randr: add BUG_* checks for possible NULL pointer issue

The ‘RRCrtcNotify() and RRCrtcSet() functions are exported, so there's chance
that a buggy driver could call them with NULL parameter, leading to segfault.
Those are hard to trace, so it's better having a BUG_* check here.

| ../randr/rrcrtc.c: In function ‘RRCrtcNotify’:
| ../randr/rrcrtc.c:187:5: warning: use of NULL ‘outputs’ where non-null expected [CWE-476] [-Wanalyzer-null-argument]
|   187 |     memcpy(crtc->outputs, outputs, numOutputs * sizeof(RROutputPtr));
|       |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

| ../randr/rrcrtc.c: In function ‘RRCrtcSet’:
| ../randr/rrcrtc.c:742:20: warning: dereference of NULL ‘outputs’ [CWE-476] [-Wanalyzer-null-dereference]
|   742 |         if (outputs[o]) {
|       |             ~~~~~~~^~~

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>

randr/rrcrtc.c

@@ -22,13 +22,15 @@
  */
 #include <dix-config.h>
 
+#include <X11/Xatom.h>
+
 #include "randr/randrstr_priv.h"
 #include "randr/rrdispatch_priv.h"
+#include "os/bug_priv.h"
 
 #include "swaprep.h"
 #include "mipointer.h"
 
-#include <X11/Xatom.h>
 
 RESTYPE RRCrtcType = 0;
 
@@ -184,10 +186,13 @@ RRCrtcNotify(RRCrtcPtr crtc,
         crtc->outputs = newoutputs;
         crtc->numOutputs = numOutputs;
     }
+
     /*
      * Copy the new list of outputs into the crtc
      */
+    BUG_RETURN_VAL(outputs == NULL, FALSE);
     memcpy(crtc->outputs, outputs, numOutputs * sizeof(RROutputPtr));
+
     /*
      * Update remaining crtc fields
      */
@@ -749,6 +754,8 @@ RRCrtcSet(RRCrtcPtr crtc,
     Bool crtcChanged;
     int  o;
 
+    BUG_RETURN_VAL(outputs == NULL, FALSE);
+
     rrScrPriv(pScreen);
 
     crtcChanged = FALSE;