From d0c1f0c0b6370a0462fcb30d041e37f22fe33076 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 2 May 2021 16:48:21 +0200
Subject: [PATCH] xcursor: fix CVE-2013-2003

The libXcursor fix for CVE-2013-2003 has never been imported into
wlroots, leaving it vulnerable to it.

Changing the argument type to an unsigned type is an effective merge of
Ilja Van Sprundel's commit in libXcursor.

Proof of Concept (compile with address sanitizer):

$ mkdir -p ~/.local/share/icons/poc/cursors
$ base64 -d <<< WGN1chAAAAAAAAAA/////w== > \
    ~/.local/share/icons/poc/cursors/poc
$ echo "seat seat0 xcursor_theme poc 10" > ~/poc-config
$ sway -c ~/poc-config
---
 xcursor/xcursor.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xcursor/xcursor.c b/xcursor/xcursor.c
index 5c4538a2..4415a659 100644
--- a/xcursor/xcursor.c
+++ b/xcursor/xcursor.c
@@ -301,7 +301,7 @@ _XcursorFileHeaderDestroy (XcursorFileHeader *fileHeader)
 }
 
 static XcursorFileHeader *
-_XcursorFileHeaderCreate (int ntoc)
+_XcursorFileHeaderCreate (XcursorUInt ntoc)
 {
     XcursorFileHeader	*fileHeader;