From 304d21854d349b21dd8deb8a8f319637f17bd4a8 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat, 4 Oct 2025 15:40:22 -0700
Subject: [PATCH] Xext/sync: avoid null dereference in
 init_system_idle_counter()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reported in #1817:

xwayland-24.1.6/redhat-linux-build/../Xext/sync.c:2835:33: acquire_memory: this call could return NULL
xwayland-24.1.6/redhat-linux-build/../Xext/sync.c:2837:28: danger: ‘priv’ could be NULL: unchecked value from [(30)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/29)
# 2835|           IdleCounterPriv *priv = malloc(sizeof(IdleCounterPriv));
# 2836|
# 2837|->         priv->value_less = priv->value_greater = NULL;
# 2838|           priv->deviceid = deviceid;
# 2839|

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2072>
---
 Xext/sync.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Xext/sync.c b/Xext/sync.c
index 61bd693e8..d6bc95a60 100644
--- a/Xext/sync.c
+++ b/Xext/sync.c
@@ -2801,8 +2801,10 @@ init_system_idle_counter(const char *name, int deviceid)
     if (idle_time_counter != NULL) {
         IdleCounterPriv *priv = malloc(sizeof(IdleCounterPriv));
 
-        priv->value_less = priv->value_greater = NULL;
-        priv->deviceid = deviceid;
+        if (priv) {
+            priv->value_less = priv->value_greater = NULL;
+            priv->deviceid = deviceid;
+        }
 
         idle_time_counter->pSysCounterInfo->private = priv;
     }