From 92b1e8aaef115278eb3bc6902d76824def8f734a Mon Sep 17 00:00:00 2001
From: Byrial Jensen <byrial@vip.cybercity.dk>
Date: Sun, 18 Dec 2011 15:41:46 +0100
Subject: [PATCH] Fix possible crash on 64-bit systems when copying game or position

The two convertproc's for X selections caused reads out of bounds on 64-bit systems.
I hope that this is the right solution. I am not experienced with X stuff, but it
follows that I have seen in other programs, testing shows that copying still works,
and the reading out of bounds have disappearinged with this patch.
---
 xboard.c |   16 ++++++++++++++++
 1 files changed, 16 insertions(+), 0 deletions(-)

diff --git a/xboard.c b/xboard.c
index 527c3b3..b74f81c 100644
--- a/xboard.c
+++ b/xboard.c
@@ -5643,11 +5643,19 @@ SendPositionSelection(Widget w, Atom *selection, Atom *target,
     *value_return = targets_tmp;
     *type_return = XA_ATOM;
     *length_return = 2;
+#if 0
+    // This code leads to a read of value_return out of bounds on 64-bit systems.
+    // Other code which I have seen always sets *format_return to 32 independent of
+    // sizeof(Atom) without adjusting *length_return. For instance see TextConvertSelection()
+    // at http://cgit.freedesktop.org/xorg/lib/libXaw/tree/src/Text.c -- BJ
     *format_return = 8 * sizeof(Atom);
     if (*format_return > 32) {
       *length_return *= *format_return / 32;
       *format_return = 32;
     }
+#else
+    *format_return = 32;
+#endif
     return True;
   } else {
     return False;
@@ -5752,11 +5760,19 @@ SendGameSelection(Widget w, Atom *selection, Atom *target,
     *value_return = targets_tmp;
     *type_return = XA_ATOM;
     *length_return = 2;
+#if 0
+    // This code leads to a read of value_return out of bounds on 64-bit systems.
+    // Other code which I have seen always sets *format_return to 32 independent of
+    // sizeof(Atom) without adjusting *length_return. For instance see TextConvertSelection()
+    // at http://cgit.freedesktop.org/xorg/lib/libXaw/tree/src/Text.c -- BJ
     *format_return = 8 * sizeof(Atom);
     if (*format_return > 32) {
       *length_return *= *format_return / 32;
       *format_return = 32;
     }
+#else
+    *format_return = 32;
+#endif
     return True;
   } else {
     return False;
-- 
1.7.0.4