From 3a113815a0cc86d64789494e905da9778174f738 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Mon, 6 Jan 2014 17:10:38 -0800
Subject: [PATCH] If AllocGrab() fails to set up grab, don't copy to a NULL
 grab

If either the initial calloc or the xi2mask_new fails, grab is NULL,
but if a src grab is passed in, it was always being written to by
CopyGrab (and if that failed, dereferenced again in teardown).

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
 dix/grabs.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/dix/grabs.c b/dix/grabs.c
index a03897af4..7f4c8715e 100644
--- a/dix/grabs.c
+++ b/dix/grabs.c
@@ -199,12 +199,11 @@ AllocGrab(const GrabPtr src)
             free(grab);
             grab = NULL;
         }
-    }
-
-    if (src && !CopyGrab(grab, src)) {
-        free(grab->xi2mask);
-        free(grab);
-        grab = NULL;
+        else if (src && !CopyGrab(grab, src)) {
+            free(grab->xi2mask);
+            free(grab);
+            grab = NULL;
+        }
     }
 
     return grab;