xcb: fix misuse of xcb_send_event

This fixes the following Valgrind warning:

"Syscall param writev(vector[...]) points to uninitialised byte(s)
Uninitialised value was created by a stack allocation"

The xcb_send_event() requires all events to have 32 bytes.
It calls memcpy() on the passed in event. If the passed in
event is less than 32 bytes, memcpy() reaches into unrelated
memory. And as it turns out, this behavior is actually
described in the xcb_send_event function's documentation.

This patch adds a macro that declares an event for safe
usage with xcb_send_event.

Change-Id: Ifcaab5e9a3b52b7f64ac930b423e0c7798bbfedb
Done-with: Uli Schlachter
Task-number: QTBUG-56518
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>

4 files changed, 16 insertions, 3 deletions

diff --git a/src/plugins/platforms/xcb/qxcbclipboard.cpp b/src/plugins/platforms/xcb/qxcbclipboard.cpp
index cee011bbdf..a293066b93 100644
--- a/src/plugins/platforms/xcb/qxcbclipboard.cpp
+++ b/src/plugins/platforms/xcb/qxcbclipboard.cpp
@@ -607,7 +607,7 @@ void QXcbClipboard::handleSelectionRequest(xcb_selection_request_event_t *req)
         return;
     }
 
-    xcb_selection_notify_event_t event;
+    Q_DECLARE_XCB_EVENT(event, xcb_selection_notify_event_t);
     event.response_type = XCB_SELECTION_NOTIFY;
     event.requestor = req->requestor;
     event.selection = req->selection;
diff --git a/src/plugins/platforms/xcb/qxcbconnection.h b/src/plugins/platforms/xcb/qxcbconnection.h
index a9208ffe09..01a97a187a 100644
--- a/src/plugins/platforms/xcb/qxcbconnection.h
+++ b/src/plugins/platforms/xcb/qxcbconnection.h
@@ -734,6 +734,19 @@ private:
     QXcbConnection *m_connection;
 };
 
+template <typename T>
+union q_padded_xcb_event {
+  T event;
+  char padding[32];
+};
+
+// The xcb_send_event() requires all events to have 32 bytes. It calls memcpy() on the
+// passed in event. If the passed in event is less than 32 bytes, memcpy() reaches into
+// unrelated memory.
+#define Q_DECLARE_XCB_EVENT(event_var, event_type) \
+    q_padded_xcb_event<event_type> store = {}; \
+    auto &event_var = store.event;
+
 #ifdef Q_XCB_DEBUG
 template <typename cookie_t>
 cookie_t q_xcb_call_template(const cookie_t &cookie, QXcbConnection *connection, const char *file,
diff --git a/src/plugins/platforms/xcb/qxcbdrag.cpp b/src/plugins/platforms/xcb/qxcbdrag.cpp
index 58fb1f3918..60d142157f 100644
--- a/src/plugins/platforms/xcb/qxcbdrag.cpp
+++ b/src/plugins/platforms/xcb/qxcbdrag.cpp
@@ -1163,7 +1163,7 @@ static xcb_window_t findXdndAwareParent(QXcbConnection *c, xcb_window_t window)
 
 void QXcbDrag::handleSelectionRequest(const xcb_selection_request_event_t *event)
 {
-    xcb_selection_notify_event_t notify;
+    Q_DECLARE_XCB_EVENT(notify, xcb_selection_notify_event_t);
     notify.response_type = XCB_SELECTION_NOTIFY;
     notify.requestor = event->requestor;
     notify.selection = event->selection;
diff --git a/src/plugins/platforms/xcb/qxcbwindow.cpp b/src/plugins/platforms/xcb/qxcbwindow.cpp
index ffbe9a2325..78d000c774 100644
--- a/src/plugins/platforms/xcb/qxcbwindow.cpp
+++ b/src/plugins/platforms/xcb/qxcbwindow.cpp
@@ -864,7 +864,7 @@ void QXcbWindow::hide()
     Q_XCB_CALL(xcb_unmap_window(xcb_connection(), m_window));
 
     // send synthetic UnmapNotify event according to icccm 4.1.4
-    xcb_unmap_notify_event_t event;
+    Q_DECLARE_XCB_EVENT(event, xcb_unmap_notify_event_t);
     event.response_type = XCB_UNMAP_NOTIFY;
     event.event = xcbScreen()->root();
     event.window = m_window;