From: Scott Kostyshak <skostysh@lyx.org>
Date: Wed, 19 Feb 2020 02:39:18 +0000 (-0500)
Subject: Fix write to uninitialized bytes for XCB event
X-Git-Tag: lyx-2.4.0dev-acb2ca7b~1243
X-Git-Url: https://git.lyx.org/gitweb/?a=commitdiff_plain;h=19c41bd0;p=features.git

Fix write to uninitialized bytes for XCB event

As the xcb_send_event man page [1] states,

  In order to properly initialize these bytes, we allocate 32 bytes
  even though we only need less for an xcb_configure_notify_event_t

This commit fixes the following Valgrind error, which could be
triggered by selecting a letter in LyX:

  ==12698== Syscall param writev(vector[...]) points to uninitialised byte(s)
  ==12698==    at 0x61F578D: __writev (writev.c:26)
  ==12698==    by 0x61F578D: writev (writev.c:24)
  ==12698==    by 0x4A83BFC: ??? (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
  ==12698==    by 0x4A83FD0: ??? (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
  ==12698==    by 0x4A84246: ??? (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
  ==12698==    by 0x4A84ACB: xcb_flush (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
  ==12698==    by 0x17C8F06: lyx::frontend::GuiApplication::nativeEventFilter(QByteArray const&, void*, long*) (GuiApplication.cpp:3366)
  ==12698==    by 0x5AA4EEE: QAbstractEventDispatcher::filterNativeEvent(QByteArray const&, void*, long*) (qabstracteventdispatcher.cpp:484)

[1] https://www.x.org/releases/current/doc/man/man3/xcb_send_event.3.xhtml
---

diff --git a/src/frontends/qt/GuiApplication.cpp b/src/frontends/qt/GuiApplication.cpp
index 8fdd9bf99d..2cdd5f6e3b 100644
--- a/src/frontends/qt/GuiApplication.cpp
+++ b/src/frontends/qt/GuiApplication.cpp
@@ -3352,18 +3352,26 @@ bool GuiApplication::nativeEventFilter(const QByteArray & eventType,
 				// not doing that, maybe because of our
 				// "persistent selection" implementation
 				// (see comments in GuiSelection.cpp).
-				xcb_selection_notify_event_t nev;
-				nev.response_type = XCB_SELECTION_NOTIFY;
-				nev.requestor = srev->requestor;
-				nev.selection = srev->selection;
-				nev.target = srev->target;
-				nev.property = XCB_NONE;
-				nev.time = XCB_CURRENT_TIME;
+
+				// It is expected that every X11 event is 32 bytes long,
+				// even if not all 32 bytes are needed. See:
+				// https://www.x.org/releases/current/doc/man/man3/xcb_send_event.3.xhtml
+				// TODO switch to Q_DECLARE_XCB_EVENT(event, xcb_selection_notify_event_t)
+				//      once we require qt >= 5.6.3 or just copy the macro def.
+				xcb_selection_notify_event_t *nev = (xcb_selection_notify_event_t*) calloc(32, 1);
+
+				nev->response_type = XCB_SELECTION_NOTIFY;
+				nev->requestor = srev->requestor;
+				nev->selection = srev->selection;
+				nev->target = srev->target;
+				nev->property = XCB_NONE;
+				nev->time = XCB_CURRENT_TIME;
 				xcb_connection_t * con = QX11Info::connection();
 				xcb_send_event(con, 0, srev->requestor,
 					XCB_EVENT_MASK_NO_EVENT,
-					reinterpret_cast<char const *>(&nev));
+					reinterpret_cast<char const *>(nev));
 				xcb_flush(con);
+				free(nev);
 #endif
 				return true;
 			}