From: Darren Kenny <darren.ke...@oracle.com> It appears to be possible that the mctx->state_log field may be NULL, and the name of this function, clean_state_log_if_needed(), suggests that it should be checking that it is valid to be cleaned before assuming that it does.
Fixes: CID 86720 Signed-off-by: Darren Kenny <darren.ke...@oracle.com> Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com> Signed-off-by: Robbie Harwood <rharw...@redhat.com> --- lib/regexec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/regexec.c b/lib/regexec.c index 085bf27b0..d63b8800c 100644 --- a/lib/regexec.c +++ b/lib/regexec.c @@ -1657,6 +1657,9 @@ clean_state_log_if_needed (re_match_context_t *mctx, Idx next_state_log_idx) { Idx top = mctx->state_log_top; + if (mctx->state_log == NULL) + return REG_NOERROR; + if ((next_state_log_idx >= mctx->input.bufs_len && mctx->input.bufs_len < mctx->input.len) || (next_state_log_idx >= mctx->input.valid_len -- 2.33.0