From d3ae193f4ac87530f2745f8cb5e7b70dd516881e Mon Sep 17 00:00:00 2001
From: Thorvald Natvig <slicer@users.sourceforge.net>
Date: Mon, 1 Sep 2008 19:36:56 +0200
Subject: [PATCH] Xevie: always initialize rep.length (bug#17394)

The XEvIE extension doesn't clear the rep.length field for any reply but
the version check. Hence, if there is junk data in it and that is sent
to the client, it hangs.

X.Org bug#17394 (http://bugs.freedesktop.org/show_bug.cgi?id=17394)
---
 Xext/xevie.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Xext/xevie.c b/Xext/xevie.c
index 292f20761..8273b3ec2 100644
--- a/Xext/xevie.c
+++ b/Xext/xevie.c
@@ -197,6 +197,7 @@ int ProcXevieStart (ClientPtr client)
     
     xevieModifiersOn = FALSE;
 
+    rep.length = 0;
     rep.type = X_Reply;
     rep.sequence_number = client->sequence;
     WriteToClient (client, sizeof (xXevieStartReply), (char *)&rep);
@@ -218,6 +219,7 @@ int ProcXevieEnd (ClientPtr client)
         XevieEnd(xevieClientIndex);
     }
 
+    rep.length = 0;
     rep.type = X_Reply;
     rep.sequence_number = client->sequence;
     WriteToClient (client, sizeof (xXevieEndReply), (char *)&rep);
@@ -238,6 +240,7 @@ int ProcXevieSend (ClientPtr client)
         return BadAccess;
 
     xE = (xEvent *)&stuff->event;
+    rep.length = 0;
     rep.type = X_Reply;
     rep.sequence_number = client->sequence;
     WriteToClient (client, sizeof (xXevieSendReply), (char *)&rep);
@@ -284,6 +287,7 @@ int ProcXevieSelectInput (ClientPtr client)
         return BadAccess;
 
     xevieMask = stuff->event_mask;
+    rep.length = 0;
     rep.type = X_Reply;
     rep.sequence_number = client->sequence;
     WriteToClient (client, sizeof (xXevieSelectInputReply), (char *)&rep);