From 558ad6bd3855834c74adea8b3f22bb8e3dc514f9 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 24 Dec 2021 05:03:16 +0900
Subject: [PATCH] analyze: fix segfault when malloc() fails (#21874)

Fixes #21872.

log_syntax_callback sets 's', a.k.a. '*userdata', to POINTER_MAX to signal allocation failure.
If the error does not cause immediate failure of the program, and log_syntax_callback is called
again, it would try to use 's' as a pointer to a set and fail badly.
---
 src/analyze/analyze-verify.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/analyze/analyze-verify.c b/src/analyze/analyze-verify.c
index f3e5d3530d6..943a1f27de9 100644
--- a/src/analyze/analyze-verify.c
+++ b/src/analyze/analyze-verify.c
@@ -26,6 +26,9 @@ static void log_syntax_callback(const char *unit, int level, void *userdata) {
         if (level > LOG_WARNING)
                 return;
 
+        if (*s == POINTER_MAX)
+                return;
+
         r = set_put_strdup(s, unit);
         if (r < 0) {
                 set_free_free(*s);
-- 
2.47.3