From e3f47be9fbc489e3eb5832445924810b2ff300f7 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Mon, 24 Oct 2011 10:01:26 +1000
Subject: [PATCH] xfree86: fix use-after-free issue in checkInput

*dev is the condition of the while loop we're in, reset to NULL after
freeing

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Dave Airlie <airlied@redhat.com>
---
 hw/xfree86/common/xf86Config.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/xfree86/common/xf86Config.c b/hw/xfree86/common/xf86Config.c
index b22b617a4..3ec40fe9b 100644
--- a/hw/xfree86/common/xf86Config.c
+++ b/hw/xfree86/common/xf86Config.c
@@ -2329,6 +2329,7 @@ checkInput(serverLayoutPtr layout, Bool implicit_layout)
 
                 current = dev;
                 free(*dev);
+                *dev = NULL;
 
                 do {
                     *current = *(current + 1);