File _service:obs_scm:0002-fix-CVE-2024-31081.patch of Package xorg-x11-server-xwayland

From 3e77295f888c67fc7645db5d0c00926a29ffecee Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sun, 28 Apr 2024 15:35:19 +0800
Subject: [PATCH] Xi: ProcXIPassiveGrabDevice needs to use unswapped length to send reply
CVE-2024-31081

Fixes: d220d690

("Xi: add GrabButton and GrabKeysym code.")
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <!1463>
---
 Xi/xipassivegrab.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Xi/xipassivegrab.c b/Xi/xipassivegrab.c
index c9ac2f8..896233b 100644
--- a/Xi/xipassivegrab.c
+++ b/Xi/xipassivegrab.c
@@ -93,6 +93,7 @@ ProcXIPassiveGrabDevice(ClientPtr client)
     GrabParameters param;
     void *tmp;
     int mask_len;
+    uint32_t length;
 
     REQUEST(xXIPassiveGrabDeviceReq);
     REQUEST_FIXED_SIZE(xXIPassiveGrabDeviceReq,
@@ -247,9 +248,11 @@ ProcXIPassiveGrabDevice(ClientPtr client)
         }
     }
 
+    /* save the value before SRepXIPassiveGrabDevice swaps it */
+    length = rep.length;
     WriteReplyToClient(client, sizeof(rep), &rep);
     if (rep.num_modifiers)
-        WriteToClient(client, rep.length * 4, modifiers_failed);
+        WriteToClient(client, length * 4, modifiers_failed);
 
  out:
     free(modifiers_failed);
-- 
2.27.0