From dc2811874729ee83fa2aef110f60808c450f9a5a Mon Sep 17 00:00:00 2001
From: Ran Benita <ran@unusedvar.com>
Date: Tue, 17 Nov 2020 23:18:53 +0200
Subject: Avoid request counter truncation in replies map after 2**32 requests

The c->in request counters are uint64_t, and can realistically go over
2**32 over a lifetime of a client. The c->in->replies map however uses
unsigned int keys and the passed request numbers are silently truncated.

I haven't analyzed in depth what happens what it wraps around but it's
probably nothing good.

The only user of the xcb_list.c map code is c->in->replies, so just
change it to use uint64_t keys.

Reviewed-by: Uli Schlachter <psychon@znc.in>
Signed-off-by: Ran Benita <ran@unusedvar.com>
---
 src/xcbint.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/xcbint.h')

diff --git a/src/xcbint.h b/src/xcbint.h
index 524d6c7..6a070f8 100644
--- a/src/xcbint.h
+++ b/src/xcbint.h
@@ -83,8 +83,8 @@ typedef struct _xcb_map _xcb_map;
 
 _xcb_map *_xcb_map_new(void);
 void _xcb_map_delete(_xcb_map *q, xcb_list_free_func_t do_free);
-int _xcb_map_put(_xcb_map *q, unsigned int key, void *data);
-void *_xcb_map_remove(_xcb_map *q, unsigned int key);
+int _xcb_map_put(_xcb_map *q, uint64_t key, void *data);
+void *_xcb_map_remove(_xcb_map *q, uint64_t key);
 
 
 /* xcb_out.c */
-- 
cgit v1.2.3