[neon/qt/qtbase/Neon/testing] debian/patches: Backport upstream patch to fix use-after-free in the xcb plugin

Tue May 18 11:01:28 BST 2021

Git commit 801034c92d5e4ea162e42dfcf07298c743d9656a by Alexander Volkov.
Committed on 23/11/2020 at 11:02.
Pushed by sitter into branch 'Neon/testing'.

Backport upstream patch to fix use-after-free in the xcb plugin

M  +1    -0    debian/patches/series
A  +26   -0    debian/patches/xcb_screens_uaf.patch

https://invent.kde.org/neon/qt/qtbase/commit/801034c92d5e4ea162e42dfcf07298c743d9656a

diff --git a/debian/patches/series b/debian/patches/series
index 59bcb3e..207c382 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,5 @@
 # Backported from upstream.
+xcb_screens_uaf.patch
 
 # Debian specific.
 gnukfreebsd.diff
diff --git a/debian/patches/xcb_screens_uaf.patch b/debian/patches/xcb_screens_uaf.patch
new file mode 100644
index 0000000..600e10d
--- /dev/null
+++ b/debian/patches/xcb_screens_uaf.patch
@@ -0,0 +1,26 @@
+Description: Avoid use-after-free in QXcbConnection::initializeScreens()
+Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=86b8c5c3f32c2457
+Last-Update: 2020-11-23
+
+--- a/src/plugins/platforms/xcb/qxcbconnection_screens.cpp
++++ b/src/plugins/platforms/xcb/qxcbconnection_screens.cpp
+@@ -290,6 +290,8 @@ void QXcbConnection::initializeScreens()
+             // RRGetScreenResources in this case.
+             auto resources_current = Q_XCB_REPLY(xcb_randr_get_screen_resources_current,
+                                                  xcb_connection(), xcbScreen->root);
++            decltype(Q_XCB_REPLY(xcb_randr_get_screen_resources,
++                                 xcb_connection(), xcbScreen->root)) resources;
+             if (!resources_current) {
+                 qWarning("failed to get the current screen resources");
+             } else {
+@@ -300,8 +302,8 @@ void QXcbConnection::initializeScreens()
+                     timestamp = resources_current->config_timestamp;
+                     outputs = xcb_randr_get_screen_resources_current_outputs(resources_current.get());
+                 } else {
+-                    auto resources = Q_XCB_REPLY(xcb_randr_get_screen_resources,
+-                                                 xcb_connection(), xcbScreen->root);
++                    resources = Q_XCB_REPLY(xcb_randr_get_screen_resources,
++                                            xcb_connection(), xcbScreen->root);
+                     if (!resources) {
+                         qWarning("failed to get the screen resources");
+                     } else {

