From 227e0170ef17d5f04e8dbd1328a4d2448a4c68df Mon Sep 17 00:00:00 2001 From: Donat Zenichev Date: Fri, 22 May 2026 19:50:27 +0200 Subject: [PATCH] MT#61856 control_ng: hardening for `bencode_pretty_print()` The dict pretty printer advances from key to value by `chld = chld->sibling` and then prints the `chld`. If a malformed dict ever reaches this func with an odd number of child nodes, this can dereference NULL. Just add guard against NULL. Change-Id: Ia24671a5eba06dda8c48515fd9dc45fe7a9ec371 --- daemon/control_ng.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/daemon/control_ng.c b/daemon/control_ng.c index 78e397da5..41d96d3b1 100644 --- a/daemon/control_ng.c +++ b/daemon/control_ng.c @@ -629,6 +629,8 @@ static void bencode_pretty_print(bencode_item_t *el, GString *s) { g_string_append(s, sep); bencode_pretty_print(chld, s); g_string_append(s, ": "); + if (!chld->sibling) + break; chld = chld->sibling; bencode_pretty_print(chld, s); sep = ", ";