[PATCH v2025.09.y 40/58] hush: add NULL check for gl_pathv after do_glob_in_argv
Ahmad Fatoum
a.fatoum at pengutronix.de
Fri Mar 13 06:25:24 PDT 2026
If do_glob_in_argv is called with argc <= 0, the internal loop
never executes and gl_pathv remains NULL from the zero-initialized
globbuf. The subsequent globbuf.gl_pathv[0] dereference would then
crash. Add a NULL check to return early in this case.
(cherry picked from commit 02faac88eb51b0f65d5d05f2a088010959a1ece7)
Reported-by: GCC 14.2 -fanalyzer
Co-Authored-By: Claude Opus 4.6 <noreply at anthropic.com>
Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
Link: https://lore.barebox.org/20260216084253.3547270-9-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer at pengutronix.de>
---
common/hush.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/common/hush.c b/common/hush.c
index aada3120ec4b..99e8ee8856ed 100644
--- a/common/hush.c
+++ b/common/hush.c
@@ -848,6 +848,9 @@ static int run_pipe_real(struct p_context *ctx, struct pipe *pi)
do_glob_in_argv(&globbuf, child->argc - i, &child->argv[i]);
+ if (!globbuf.gl_pathv)
+ return -1;
+
remove_quotes(globbuf.gl_pathc, globbuf.gl_pathv);
if (!strcmp(globbuf.gl_pathv[0], "getopt") &&
--
2.47.3
More information about the barebox
mailing list