From 13343fd88d05f4875da7f3759b33a4bfb60b3208 Mon Sep 17 00:00:00 2001
From: Ulrich Sibiller <uli42@gmx.de>
Date: Thu, 16 Jul 2015 23:43:46 +0200
Subject: [PATCH] fix off-by-one bug in XKBMAlloc.c
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This is a fix I stumbled across in NoMachine's NX code
(http://code.x2go.org/gitweb?p=nx-libs.git;a=commitdiff;h=15cee47a496ef891923949ade073cf4ffabb9c73#patch3).

It turned out that this fixes a bug that had been fixed long time ago
in xf86 code by Michal Maruška (e.g. here:
http://cgit.freedesktop.org/~libv/xfree86/commit/lib/X11?id=23202557b77fd2edd167ae00103dcd81782401d5)

(The author provides more details here:
https://www.mail-archive.com/devel@xfree86.org/msg07272.html and here
http://www.ruska.it/michal/mails/xkb-fixes.html)

It never made its way to xorg, it seems.
---
 src/xkb/XKBMAlloc.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/xkb/XKBMAlloc.c b/src/xkb/XKBMAlloc.c
index 2e39634..45ccec8 100644
--- a/src/xkb/XKBMAlloc.c
+++ b/src/xkb/XKBMAlloc.c
@@ -736,7 +736,7 @@ XkbChangeKeycodeRange(XkbDescPtr xkb,
                     _XkbFree(prev_key_sym_map);
                     return BadAlloc;
                 }
-                bzero((char *) &xkb->map->key_sym_map[xkb->max_key_code],
+                bzero((char *) &xkb->map->key_sym_map[xkb->max_key_code + 1],
                       tmp * sizeof(XkbSymMapRec));
                 if (changes) {
                     changes->map.changed = _ExtendRange(changes->map.changed,
@@ -754,7 +754,7 @@ XkbChangeKeycodeRange(XkbDescPtr xkb,
                     _XkbFree(prev_modmap);
                     return BadAlloc;
                 }
-                bzero((char *) &xkb->map->modmap[xkb->max_key_code], tmp);
+                bzero((char *) &xkb->map->modmap[xkb->max_key_code + 1], tmp);
                 if (changes) {
                     changes->map.changed = _ExtendRange(changes->map.changed,
                                                 XkbModifierMapMask, maxKC,
@@ -774,7 +774,7 @@ XkbChangeKeycodeRange(XkbDescPtr xkb,
                     _XkbFree(prev_behaviors);
                     return BadAlloc;
                 }
-                bzero((char *) &xkb->server->behaviors[xkb->max_key_code],
+                bzero((char *) &xkb->server->behaviors[xkb->max_key_code + 1],
                       tmp * sizeof(XkbBehavior));
                 if (changes) {
                     changes->map.changed = _ExtendRange(changes->map.changed,
@@ -792,7 +792,7 @@ XkbChangeKeycodeRange(XkbDescPtr xkb,
                     _XkbFree(prev_key_acts);
                     return BadAlloc;
                 }
-                bzero((char *) &xkb->server->key_acts[xkb->max_key_code],
+                bzero((char *) &xkb->server->key_acts[xkb->max_key_code + 1],
                       tmp * sizeof(unsigned short));
                 if (changes) {
                     changes->map.changed = _ExtendRange(changes->map.changed,
@@ -810,7 +810,7 @@ XkbChangeKeycodeRange(XkbDescPtr xkb,
                     _XkbFree(prev_vmodmap);
                     return BadAlloc;
                 }
-                bzero((char *) &xkb->server->vmodmap[xkb->max_key_code],
+                bzero((char *) &xkb->server->vmodmap[xkb->max_key_code + 1],
                       tmp * sizeof(unsigned short));
                 if (changes) {
                     changes->map.changed = _ExtendRange(changes->map.changed,
@@ -829,7 +829,7 @@ XkbChangeKeycodeRange(XkbDescPtr xkb,
                 _XkbFree(prev_keys);
                 return BadAlloc;
             }
-            bzero((char *) &xkb->names->keys[xkb->max_key_code],
+            bzero((char *) &xkb->names->keys[xkb->max_key_code + 1],
                   tmp * sizeof(XkbKeyNameRec));
             if (changes) {
                 changes->names.changed = _ExtendRange(changes->names.changed,
-- 
1.9.1