--- xorg-server-1.7.3/Xext/security.c~	2010-01-05 13:30:48.670082211 -0800
+++ xorg-server-1.7.3/Xext/security.c	2010-01-05 16:47:06.636167937 -0800
@@ -809,13 +809,15 @@ static void
 SecurityResource(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 {
     XaceResourceAccessRec *rec = calldata;
-    SecurityStateRec *subj, *obj;
+    SecurityStateRec *subj, *obj = NULL;
     int cid = CLIENT_ID(rec->id);
+    ClientPtr client = clients[cid];
     Mask requested = rec->access_mode;
     Mask allowed = SecurityResourceMask;
 
     subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
-    obj = dixLookupPrivate(&clients[cid]->devPrivates, stateKey);
+    if (client != NULL)
+	obj = dixLookupPrivate(&client->devPrivates, stateKey);
 
     /* disable background None for untrusted windows */
     if ((requested & DixCreateAccess) && (rec->rtype == RT_WINDOW))
@@ -841,8 +843,9 @@ SecurityResource(CallbackListPtr *pcbl, 
 	    allowed |= DixReadAccess;
     }
 
-    if (SecurityDoCheck(subj, obj, requested, allowed) == Success)
-	return;
+    if (obj != NULL)
+	if (SecurityDoCheck(subj, obj, requested, allowed) == Success)
+	    return;
 
     SecurityAudit("Security: denied client %d access %x to resource 0x%x "
 		  "of client %d on request %s\n", rec->client->index,