From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 1 Jan 2025 00:00:33 +0000 (+0100)
Subject: select: avoid a NULL deref in cwfds_add_sock
X-Git-Tag: curl-8_12_0~218
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=af4e85925d98d7fb0de84613a3ec422c9ea0afd2;p=thirdparty%2Fcurl.git

select: avoid a NULL deref in cwfds_add_sock

curl_multi_waitfds(m, NULL, ...);

=> Curl_waitfds_init(&cwfds, ufds, size);

=> Curl_waitfds_add_ps(&cwfds);

=>   cwfds_add_sock(cwfds, ...);

Would then try to use the ->wfds array while set to NULL previously.
This should not happen, which this is now also protected with an assert
to trigger debug builds if it happens.

Caught by CodeSonar

Assisted-by: Jay Satiro

Closes #15881
---

diff --git a/lib/select.c b/lib/select.c
index a0f2ade071..a14696d114 100644
--- a/lib/select.c
+++ b/lib/select.c
@@ -503,7 +503,10 @@ static unsigned int cwfds_add_sock(struct curl_waitfds *cwfds,
                                    curl_socket_t sock, short events)
 {
   int i;
-
+  if(!cwfds->wfds) {
+    DEBUGASSERT(!cwfds->count && !cwfds->n);
+    return 1;
+  }
   if(cwfds->n <= INT_MAX) {
     for(i = (int)cwfds->n - 1; i >= 0; --i) {
       if(sock == cwfds->wfds[i].fd) {