I came across a NULL dereference in ctags which is relatively simple.
The `put_entries()` function does not check for `NULL` on a `node` value,
and thus when a `malloc()` fails the first time `pfnote()` (tree.c) is
called it is possible to `put_entries(head);`. At this point `head` is
still `NULL` (initial state) and thus a NULL deref occurs.
Just adding a `NULL` check on `node` in `put_entries()` should do the trick.
Relevant code in `tree.c`
```
void
pfnote(char *name, int ln)
{
NODE *np;
char *fp;
char nbuf[1+MAXNAMLEN+1];
if (!(np = malloc(sizeof(NODE)))) {
warnx("too many entries to sort");
put_entries(head); <--- NULL deref here
```
Relevant code in `print.c`
```
void
put_entries(NODE *node)
{
if (node->left) <--- crash here on dereference
put_entries(node->left);
```
Stack trace:
```
(gdb) bt
#0 0x00000dffb208f0bd in put_entries (node=0x0) at
/usr/src/usr.bin/ctags/print.c:95
#1 0x00000dffb208f275 in pfnote (name=0x7f7ffffd0c60 "main", ln=3) at
/usr/src/usr.bin/ctags/tree.c:60
#2 0x00000dffb208c663 in c_entries () at /usr/src/usr.bin/ctags/C.c:163
#3 0x00000dffb208d951 in main (argc=1, argv=0x7f7ffffd0d80) at
/usr/src/usr.bin/ctags/ctags.c:139
```
-B
