Description of problem: After update libX11 to version 1.8.3-1.fc38 appears weird bug. In some games I need move mouse for invoke screen updates. Demonstration: https://youtu.be/3OHzKpxaB6E I bisected the issue and found that this happens because of the commit d6d6cba90215d323567fef13d6565756c9956f60 is the first bad commit commit d6d6cba90215d323567fef13d6565756c9956f60 Author: Keith Packard <keithp> Date: Sun Dec 11 10:32:26 2022 -0800 Update XPutBackEvent() to support clients that put back unpadded events It seems to be common practice of some X11 clients to pass specific event types into APIs that take XEvent*. For example, freeglut does: XConfigureEvent fakeEvent = {0}; ... XPutBackEvent(fgDisplay.Display, (XEvent*)&fakeEvent); This can result in reads overflowing the input event when libX11 does: XEvent store = *event; ================================================================= ==75304==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x00016ee4a8e8 at pc 0x000101c54d14 bp 0x00016ee4a0d0 sp 0x00016ee49888 READ of size 192 at 0x00016ee4a8e8 thread T0 #0 0x101c54d10 in __asan_memcpy+0x1a4 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3cd10) #1 0x102848a18 in _XPutBackEvent PutBEvent.c:41 #2 0x1028490a4 in XPutBackEvent PutBEvent.c:84 #3 0x1013295c8 in fgOpenWindow freeglut_window.c:1178 #4 0x101321984 in fgCreateWindow freeglut_structure.c:108 #5 0x10132b138 in glutCreateWindow freeglut_window.c:1551 #6 0x100fb7d94 in main+0x78 (checkeredTriangles:arm64+0x100003d94) #7 0x197de3e4c (<unknown module>) Address 0x00016ee4a8e8 is located in stack of thread T0 at offset 840 in frame #0 0x1013282f8 in fgOpenWindow freeglut_window.c:1063 This frame has 8 object(s): [32, 40) 'title.addr' [64, 176) 'winAttr' (line 1066) [208, 240) 'textProperty' (line 1067) [272, 352) 'sizeHints' (line 1068) [384, 440) 'wmHints' (line 1069) [480, 672) 'eventReturnBuffer' (line 1070) [736, 740) 'num_FBConfigs' (line 1072) [752, 840) 'fakeEvent' (line 1074) <== Memory access at offset 840 overflows this variable This change allows XPutBackEvent() to support such clients without risk of memory read overflow. Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu> Tested-by: Jeremy Huddleston Sequoia <jeremyhu> src/PutBEvent.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) I see that this commit already reverted in master https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/88399e01be679bfcc9a5e8922ffe2c47f0e56dee But who knows when version 1.8.4 will release? So I builded libX11 with commit https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/88399e01be679bfcc9a5e8922ffe2c47f0e56dee and suggest review my PR.
Please review my PR https://src.fedoraproject.org/rpms/libX11/pull-request/1
FEDORA-2023-be3023012d has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-be3023012d
FEDORA-2023-be3023012d has been pushed to the Fedora 37 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-be3023012d` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-be3023012d See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
This bug appears to have been reported against 'rawhide' during the Fedora Linux 38 development cycle. Changing version to 38.
FEDORA-2023-e4d7cfa2c2 has been pushed to the Fedora 37 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-e4d7cfa2c2` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-e4d7cfa2c2 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-e4d7cfa2c2 has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.