From 1c08a37e0eb4746e8974eb7a70ca4b7b84712963 Mon Sep 17 00:00:00 2001
From: Sam Lau <sam.lau@oracle.com>
Date: Thu, 3 Jun 2010 19:17:14 -0700
Subject: [PATCH] SecurityResource should not segfault when client owning
 resource has exited

Fixes OpenSolaris bug 6949754:
  Xorg crashes when the magnifier is enabled at gdm login greeter window.
  http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6949754

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
---
 Xext/security.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/Xext/security.c b/Xext/security.c
index b37339fa7..7eb95de74 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -805,7 +805,6 @@ SecurityResource(CallbackListPtr *pcbl, pointer unused, pointer calldata)
     Mask allowed = SecurityResourceMask;
 
     subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
-    obj = dixLookupPrivate(&clients[cid]->devPrivates, stateKey);
 
     /* disable background None for untrusted windows */
     if ((requested & DixCreateAccess) && (rec->rtype == RT_WINDOW))
@@ -831,8 +830,11 @@ SecurityResource(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 	    allowed |= DixReadAccess;
     }
 
-    if (SecurityDoCheck(subj, obj, requested, allowed) == Success)
-	return;
+    if (clients[cid] != NULL) {
+	obj = dixLookupPrivate(&clients[cid]->devPrivates, stateKey);
+	if (SecurityDoCheck(subj, obj, requested, allowed) == Success)
+	    return;
+    }
 
     SecurityAudit("Security: denied client %d access %x to resource 0x%x "
 		  "of client %d on request %s\n", rec->client->index,