Skip to content

Fix forwards-compatibility bug by allowing to specify expression that defines length of a struct

This MR fixes a forwards-compatibility bug that causes X server clients to crash when new XInput 2.4 GestureClass structs are sent within a response to XIQueryDevice request. X server has been patched in xorg/xserver@eb6f8dac to not send these new structs unless the client advertises XInput 2.4 support, but we still need to fix this issue as larger programs may have multiple versions of embedded libxcb.

Currently the layout of a struct is used to compute its size. This works fine in case of structs of fixed size. However this introduces forwards-compatibility problems in cases when the struct has multiple variants and the exact variant is specified by the value of some field (e.g. in the case of elements). Future revisions of protocols may introduce new layout variants, in which case the old code does not know the size of the struct variant and can't parse the incoming byte stream.

Instead of relying on knowledge about the layout of data structures we should instead use the length field for length information. This way when old client libxcb communicates with newer server it can at least ignore unknown struct variants.

A corresponding libxcb MR is xorg/lib/libxcb!20 (merged).

The fix has been tested on a patched X server master branch with xorg/xserver@eb6f8dac workaround reverted.

cc @alanc

I think it would be great to release this fix as xcbproto 1.14.2 / libxcb 1.14.1 so that the users could upgrade early before X server 21.1 is released.

Edited by Povilas Kanapickas

Merge request reports

Loading