tools/nolibc: getopt: Fix potential out of bounds access

Running clang-tidy on a program that uses getopt() from nolibc
this warning appears:

getopt.h:80:6: warning: Out of bound access to memory after the end of the string literal [clang-analyzer-security.ArrayBound]
80 |         if (optstring[i] == ':') {

This looks like a very unlikely case that an argument
inside of argv is being changed between getopt() calls.

Adding a check for d becoming 0 in the guard after the loop
stops getopt() getting far enough to access beyond the end
of the array and seems to correct the issue.

Fixes: bae3cd708e8a ("tools/nolibc: add getopt()")
Assisted-by: Claude:claude-4.6-sonnet # reproducer
Signed-off-by: Daniel Palmer <daniel@thingy.jp>
Link: https://patch.msgid.link/20260520111931.1027758-1-daniel@thingy.jp
[Thomas: clean up commit message a bit]
Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>

diff --git a/tools/include/nolibc/getopt.h b/tools/include/nolibc/getopt.h
index 87565e3b6a339fad6d49f2ae906f2826144f79f7..3ad140f692dfe783c33709fce5ae36595b09fb23 100644 (file)
--- a/tools/include/nolibc/getopt.h
+++ b/tools/include/nolibc/getopt.h
@@ -71,7 +71,7 @@ int getopt(int argc, char * const argv[], const char *optstring)
                d = optstring[i++];
        } while (d && d != c);
 
-       if (d != c || c == ':') {
+       if (!d || d != c || c == ':') {
                optopt = c;
                if (optstring[0] != ':' && opterr)
                        fprintf(stderr, "%s: unrecognized option: %c\n", argv[0], *optchar);