From 679d2a4fc613c7357eb3e7f335419618f847b127 Mon Sep 17 00:00:00 2001
From: matthieu <matthieu@openbsd.org>
Date: Wed, 13 Dec 2023 06:21:57 +0000
Subject: [PATCH] randr: avoid integer truncation in length check of
 ProcRRChange*Property CVE-2023-6478

---
 xserver/randr/rrproperty.c         | 2 +-
 xserver/randr/rrproviderproperty.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/xserver/randr/rrproperty.c b/xserver/randr/rrproperty.c
index 25469f57b..c4fef8a1f 100644
--- a/xserver/randr/rrproperty.c
+++ b/xserver/randr/rrproperty.c
@@ -530,7 +530,7 @@ ProcRRChangeOutputProperty(ClientPtr client)
     char format, mode;
     unsigned long len;
     int sizeInBytes;
-    int totalSize;
+    uint64_t totalSize;
     int err;
 
     REQUEST_AT_LEAST_SIZE(xRRChangeOutputPropertyReq);
diff --git a/xserver/randr/rrproviderproperty.c b/xserver/randr/rrproviderproperty.c
index b79c17f9b..90c5a9a93 100644
--- a/xserver/randr/rrproviderproperty.c
+++ b/xserver/randr/rrproviderproperty.c
@@ -498,7 +498,7 @@ ProcRRChangeProviderProperty(ClientPtr client)
     char format, mode;
     unsigned long len;
     int sizeInBytes;
-    int totalSize;
+    uint64_t totalSize;
     int err;
 
     REQUEST_AT_LEAST_SIZE(xRRChangeProviderPropertyReq);