From fba7bf352678db2938f5a7b173d2a8823595ef3b Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sun, 21 Jul 2024 11:27:44 -0700
Subject: XvQueryAdaptors: avoid NULL deref if length is 0, but num_adaptors is
 not
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Found by gcc 14.1:
Xv.c: In function ‘XvQueryAdaptors’:
Xv.c:222:31: warning: dereference of NULL ‘<unknown>’ [CWE-476]
 [-Wanalyzer-null-dereference]
  222 |         pa->type = (char) u.pa->type;
      |                           ~~~~^~~~~~

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/lib/libxv/-/merge_requests/7>
---
 src/Xv.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/Xv.c b/src/Xv.c
index dc1e5f9..8e4bc17 100644
--- a/src/Xv.c
+++ b/src/Xv.c
@@ -192,6 +192,10 @@ XvQueryAdaptors(
         }
         _XRead(dpy, buffer, (long) size);
     }
+    else if (rep.num_adaptors != 0) {
+        status = XvBadReply;
+        goto out;
+    }
 
     /* GET INPUT ADAPTORS */
 
-- 
cgit v1.2.3