Fix NULL pointer dereference in solv_chksum_free()

Commit a4f1b2fc ("Split the checksum implementation into chksum_impl.c")
introduced a NULL pointer dereference in solv_chksum_free(). The
refactoring added an else branch that accesses chk->impl to free
internal resources, but this branch is reached even when chk is NULL.

Before the refactoring, solv_chksum_free(NULL, NULL) was safe:
  - the "if (cp)" branch was skipped (cp is NULL)
  - solv_free(NULL) was called, which is a no-op

After the refactoring:
  - the "if (cp)" branch is skipped
  - the new "else if (chk->impl)" dereferences chk, which is NULL

Fix by adding a NULL check for chk at the top of solv_chksum_free(),
restoring the pre-refactoring behavior.

Signed-off-by: Marek Blaha <mblaha@redhat.com>

diff --git a/src/chksum.c b/src/chksum.c
index 9d1a8e63559329f14564ccb9c84385ee7ce0f6e8..a7eacdb6ce24bca311f27bde6e03106a052ed6ef 100644 (file)
--- a/src/chksum.c
+++ b/src/chksum.c
@@ -147,6 +147,8 @@ solv_chksum_str2type(const char *str)
 void *
 solv_chksum_free(Chksum *chk, unsigned char *cp)
 {
+  if (!chk)
+    return 0;
   if (cp)
     {
       int len = chk->impl ? solv_chksum_finalize(chk) : solv_chksum_len(chk->type);