From 3ab0b8834c665d06d0231b0c16359a4f95f0d2c0 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Mon, 1 Jun 2026 21:09:59 +1000
Subject: [PATCH] vfb: NULL out pXWDHeader after free in freeScreenInfo

freeScreenInfo() is called from ddxGiveUp() during normal server
shutdown. If the server then aborts (e.g. due to the leak sanitizer
detecting leaks at exit), the signal handler calls AbortServer() which
calls ddxGiveUp() again, causing a double-free of pXWDHeader.

NULL out the pointer after freeing it to make the second call a no-op.
---
 hw/vfb/InitOutput.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/vfb/InitOutput.c b/hw/vfb/InitOutput.c
index 48efb61b2..ee8b70667 100644
--- a/hw/vfb/InitOutput.c
+++ b/hw/vfb/InitOutput.c
@@ -187,6 +187,7 @@ freeScreenInfo(vfbScreenInfoPtr pvfb)
 
     case NORMAL_MEMORY_FB:
         free(pvfb->pXWDHeader);
+        pvfb->pXWDHeader = NULL;
         break;
     }
 }