From 942b0e96c4443a0d17b0ebce3a655d577b007772 Mon Sep 17 00:00:00 2001
From: "Enrico Weigelt, metux IT consult" <info@metux.net>
Date: Wed, 11 Jun 2025 15:36:03 +0200
Subject: [PATCH] Xext: xf86bigfont: fix FTBS on wrong packet length variable.

The `buflength` variable doesn't exist anymore, it's `rlength`.
And even if the reply struct might have the same size as XGenericReply,
it's cleaner to let the compiler compute it explicitly, just in case.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
---
 Xext/xf86bigfont.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Xext/xf86bigfont.c b/Xext/xf86bigfont.c
index ac6a7dd0d..13ad79a98 100644
--- a/Xext/xf86bigfont.c
+++ b/Xext/xf86bigfont.c
@@ -533,7 +533,8 @@ ProcXF86BigfontQueryFont(ClientPtr client)
 
         xXF86BigfontQueryFontReply rep = {
             .type = X_Reply,
-            .length = bytes_to_int32(buflength),
+            .length = bytes_to_int32(sizeof(xXF86BigfontQueryFontReply)
+                                     - sizeof(xGenericReply) + rlength),
             .sequenceNumber = client->sequence,
             .minBounds = pFont->info.ink_minbounds,
             .maxBounds = pFont->info.ink_maxbounds,