From c4717321c01678209ea5c7215d31556f6eadb798 Mon Sep 17 00:00:00 2001
From: Jesse Adkins <jesserayadkins@gmail.com>
Date: Wed, 4 Aug 2010 23:39:14 -0700
Subject: [PATCH] xfree86: parser: Never use constant strings for driver names
 (fixes #17438)

When the parser sees the "keyboard" driver, it automatically (and
 silently) replaces it with the constant string "kbd".
Everybody else uses malloc'd memory for the driver name, so input
 device closure assumes it can use free.
Free val.str, so this crash doesn't turn into a memory leak. Whew.

Signed-off-by: Jesse Adkins <jesserayadkins@gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit bce12f2956f23c0ee53f7f6485dba631293a0931)
---
 hw/xfree86/parser/Input.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/hw/xfree86/parser/Input.c b/hw/xfree86/parser/Input.c
index 4e3c04e53..953215beb 100644
--- a/hw/xfree86/parser/Input.c
+++ b/hw/xfree86/parser/Input.c
@@ -59,6 +59,7 @@
 #include <xorg-config.h>
 #endif
 
+#include "os.h"
 #include "xf86Parser.h"
 #include "xf86tokens.h"
 #include "Configint.h"
@@ -102,8 +103,10 @@ xf86parseInputSection (void)
 		case DRIVER:
 			if (xf86getSubToken (&(ptr->inp_comment)) != STRING)
 				Error (QUOTE_MSG, "Driver");
-                        if (strcmp(val.str, "keyboard") == 0)
-                            ptr->inp_driver = "kbd";
+                        if (strcmp(val.str, "keyboard") == 0) {
+                            ptr->inp_driver = strdup("kbd");
+                            free(val.str);
+                        }
                         else
 			    ptr->inp_driver = val.str;
 			break;