From cc19618d2eb3ed92a0b574aee26a7da8b4aed5d2 Mon Sep 17 00:00:00 2001
From: Jamey Sharp <jamey@minilop.net>
Date: Sun, 23 Mar 2008 16:33:50 -0700
Subject: [PATCH] Fix XAllocID race: hold the user display lock until we have a
 new XID.

Xlib built --without-xcb is also vulnerable to this race, and a similar
fix might work there too.

Also, use an XID that's truly invalid while waiting for the next XID to be
requested.
---
 src/xcb_io.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/xcb_io.c b/src/xcb_io.c
index 830ddb9f..d0abf4c6 100644
--- a/src/xcb_io.c
+++ b/src/xcb_io.c
@@ -343,6 +343,10 @@ _XIDHandler(Display *dpy)
 {
 	XID next = xcb_generate_id(dpy->xcb->connection);
 	LockDisplay(dpy);
+#ifdef XTHREADS
+	if (dpy->lock)
+		(*dpy->lock->user_unlock_display)(dpy);
+#endif
 	dpy->xcb->next_xid = next;
 	if(dpy->flags & XlibDisplayPrivSync)
 	{
@@ -357,8 +361,13 @@ _XIDHandler(Display *dpy)
 /* _XAllocID - resource ID allocation routine. */
 XID _XAllocID(Display *dpy)
 {
+	const XID inval = ~0UL;
 	XID ret = dpy->xcb->next_xid;
-	dpy->xcb->next_xid = 0;
+#ifdef XTHREADS
+	if (ret != inval && dpy->lock)
+		(*dpy->lock->user_lock_display)(dpy);
+#endif
+	dpy->xcb->next_xid = inval;
 
 	if(!(dpy->flags & XlibDisplayPrivSync))
 	{