XRecordFreeState: avoid NULL dereference when called in error path

If the client_info pointer is NULL (for instance, if we decided
the number of entries would cause an integer overflow), then
don't attempt to walk it to free the entries.

Found by gcc 14.1:

XRecord.c:513:31: warning: dereference of NULL ‘0’ [CWE-476]
 [-Wanalyzer-null-dereference]
  513 |         if (state->client_info[i]->ranges) {
      |             ~~~~~~~~~~~~~~~~~~^~~
[...]
    |  452 |         ret->client_info = client_inf;
    |      |         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                          |
    |      |                          (10) ‘client_inf’ is NULL
[...]
    |  457 |            XRecordFreeState(ret);
    |      |            ^~~~~~~~~~~~~~~~~~~~~
    |      |            |
    |      |            (14) ...to here
    |      |            (15) calling ‘XRecordFreeState’ from ‘XRecordGetContext’

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/lib/libxtst/-/merge_requests/7>

1 files changed, 7 insertions, 7 deletions

diff --git a/src/XRecord.c b/src/XRecord.c
index efa47bd..11d23f6 100644
--- a/src/XRecord.c
+++ b/src/XRecord.c
@@ -509,14 +509,14 @@ XRecordGetContext(Display *dpy, XRecordContext context,
 void
 XRecordFreeState(XRecordState *state)
 {
-    for (unsigned long i = 0; i < state->nclients; i++) {
-	if (state->client_info[i]->ranges) {
-	    if (state->client_info[i]->ranges[0])
-		Xfree(state->client_info[i]->ranges[0]);
-	    Xfree(state->client_info[i]->ranges);
-	}
-    }
     if (state->client_info) {
+	for (unsigned long i = 0; i < state->nclients; i++) {
+	    if (state->client_info[i]->ranges) {
+		if (state->client_info[i]->ranges[0])
+		    Xfree(state->client_info[i]->ranges[0]);
+		Xfree(state->client_info[i]->ranges);
+	    }
+	}
 	if (state->client_info[0])
 	    Xfree(state->client_info[0]);
 	Xfree(state->client_info);