From 53876f1ef10eb9d513b126feda25e9fba5b375df Mon Sep 17 00:00:00 2001 From: "Enrico Weigelt, metux IT consult" Date: Thu, 27 Feb 2025 12:20:52 +0100 Subject: [PATCH] randr: fix RRGetCrtcTransform reply length, part 2 Mixed up reply vs request. Obviously, the size substracted from reply struct's one has to be the one of the generic reply, not generic requst :o Background: the meaning of the length field isn't entirely intuitive. a) the size is in 4-byte units, instead of bytes (therefore passing through bytes_to_int32() call) b) it's not the total packet size, but only the *extra* payload size, ergo: how much is the packet longer than a xGenericReply = 8 units = 32 bytes. (min. packet size is 32 bytes -> length = 0) In order to prevent those kind of coding errors ever happening again, it might be a good idea putting that into a generic macro. Fixes: c6f1b8a735d3c6ba80ca552b79e2dbe8a358ff40 Fixes: 0ca5aaba500a4791b91f8237cbd74709331f8676 Issue: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1797 Signed-off-by: Enrico Weigelt, metux IT consult Signed-off-by: Enrico Weigelt, metux IT consult Part-of: --- randr/rrcrtc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/randr/rrcrtc.c b/randr/rrcrtc.c index cbdc74e4d..b828b7301 100644 --- a/randr/rrcrtc.c +++ b/randr/rrcrtc.c @@ -1831,7 +1831,7 @@ ProcRRGetCrtcTransform(ClientPtr client) xRRGetCrtcTransformReply rep = { .type = X_Reply, .sequenceNumber = client->sequence, - .length = bytes_to_int32(sizeof(xRRGetCrtcTransformReply) - sizeof(xReq) + nextra), + .length = bytes_to_int32(sizeof(xRRGetCrtcTransformReply) - sizeof(xGenericReply) + nextra), .hasTransforms = crtc->transforms, };