From 1c0822e8cb4ba96e4bf555d4c46bcae1d85ca343 Mon Sep 17 00:00:00 2001
From: "Robert W. Van Kirk" <robert@rwvk.tech>
Date: Sat, 6 Dec 2025 12:00:00 -0600
Subject: [PATCH] formdata: validate callback is non-NULL before use

curl_formget() accepts a user-provided callback function but does not
validate it is non-NULL before calling it. If a caller passes NULL,
the function will crash with SIGSEGV.

Add NULL check at the start of the function to return an appropriate
error code instead of crashing.

Signed-off-by: Robert W. Van Kirk <robert@rwvk.tech>
Closes #19858
---
 lib/formdata.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/formdata.c b/lib/formdata.c
index b0c57b8d6f..8f95fc3df0 100644
--- a/lib/formdata.c
+++ b/lib/formdata.c
@@ -636,6 +636,10 @@ int curl_formget(struct curl_httppost *form, void *arg,
   CURLcode result;
   curl_mimepart toppart;
 
+  /* Validate callback is provided */
+  if(!append)
+    return (int)CURLE_BAD_FUNCTION_ARGUMENT;
+
   Curl_mime_initpart(&toppart); /* default form is empty */
   result = Curl_getformdata(NULL, &toppart, form, NULL);
   if(!result)
-- 
2.47.3