Zeising <zeising@daemonic.se>

This causes issues when compiling code for C++17.
While here, make function prototype match the header with regards
to removal of another register keyword.

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

The check here guards the read below.
For `XimType_XIMStyles`, these are `num` of `CARD32` and for `XimType_XIMHotKeyTriggers`
these are `num` of `XIMTRIGGERKEY` ref[1] which is defined as 3 x `CARD32`.
(There are data after the `XIMTRIGGERKEY` according to the spec but they are not read by this
function and doesn't need to be checked.)

The old code here used the native datatype size instead of the wire protocol size causing
the check to always fail.

Also fix the size calculation for the header (size). It is 2 x CARD16 for both types
despite the unused `CARD16` for `XimType_XIMStyles`.

[1] https://www.x.org/releases/X11R7.6/doc/libX11/specs/XIM/xim.html#Input_Method_Styles

This fixes a regression caused by 388b303c in 1.6.10.

Fix #116

Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>