xz: Avoid arithmetic on a null pointer

It's undefined behavior. The result wasn't ever used as it occurred
in the last iteration of a loop.

Clang 17 with -fsanitize=address,undefined:

    $ src/xz/xz --block-list=123
    src/xz/args.c:164:12: runtime error: applying non-zero offset 1
        to null pointer

Fixes: 88ccf47205d7f3aa314d358c72ef214f10f68b43
Co-authored-by: Sam James <sam@gentoo.org>
(cherry picked from commit 77c8f60547decefca8f2d0c905d9c708c38ee8ff)
(cherry picked from commit 203d48259935bad1c26e35d42f3db3c0f414bd8c)

diff --git a/src/xz/args.c b/src/xz/args.c
index 51cee4352fbf7a3ba8e0e789dabe3ef1c6500fb6..d0da1e759044581fdd7717bc11f02a8dbb1c2824 100644 (file)
--- a/src/xz/args.c
+++ b/src/xz/args.c
@@ -120,7 +120,13 @@ parse_block_list(const char *str_const)
                        }
                }
 
-               str = p + 1;
+               // Be standards compliant: p + 1 is undefined behavior
+               // if p == NULL. That occurs on the last iteration of
+               // the loop when we won't care about the value of str
+               // anymore anyway. That is, this is done conditionally
+               // solely for standard conformance reasons.
+               if (p != NULL)
+                       str = p + 1;
        }
 
        // Terminate the array.