From 005b26456b10eef7eb5933c1bb5116b5c765bfcc Mon Sep 17 00:00:00 2001
From: Collin <haplessgaming@gmail.com>
Date: Thu, 26 Jun 2025 20:07:17 -0500
Subject: [PATCH] Update OutputClass.c to Fix Double Free found in CodeQL

added the newpath variable and restructured if else loop with a strdup(xf86_lex_val.str); to populate newpath separately to avoid bug
---
 hw/xfree86/parser/OutputClass.c | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/hw/xfree86/parser/OutputClass.c b/hw/xfree86/parser/OutputClass.c
index cd9a19179..4efc9a766 100644
--- a/hw/xfree86/parser/OutputClass.c
+++ b/hw/xfree86/parser/OutputClass.c
@@ -123,16 +123,21 @@ xf86parseOutputClassSection(void)
                 ptr->driver = xf86_lex_val.str;
             break;
         case MODULEPATH:
-            if (xf86getSubToken(&(ptr->comment)) != XF86_TOKEN_STRING)
+            if (xf86getSubToken(&ptr->comment) != XF86_TOKEN_STRING)
                 Error(QUOTE_MSG, "ModulePath");
+            {
+                char *newpath;
             if (ptr->modulepath) {
-                char *path;
-                XNFasprintf(&path, "%s,%s", ptr->modulepath, xf86_lex_val.str);
-                free(xf86_lex_val.str);
-                free(ptr->modulepath);
-                ptr->modulepath = path;
-            } else {
-                ptr->modulepath = xf86_lex_val.str;
+                    XNFasprintf(&newpath, "%s,%s",
+                                ptr->modulepath,
+                                xf86_lex_val.str);
+                    free(ptr->modulepath);
+                }
+            else {
+                    newpath = strdup(xf86_lex_val.str);
+                }
+            free(xf86_lex_val.str);
+            ptr->modulepath = newpath;
             }
             break;
         case OPTION: