From 5af580c93890e27d356f8200df2191cba14b9480 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Wed, 25 Jan 2023 11:41:40 +1000
Subject: [PATCH] Xi: fix potential use-after-free in DeepCopyPointerClasses

CVE-2023-0494, ZDI-CAN-19596

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
 unix/Xvnc/programs/Xserver/Xi/exevents.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/unix/Xvnc/programs/Xserver/Xi/exevents.c b/unix/Xvnc/programs/Xserver/Xi/exevents.c
index 659816a46..0cb8d789c 100644
--- a/unix/Xvnc/programs/Xserver/Xi/exevents.c
+++ b/unix/Xvnc/programs/Xserver/Xi/exevents.c
@@ -575,8 +575,10 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
             memcpy(to->button->xkb_acts, from->button->xkb_acts,
                    sizeof(XkbAction));
         }
-        else
+        else {
             free(to->button->xkb_acts);
+            to->button->xkb_acts = NULL;
+        }
 
         memcpy(to->button->labels, from->button->labels,
                from->button->numButtons * sizeof(Atom));