From 700ddafe0ccd1de1e95900f50aef3c20782369b0 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Thu, 9 Feb 2023 11:40:07 +0100
Subject: [PATCH] dix: Clear device sprite after free in AttachDevice()

The code in AttachDevice() may free the dev->spriteInfo->sprite under
some circumstances and later call GetCurrentRootWindow() which uses
the same dev->spriteInfo->sprite.

While it seems unlikely that this is actually an issue, considering the
cases where one or the other get called, it still makes the code look
suspicious.

Make sure to clear set dev->spriteInfo->sprite to NULL  immediately
after it's freed to avoid any confusion, even if only to clarify the
code.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1436
(cherry picked from commit e196535abbf2ef4aa7c1eb0b4b9b67840032b88a)
---
 dix/devices.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dix/devices.c b/dix/devices.c
index 5bf956ead..a3fbe8140 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -2627,6 +2627,7 @@ AttachDevice(ClientPtr client, DeviceIntPtr dev, DeviceIntPtr master)
         screen = miPointerGetScreen(dev);
         screen->DeviceCursorCleanup(dev, screen);
         free(dev->spriteInfo->sprite);
+        dev->spriteInfo->sprite = NULL;
     }
 
     dev->master = master;