If AllocGrab() fails to set up grab, don't copy to a NULL grab

If either the initial calloc or the xi2mask_new fails, grab is NULL,
but if a src grab is passed in, it was always being written to by
CopyGrab (and if that failed, dereferenced again in teardown).

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>

diff --git a/dix/grabs.c b/dix/grabs.c
index a03897a..7f4c871 100644 (file)
--- a/dix/grabs.c
+++ b/dix/grabs.c
@@ -199,12 +199,11 @@ AllocGrab(const GrabPtr src)
             free(grab);
             grab = NULL;
         }
-    }
-
-    if (src && !CopyGrab(grab, src)) {
-        free(grab->xi2mask);
-        free(grab);
-        grab = NULL;
+        else if (src && !CopyGrab(grab, src)) {
+            free(grab->xi2mask);
+            free(grab);
+            grab = NULL;
+        }
     }
 
     return grab;