From 4902195313f16eeca44507bfbc9e5b3b8016a61f Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Tue, 2 Sep 2025 17:41:51 +0200
Subject: [PATCH] BUILD: acl: silence a possible null deref warning in
 parse_acl_expr()

The fix in commit 441cd614f9 ("BUG/MINOR: acl: set arg_list->kw to
aclkw->kw string literal if aclkw is found") involves an unchecked
access to "al" after that one is tested for possibly being NULL. This
rightfully upsets Coverity (GH #3095) and might also trigger warnings
depending on the compilers. However, no known caller to date passes
a NULL arg list here so there's no way to trigger this theoretical
bug.

This should be backported along with the fix above to avoid emitting
warnings, possibly as far as 2.6 since that fix was tagged as such.
---
 src/acl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/acl.c b/src/acl.c
index 73fdf7207..370d696c0 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -171,7 +171,9 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list *
 	if (aclkw) {
 		/* OK we have a real ACL keyword */
 
-		al->kw = aclkw->kw;
+		if (al)
+			al->kw = aclkw->kw;
+
 		/* build new sample expression for this ACL */
 		smp = calloc(1, sizeof(*smp));
 		if (!smp) {