From 66a7ebfeef82f6b198aee8c612250c096ae23741 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Thu, 11 Sep 2025 13:42:45 +0200
Subject: [PATCH] BUG/MINOR: acme: null pointer dereference upon allocation
 failure

Reported in issue #3115:

     	11. var_compare_op: Comparing task to null implies that task might be null.
681                if (!task) {
682                        ret++;
683                        ha_alert("acme: couldn't start the scheduler!\n");
684                }
CID 1609721: (#1 of 1): Dereference after null check (FORWARD_NULL)
12. var_deref_op: Dereferencing null pointer task.
685                task->nice = 0;
686                task->process = acme_scheduler;
687
688                task_wakeup(task, TASK_WOKEN_INIT);
689        }
690

Task would be dereferenced upon allocation failure instead of falling
back to the end of the function after the error.

Should be backported in 3.2.
---
 src/acme.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/acme.c b/src/acme.c
index 06b38b27f..2d8319cdc 100644
--- a/src/acme.c
+++ b/src/acme.c
@@ -681,6 +681,7 @@ static int cfg_postparser_acme()
 		if (!task) {
 			ret++;
 			ha_alert("acme: couldn't start the scheduler!\n");
+			goto end;
 		}
 		task->nice = 0;
 		task->process = acme_scheduler;
@@ -688,6 +689,7 @@ static int cfg_postparser_acme()
 		task_wakeup(task, TASK_WOKEN_INIT);
 	}
 
+end:
 	return ret;
 }