From ef89b6648e2a806237a6d2fa598e1b9c83f128b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zolt=C3=A1n=20B=C3=B6sz=C3=B6rm=C3=A9nyi?= <zboszor@pr.hu>
Date: Mon, 21 Jun 2021 12:12:41 +0200
Subject: [PATCH] xfree86: Fix NULL pointer dereference crash
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

screenp->displays[count] (passed to configDisplay() in
configScreen()) is NULL if there is no Virtual setting
in the configuration.

Fixes: f8a6be04d0c7e6a99824ff888ad6c010960c5c21 ("xfree86: Change
displays array to pointers array to fix invalid pointer issues
after table reallocation")

Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
---
 hw/xfree86/common/xf86Config.c | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/hw/xfree86/common/xf86Config.c b/hw/xfree86/common/xf86Config.c
index 73ab88ba5..5d814c148 100644
--- a/hw/xfree86/common/xf86Config.c
+++ b/hw/xfree86/common/xf86Config.c
@@ -1797,24 +1797,21 @@ configScreen(confScreenPtr screenp, XF86ConfScreenPtr conf_screen, int scrnum,
     screenp->displays = xnfallocarray(count, sizeof(DispPtr));
     screenp->numdisplays = count;
 
-    /* Fill in the default Virtual size, if any */
-    if (conf_screen->scrn_virtualX && conf_screen->scrn_virtualY) {
-        for (count = 0, dispptr = conf_screen->scrn_display_lst;
-             dispptr;
-             dispptr = (XF86ConfDisplayPtr) dispptr->list.next, count++) {
-            screenp->displays[count] = xnfcalloc(1, sizeof(DispRec));
+    for (count = 0, dispptr = conf_screen->scrn_display_lst;
+         dispptr;
+         dispptr = (XF86ConfDisplayPtr) dispptr->list.next, count++) {
+
+        /* Allocate individual Display records */
+        screenp->displays[count] = xnfcalloc(1, sizeof(DispRec));
+
+        /* Fill in the default Virtual size, if any */
+        if (conf_screen->scrn_virtualX && conf_screen->scrn_virtualY) {
             screenp->displays[count]->virtualX = conf_screen->scrn_virtualX;
             screenp->displays[count]->virtualY = conf_screen->scrn_virtualY;
         }
-    }
 
-    /* Now do the per-Display Virtual sizes */
-    count = 0;
-    dispptr = conf_screen->scrn_display_lst;
-    while (dispptr) {
+        /* Now do the per-Display Virtual sizes */
         configDisplay(screenp->displays[count], dispptr);
-        count++;
-        dispptr = (XF86ConfDisplayPtr) dispptr->list.next;
     }
 
     /*