BUILD: ssl/sample: potential null pointer dereference in sample_conv_aes

gcc flags aead_tag_trash as potentially NULL at the chunk_memcpy call
inside the (!dec && gcm) block, because it cannot correlate the
condition with the allocation that only happens in that same branch. Add
an explicit NULL check to silence the warning.

This was caught by cross-zoo.yml:

In file included from include/haproxy/connection.h:28,
                 from src/ssl_sample.c:27:
In function ‘b_orig’,
    inlined from ‘sample_conv_aes’ at src/ssl_sample.c:540:23:
include/haproxy/buf.h:80:17: error: potential null pointer dereference [-Werror=null-dereference]
   80 |         return b->area;
      |                ~^~~~~~
In function ‘b_data’,
    inlined from ‘sample_conv_aes’ at src/ssl_sample.c:540:3:
include/haproxy/buf.h:100:17: error: potential null pointer dereference [-Werror=null-dereference]
  100 |         return b->data;
      |                ~^~~~~~

diff --git a/src/ssl_sample.c b/src/ssl_sample.c
index 35850c29e45983f8d631f50cb0b52f8546af5d6d..7c10e43bed0278f5582f737a3c8cc58e8b369de2 100644 (file)
--- a/src/ssl_sample.c
+++ b/src/ssl_sample.c
@@ -537,6 +537,9 @@ static int sample_conv_aes(const struct arg *arg_p, struct sample *smp, void *pr
        if (!dec && gcm) {
                struct buffer *trash = get_trash_chunk();
 
+               if (!aead_tag_trash)
+                       goto end;
+
                chunk_memcpy(trash, b_orig(aead_tag_trash), b_data(aead_tag_trash));
 
                aead_tag.data.u.str = *smp_trash_alloc;