From dd2255c309ca8912e33c2f445c636f987e2b2088 Mon Sep 17 00:00:00 2001
From: Mikhail Dmitrichenko <m.dmitrichenko222@gmail.com>
Date: Wed, 17 Dec 2025 11:52:16 +0300
Subject: [PATCH] os: avoid closing null fd at Fopen

In `Fopen` function variable `iop` may store NULL as a result of `fopen`
call. In this case, if later privileges couldn't be restored (`seteuid`
call fails), further `fclose(iop)` call will cause runtime error.

This commit adds check `iop` for NULL before calling `fclose` to prevent
potential NULL pointer dereference.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Mikhail Dmitrichenko <m.dmitrichenko222@gmail.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2115>
(cherry picked from commit f83807647e171def9244a7f1d8d9af8e8e79f847)
---
 os/utils.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/os/utils.c b/os/utils.c
index 79e2f13f6..82ad41933 100644
--- a/os/utils.c
+++ b/os/utils.c
@@ -1516,7 +1516,9 @@ Fopen(const char *file, const char *type)
     iop = fopen(file, type);
 
     if (seteuid(euid) == -1) {
-        fclose(iop);
+        if (iop) {
+            fclose(iop);
+        }
         return NULL;
     }
     return iop;