From 038636786ad1914f3daf3503ae9611f40dffbb8f Mon Sep 17 00:00:00 2001
From: Ilya Pominov <ipominov@astralinux.ru>
Date: Sun, 2 Apr 2023 11:35:16 +0300
Subject: c_client: Fix crash in xcb_randr_set_monitor

Take into account c_need_sizeof when evaluating
xcb_protocol_request_t.count

Incorrect xcb_protocol_request_t.count causes a segmentation fault when
calling functions:
- xcb_randr_set_monitor{_checked}
- xcb_input_change_feedback_control{_checked}
- xcb_input_change_device_control{_unchecked}

Steps to reproduce:
Call xcb_randr_set_monitor() with valid arguments

OBSERVED RESULT
Segmentation fault
```
Process terminating with default action of signal 11 (SIGSEGV)
  Access not within mapped region at address 0x780
    at 0x4852925: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-
amd64-linux.so)
    by 0x486967C: memcpy (string_fortified.h:29)
    by 0x486967C: send_request (xcb_out.c:59)
    by 0x486967C: send_request (xcb_out.c:46)
    by 0x486967C: xcb_send_request_with_fds64 (xcb_out.c:338)
    by 0x48699FC: xcb_send_request (xcb_out.c:359)
    by 0x4891F11: xcb_randr_set_monitor_checked (randr.c:5350)
```

EXPECTED RESULT
Function returns cookie

Amend: 77b594f9583ea0247ff27130316d8e045da7f921

Signed-off-by: Ilya Pominov <ipominov@astralinux.ru>
---
 src/c_client.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/c_client.py b/src/c_client.py
index 0213d01..182b5de 100644
--- a/src/c_client.py
+++ b/src/c_client.py
@@ -2340,7 +2340,7 @@ def _c_request_helper(self, name, void, regular, aux=False, reply_fds=False):
         for field in param_fields:
             if not field.type.fixed_size() and field.wire:
                 count = count + 2
-                if field.type.c_need_serialize:
+                if field.type.c_need_serialize or field.type.c_need_sizeof:
                     # _serialize() keeps track of padding automatically
                     count -= 1
     dimension = count + 2
-- 
cgit v1.2.3