From: Darren Kenny <[email protected]> It appears to be possible that the mctx->state_log field may be NULL, and the name of this function, clean_state_log_if_needed(), suggests that it should be checking that it is valid to be cleaned before assuming that it does.
Fixes: CID 86720 Signed-off-by: Darren Kenny <[email protected]> Reviewed-by: Daniel Kiper <[email protected]> Signed-off-by: Robbie Harwood <[email protected]> --- lib/regexec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/regexec.c b/lib/regexec.c index 6aeba3c0b..e48fe5333 100644 --- a/lib/regexec.c +++ b/lib/regexec.c @@ -1675,6 +1675,9 @@ clean_state_log_if_needed (re_match_context_t *mctx, Idx next_state_log_idx) { Idx top = mctx->state_log_top; + if (mctx->state_log == NULL) + return REG_NOERROR; + if ((next_state_log_idx >= mctx->input.bufs_len && mctx->input.bufs_len < mctx->input.len) || (next_state_log_idx >= mctx->input.valid_len -- 2.33.0
