From 95e9629530e07682ffd061e92e0e51506e4b3f70 Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Mon, 20 Apr 2026 10:58:08 +0200 Subject: [PATCH] BUILD: ssl/sample: potential null pointer dereference in sample_conv_aes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit gcc flags aead_tag_trash as potentially NULL at the chunk_memcpy call inside the (!dec && gcm) block, because it cannot correlate the condition with the allocation that only happens in that same branch. Add an explicit NULL check to silence the warning. This was caught by cross-zoo.yml: In file included from include/haproxy/connection.h:28, from src/ssl_sample.c:27: In function ‘b_orig’, inlined from ‘sample_conv_aes’ at src/ssl_sample.c:540:23: include/haproxy/buf.h:80:17: error: potential null pointer dereference [-Werror=null-dereference] 80 | return b->area; | ~^~~~~~ In function ‘b_data’, inlined from ‘sample_conv_aes’ at src/ssl_sample.c:540:3: include/haproxy/buf.h:100:17: error: potential null pointer dereference [-Werror=null-dereference] 100 | return b->data; | ~^~~~~~ --- src/ssl_sample.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/ssl_sample.c b/src/ssl_sample.c index 35850c29e..7c10e43be 100644 --- a/src/ssl_sample.c +++ b/src/ssl_sample.c @@ -537,6 +537,9 @@ static int sample_conv_aes(const struct arg *arg_p, struct sample *smp, void *pr if (!dec && gcm) { struct buffer *trash = get_trash_chunk(); + if (!aead_tag_trash) + goto end; + chunk_memcpy(trash, b_orig(aead_tag_trash), b_data(aead_tag_trash)); aead_tag.data.u.str = *smp_trash_alloc;