Pullup fixes for CVE-2021-3472.

Index: external/mit/xorg-server/dist/Xi/chgfctl.c
===================================================================
RCS file: /cvsroot/xsrc/external/mit/xorg-server/dist/Xi/chgfctl.c,v
retrieving revision 1.4
diff -p -u -u -r1.4 chgfctl.c
--- external/mit/xorg-server/dist/Xi/chgfctl.c	31 Dec 2018 09:49:58 -0000	1.4
+++ external/mit/xorg-server/dist/Xi/chgfctl.c	27 Apr 2021 05:24:35 -0000
@@ -464,8 +464,11 @@ ProcXChangeFeedbackControl(ClientPtr cli
         break;
     case StringFeedbackClass:
     {
-        xStringFeedbackCtl *f = ((xStringFeedbackCtl *) &stuff[1]);
+        xStringFeedbackCtl *f;
 
+        REQUEST_AT_LEAST_EXTRA_SIZE(xChangeFeedbackControlReq,
+                                    sizeof(xStringFeedbackCtl));
+        f = ((xStringFeedbackCtl *) &stuff[1]);
         if (client->swapped) {
             if (len < bytes_to_int32(sizeof(xStringFeedbackCtl)))
                 return BadLength;
Index: external/mit/xorg-server.old/dist/Xi/chgfctl.c
===================================================================
RCS file: /cvsroot/xsrc/external/mit/xorg-server.old/dist/Xi/chgfctl.c,v
retrieving revision 1.1.1.1
diff -p -u -u -r1.1.1.1 chgfctl.c
--- external/mit/xorg-server.old/dist/Xi/chgfctl.c	9 Jun 2016 09:07:56 -0000	1.1.1.1
+++ external/mit/xorg-server.old/dist/Xi/chgfctl.c	27 Apr 2021 05:24:36 -0000
@@ -468,8 +468,11 @@ ProcXChangeFeedbackControl(ClientPtr cli
     case StringFeedbackClass:
     {
 	char n;
-	xStringFeedbackCtl *f = ((xStringFeedbackCtl *) & stuff[1]);
+        xStringFeedbackCtl *f;
 
+        REQUEST_AT_LEAST_EXTRA_SIZE(xChangeFeedbackControlReq,
+                                    sizeof(xStringFeedbackCtl));
+        f = ((xStringFeedbackCtl *) &stuff[1]);
 	if (client->swapped) {
             if (len < bytes_to_int32(sizeof(xStringFeedbackCtl)))
                 return BadLength;