From 0e8ff0bf57d0a27b501d78eb4be6a311797988e4 Mon Sep 17 00:00:00 2001
From: "Enrico Weigelt, metux IT consult" <info@metux.net>
Date: Tue, 6 May 2025 17:07:05 +0200
Subject: [PATCH] Xext: sync: protect from NULL pointer dereference
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

> ../Xext/sync.c: In function ‘IdleTimeQueryValue’:
> ../Xext/sync.c:2654:18: warning: dereference of NULL ‘priv’ [CWE-476] [-Wanalyzer-null-dereference]
>  2654 |         deviceid = priv->deviceid;
>       |         ~~~~~~~~~^~~~~~~~~~~~~~~~

> ../Xext/sync.c: In function ‘IdleTimeBlockHandler’:
> ../Xext/sync.c:2666:14: warning: dereference of NULL ‘priv’ [CWE-476] [-Wanalyzer-null-dereference]
>  2666 |     int64_t *less = priv->value_less;
>       |              ^~~~

> ../Xext/sync.c:2773:9: warning: dereference of NULL ‘priv’ [CWE-476] [-Wanalyzer-null-dereference]
>  2773 |     if (LastEventTimeWasReset(priv->deviceid)) {
>       |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

> ../Xext/sync.c: In function ‘IdleTimeBracketValues’:
> ../Xext/sync.c:2791:14: warning: dereference of NULL ‘priv’ [CWE-476] [-Wanalyzer-null-dereference]
>  2791 |     int64_t *less = priv->value_less;
>       |              ^~~~

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
---
 Xext/sync.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/Xext/sync.c b/Xext/sync.c
index ff91416e1..d5aff6b0d 100644
--- a/Xext/sync.c
+++ b/Xext/sync.c
@@ -2647,16 +2647,15 @@ typedef struct {
 static void
 IdleTimeQueryValue(void *pCounter, int64_t *pValue_return)
 {
-    int deviceid;
+    int deviceid = XIAllDevices;
     CARD32 idle;
 
     if (pCounter) {
         SyncCounter *counter = pCounter;
         IdleCounterPriv *priv = SysCounterGetPrivate(counter);
-        deviceid = priv->deviceid;
+        if (priv)
+            deviceid = priv->deviceid;
     }
-    else
-        deviceid = XIAllDevices;
     idle = GetTimeInMillis() - LastEventTime(deviceid).milliseconds;
     *pValue_return = idle;
 }
@@ -2666,6 +2665,8 @@ IdleTimeBlockHandler(void *pCounter, void *wt)
 {
     SyncCounter *counter = pCounter;
     IdleCounterPriv *priv = SysCounterGetPrivate(counter);
+    if (!priv)
+        return;
     int64_t *less = priv->value_less;
     int64_t *greater = priv->value_greater;
     int64_t idle, old_idle;
@@ -2756,6 +2757,8 @@ IdleTimeWakeupHandler(void *pCounter, int rc)
 {
     SyncCounter *counter = pCounter;
     IdleCounterPriv *priv = SysCounterGetPrivate(counter);
+    if (!priv)
+        return;
     int64_t *less = priv->value_less;
     int64_t *greater = priv->value_greater;
     int64_t idle;
@@ -2789,6 +2792,8 @@ IdleTimeBracketValues(void *pCounter, int64_t *pbracket_less,
 {
     SyncCounter *counter = pCounter;
     IdleCounterPriv *priv = SysCounterGetPrivate(counter);
+    if (!priv)
+        return;
     int64_t *less = priv->value_less;
     int64_t *greater = priv->value_greater;
     Bool registered = (less || greater);