From 238c1ccf4b33d4e91e1ae097ca32403cbef4e5a1 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat, 11 Oct 2025 21:28:42 +0300
Subject: [PATCH] Xext/xtest: avoid null dereference in ProcXTestFakeInput()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reported in https://gitlab.freedesktop.org/xorg/xserver/-/issues/1817:

xwayland-24.1.6/redhat-linux-build/../Xext/xtest.c:383:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘dev’
xwayland-24.1.6/redhat-linux-build/../Xext/xtest.c:348:9: release_memory: ‘dev’ is NULL
xwayland-24.1.6/redhat-linux-build/../Xext/xtest.c:383:14: danger: dereference of NULL ‘dev’

xwayland-24.1.6/redhat-linux-build/../Xext/xtest.c:395:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘dev’
xwayland-24.1.6/redhat-linux-build/../Xext/xtest.c:348:9: release_memory: ‘dev’ is NULL
xwayland-24.1.6/redhat-linux-build/../Xext/xtest.c:395:14: danger: dereference of NULL ‘dev’

xwayland-24.1.6/redhat-linux-build/../Xext/xtest.c:426:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘dev’
xwayland-24.1.6/redhat-linux-build/../Xext
/xtest.c:348:9: release_memory: ‘dev’ is NULL
xwayland-24.1.6/redhat-linux-build/../Xext/xtest.c:426:14: danger: dereference of NULL ...
---
 Xext/xtest.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Xext/xtest.c b/Xext/xtest.c
index 5f4d6eadbb..332bc197a1 100644
--- a/Xext/xtest.c
+++ b/Xext/xtest.c
@@ -355,6 +355,10 @@ ProcXTestFakeInput(ClientPtr client)
             return BadAccess;
 
         dev = GetXTestDevice(dev);
+
+        /* This can only happen if we passed a slave to GetXTestDevice() */
+        if (!dev)
+            return BadAccess;
     }