[PATCH] dix: don't retrieve the syncEvents tail on an empty list

[Peter Hutterer]

An empty list points to itself but syncEvents has the list head only and is
of a different format than the elements. Thus, casting it to a QdEventPtr
gives us garbage.

Segfaults with XTS test case Xlib13/XGrabKeyboard

Introduced in 7af23259d88f4c28ed21140f82cc03b3724c06bb.

Reported-by: Aaron Plattner <aplattner at nvidia.com>
Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
---
 dix/events.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/dix/events.c b/dix/events.c
index 48cf7a2..d802903 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -1116,13 +1116,14 @@ NoticeEventTime(InternalEvent *ev)
 void
 EnqueueEvent(InternalEvent *ev, DeviceIntPtr device)
 {
-    QdEventPtr	tail;
+    QdEventPtr	tail = NULL;
     QdEventPtr	qe;
     SpritePtr	pSprite = device->spriteInfo->sprite;
     int		eventlen;
     DeviceEvent *event = &ev->device_event;
 
-    tail = list_last_entry(&syncEvents.pending, QdEventRec, next);
+    if (!list_is_empty(&syncEvents.pending))
+        tail = list_last_entry(&syncEvents.pending, QdEventRec, next);
 
     NoticeTime((InternalEvent*)event);
 
-- 
1.7.7.1