Fix FTBS caused by fake size in the XimCacheStruct (#1556616)

0001-Use-flexible-array-member-instead-of-fake-size.patch

@@ -0,0 +1,66 @@
+From a9dafdd57c71473fa3a2ec4887e973e4e9876d83 Mon Sep 17 00:00:00 2001
+From: Michal Srb <msrb@suse.com>
+Date: Thu, 15 Mar 2018 09:50:58 +0100
+Subject: [PATCH libX11] Use flexible array member instead of fake size.
+
+The _XimCacheStruct structure is followed in memory by two strings containing
+fname and encoding. The memory was accessed using the last member of the
+structure `char fname[1]`. That is a lie, prohibits us from using sizeof and
+confuses checkers. Lets declare it properly as a flexible array, so compilers
+don't complain about writing past that array. As bonus we can replace the
+XOffsetOf with regular sizeof.
+
+Fixes GCC8 error:
+  In function 'strcpy',
+      inlined from '_XimWriteCachedDefaultTree' at imLcIm.c:479:5,
+      inlined from '_XimCreateDefaultTree' at imLcIm.c:616:2,
+      inlined from '_XimLocalOpenIM' at imLcIm.c:700:5:
+  /usr/include/bits/string_fortified.h:90:10: error: '__builtin_strcpy'
+  forming offset 2 is out of the bounds [0, 1] [-Werror=array-bounds]
+     return __builtin___strcpy_chk (__dest, __src, __bos (__dest));
+
+Caused by this line seemingly writing past the fname[1] array:
+  imLcIm.c:479:  strcpy (m->fname+strlen(name)+1, encoding);
+
+Reviewed-by: Keith Packard <keithp@keithp.com>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+---
+ modules/im/ximcp/imLcIm.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/modules/im/ximcp/imLcIm.c b/modules/im/ximcp/imLcIm.c
+index c19695df..743df77b 100644
+--- a/modules/im/ximcp/imLcIm.c
++++ b/modules/im/ximcp/imLcIm.c
+@@ -82,8 +82,8 @@ struct _XimCacheStruct {
+     DTCharIndex     mbused;
+     DTCharIndex     wcused;
+     DTCharIndex     utf8used;
+-    char            fname[1];
+-    /* char encoding[1] */
++    char            fname[];
++    /* char encoding[] */
+ };
+ 
+ static struct  _XimCacheStruct* _XimCache_mmap = NULL;
+@@ -281,7 +281,7 @@ _XimReadCachedDefaultTree(
+     assert (m->id == XIM_CACHE_MAGIC);
+     assert (m->version == XIM_CACHE_VERSION);
+     if (size != m->size ||
+-	size < XOffsetOf (struct _XimCacheStruct, fname) + namelen + encodinglen) {
++	size < sizeof (struct _XimCacheStruct) + namelen + encodinglen) {
+ 	fprintf (stderr, "Ignoring broken XimCache %s [%s]\n", name, encoding);
+         munmap (m, size);
+         return False;
+@@ -442,7 +442,7 @@ _XimWriteCachedDefaultTree(
+     int   fd;
+     FILE *fp;
+     struct _XimCacheStruct *m;
+-    int   msize = (XOffsetOf(struct _XimCacheStruct, fname)
++    int   msize = (sizeof(struct _XimCacheStruct)
+ 		   + strlen(name) + strlen(encoding) + 2
+ 		   + XIM_CACHE_TREE_ALIGNMENT-1) & -XIM_CACHE_TREE_ALIGNMENT;
+     DefTreeBase *b = &im->private.local.base;
+-- 
+2.14.3
+

libX11.spec

@@ -5,7 +5,7 @@
 Summary: Core X11 protocol client library
 Name: libX11
 Version: 1.6.5
-Release: 6%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist}
+Release: 7%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist}
 License: MIT
 Group: System Environment/Libraries
 URL: http://www.x.org
@@ -19,6 +19,7 @@ Source0: https://xorg.freedesktop.org/archive/individual/lib/%{name}-%{version}.
 %endif
 
 Patch2: dont-forward-keycode-0.patch
+Patch01: 0001-Use-flexible-array-member-instead-of-fake-size.patch
 
 BuildRequires: xorg-x11-util-macros >= 1.11
 BuildRequires: pkgconfig(xproto) >= 7.0.15
@@ -60,6 +61,7 @@ libX11/libxcb interoperability library
 %prep
 %setup -q -n %{tarball}-%{?gitdate:%{gitdate}}%{!?gitdate:%{version}}
 %patch2 -p1 -b .dont-forward-keycode-0
+%patch01 -p1
 
 %build
 autoreconf -v --install --force
@@ -124,6 +126,9 @@ make %{?_smp_mflags} check
 %{_mandir}/man5/*.5*
 
 %changelog
+* Fri Mar 23 2018 Peter Hutterer <peter.hutterer@redhat.com> 1.6.5-7
+- Fix FTBS caused by fake size in the XimCacheStruct (#1556616)
+
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.5-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild