It appears to be possible that the mctx->state_log field may be NULL, and the name of this function, clean_state_log_if_needed(), suggests that it should be checking that it is valid to be cleaned before assuming that it does.
This was originally found during a Coverity scan of GRUB2. Signed-off-by: Darren Kenny <[email protected]> --- lib/regexec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/regexec.c b/lib/regexec.c index 5d4113c9d3ee..2b2ab8e4afd0 100644 --- a/lib/regexec.c +++ b/lib/regexec.c @@ -1672,6 +1672,9 @@ clean_state_log_if_needed (re_match_context_t *mctx, Idx next_state_log_idx) { Idx top = mctx->state_log_top; + if (mctx->state_log == NULL) + return REG_NOERROR; + if ((next_state_log_idx >= mctx->input.bufs_len && mctx->input.bufs_len < mctx->input.len) || (next_state_log_idx >= mctx->input.valid_len -- 2.18.4
