-
If an -f argument is exactly 1022 characters in size, an off-by-one stack overflow happens in auth_finalize. The overflow could be even larger if locks are ignored for authentication files. Make sure that a given authentication file name fits into temporary buffer and that this buffer matches buffer sizes of libXau which is used by xauth.
f5af3b21