Fix out-of-bounds copy in xcb_send_event() calls
xcb_send_event always copies 32 bytes, so we have to pad all xcb_*_event_t to 32 bytes to avoid leaking uninitialized stack memory. I found this problem while running kwin_x11 on a CHERI-RISC-V system (which has bounded pointers). The xcb_send_event() implementation has a memcpy() that was copying 32 bytes but the event passed was a bounded to 28 bytes, so this resulted in a run-time exception in X11Client::sendClientMessage(). The same problem exists in Selection::sendSelectionNotify(), but this time we could end up copying up to 8 bytes since xcb_selection_notify_event_t is only 24 bytes.
This disclosure of uninitialized data could in theory have a security impact if it leaks a pointer value (e.g. a return address) as part of an exploit chain that needs to bypass ASLR. However, the selection notify events go directly to the XServer and you most likely already have a serious problem if an attacker has full control over the XServer. It is possible that the configure notify events go directly to an untrusted client, but even if they do this leak is not directly exploitable.
See also https://gitlab.freedesktop.org/xorg/lib/libxcb/-/issues/18