The function `startrpc()` stack allocates a local buffer of size 100: ```c static Muxrpc* startrpc(int type) { uchar buf[100]; ^^^^^^^^ Wsysmsg w; w.type = type; convW2M(&w, buf, sizeof buf); return muxrpcstart(display->mux, buf); } ``` The function `convW2M()` is called passing `buf`. That function accesses `buf` out-of-bounds: ```c uint convW2M(Wsysmsg *m, uchar *p, uint n) { ... case Tcursor2: PUT(p+6, m->cursor.offset.x); PUT(p+10, m->cursor.offset.y); memmove(p+14, m->cursor.clr, sizeof m->cursor.clr); memmove(p+46, m->cursor.set, sizeof m->cursor.set); PUT(p+78, m->cursor2.offset.x); PUT(p+82, m->cursor2.offset.y); memmove(p+86, m->cursor2.clr, sizeof m->cursor2.clr); memmove(p+214, m->cursor2.set, sizeof m->cursor2.set); p[342] = m->arrowcursor; ^^^^^^ ``` To fix the issue the size of local variable `buf` is increased from 100 to 512 to avoid out-of-bounds array access.

Runes in Plan 9 were limited to the 16-bit BMP when I drew up the RPC protocol between graphical programs and devdraw a long time ago. Now that they can be 32-bit, use a 32-bit wire encoding too. A new message number to avoid problems with other clients (like 9fans.net/go). Add keyboard shortcut alt : , for U+1F602, face with tears of joy, to test that it all works.

Remote whitespace at the ends of lines. Remove blank lines from the ends of files. Change modes on source files so that they are not executable. Signed-off-by: Dan Cross <cross@gajendra.net>

Also add setcursor2, esetcursor2, and draw protocol encoding. Calls to the old setcursor, esetcursor create a 32x32 by pixel doubling when needed.

R=rsc http://codereview.appspot.com/6501137

distinguish between "cannot receive without blocking" and "EOF on connection". In libmux, do not elect async guys muxers, so that synchronous RPC calls run in the main event loop (e.g., in eresized) do not get stuck. Fixes problem reported by Lu Xuxiao, namely that jpg etc. would spin at 100% cpu usage.