[neon/qt/qtbase/Neon/testing] debian: Backport upstream patch xcb_screens_uaf.patch in order to fix use-after-free in the xcb plugin.

Tue May 18 11:01:28 BST 2021

Git commit fd2171cd7beeb883633d77667b8e5541e956afa2 by Lisandro Damián Nicanor Pérez Meyer.
Committed on 23/11/2020 at 18:14.
Pushed by sitter into branch 'Neon/testing'.

Backport upstream patch xcb_screens_uaf.patch in order to fix  use-after-free in the xcb plugin.

M  +4    -0    debian/changelog
M  +1    -0    debian/patches/series
A  +26   -0    debian/patches/xcb_screens_uaf.patch

https://invent.kde.org/neon/qt/qtbase/commit/fd2171cd7beeb883633d77667b8e5541e956afa2

diff --git a/debian/changelog b/debian/changelog
index dc72546..96d00f7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,9 @@
 qtbase-opensource-src (5.15.1+dfsg-4) UNRELEASED; urgency=medium
 
+  [ Alexander Volkov ]
+  * Backport upstream patch xcb_screens_uaf.patch in order to fix
+    use-after-free in the xcb plugin.
+
  -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>  Mon, 23 Nov 2020 15:13:30 -0300
 
 qtbase-opensource-src (5.15.1+dfsg-3) unstable; urgency=medium
diff --git a/debian/patches/series b/debian/patches/series
index b30c00c..28462c1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,6 +1,7 @@
 # Backported from upstream.
 emit_geometry_changed.diff
 clone_sigchld.diff
+xcb_screens_uaf.patch
 
 # Debian specific.
 gnukfreebsd.diff
diff --git a/debian/patches/xcb_screens_uaf.patch b/debian/patches/xcb_screens_uaf.patch
new file mode 100644
index 0000000..600e10d
--- /dev/null
+++ b/debian/patches/xcb_screens_uaf.patch
@@ -0,0 +1,26 @@
+Description: Avoid use-after-free in QXcbConnection::initializeScreens()
+Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=86b8c5c3f32c2457
+Last-Update: 2020-11-23
+
+--- a/src/plugins/platforms/xcb/qxcbconnection_screens.cpp
++++ b/src/plugins/platforms/xcb/qxcbconnection_screens.cpp
+@@ -290,6 +290,8 @@ void QXcbConnection::initializeScreens()
+             // RRGetScreenResources in this case.
+             auto resources_current = Q_XCB_REPLY(xcb_randr_get_screen_resources_current,
+                                                  xcb_connection(), xcbScreen->root);
++            decltype(Q_XCB_REPLY(xcb_randr_get_screen_resources,
++                                 xcb_connection(), xcbScreen->root)) resources;
+             if (!resources_current) {
+                 qWarning("failed to get the current screen resources");
+             } else {
+@@ -300,8 +302,8 @@ void QXcbConnection::initializeScreens()
+                     timestamp = resources_current->config_timestamp;
+                     outputs = xcb_randr_get_screen_resources_current_outputs(resources_current.get());
+                 } else {
+-                    auto resources = Q_XCB_REPLY(xcb_randr_get_screen_resources,
+-                                                 xcb_connection(), xcbScreen->root);
++                    resources = Q_XCB_REPLY(xcb_randr_get_screen_resources,
++                                            xcb_connection(), xcbScreen->root);
+                     if (!resources) {
+                         qWarning("failed to get the screen resources");
+                     } else {

