From 8bc8502c698115c3f4885ba42e60ede0e681caaa Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Wed, 30 Nov 2011 19:29:01 -0800
Subject: [PATCH] Avoid NULL pointer dereference in autoProbeMouse if proto ==
 PROT_UNSUP

Error: Null pointer dereference (CWE 476)
   Read from null pointer 'GetProtocol(proto)'
        at line 3477 of src/mouse.c in function 'autoProbeMouse'.
          Function 'GetProtocol' may return constant 'NULL' at line 736, called at line 3477.
          Null pointer introduced at line 736 in function 'GetProtocol'.

We already handle one of the two cases that make GetProtocol return NULL,
proto == PROTO_UNKNOWN, but not PROT_UNSUP.

[ This bug was found by the Parfait 0.4.2 bug checking tool.
  For more information see http://labs.oracle.com/projects/parfait/ ]

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Alexandr Shadchin <alexandr.shadchin@gmail.com>
---
 src/mouse.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/mouse.c b/src/mouse.c
index 5160786..f4c7c82 100644
--- a/src/mouse.c
+++ b/src/mouse.c
@@ -3469,12 +3469,14 @@ autoProbeMouse(InputInfoPtr pInfo, Bool inSync, Bool lostSync)
 	case AUTOPROBE_SWITCH_PROTOCOL:
 	{
 	    MouseProtocolID proto;
+	    MouseProtocolPtr pProto;
 	    void *defaults;
 	    AP_DBG(("State SWITCH_PROTOCOL\n"));
 	    proto = mPriv->protoList[mPriv->protocolID++];
 	    if (proto == PROT_UNKNOWN) 
 		mPriv->autoState = AUTOPROBE_SWITCHSERIAL;
-	    else if (!(defaults = GetProtocol(proto)->defaults)
+	    else if (!((pProto = GetProtocol(proto)) &&
+		       ((defaults = pProto->defaults)))
 		       || (mPriv->serialDefaultsNum == -1 
 			   && (defaults == msDefaults))
 		       || (mPriv->serialDefaultsNum != -1