The function `prop_get_symbol` may return NULL, which was not checked
before dereferencing the pointer in `menu_finalize`. This could lead
to undefined behavior or crashes.
This commit adds a NULL check before accessing `es->rev_dep.expr` and
`es->implied.expr`. If `es` is NULL, a warning is logged, and the
operation is skipped.
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov@xxxxxxxxx>
---
scripts/kconfig/menu.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/scripts/kconfig/menu.c b/scripts/kconfig/menu.c
index 0fe7f3255a..3fb3ab4637 100644
--- a/scripts/kconfig/menu.c
+++ b/scripts/kconfig/menu.c
@@ -400,12 +400,18 @@ void menu_finalize(struct menu *parent)
*/
if (prop->type == P_SELECT) {
struct symbol *es = prop_get_symbol(prop);
- es->rev_dep.expr = expr_alloc_or(es->rev_dep.expr,
- expr_alloc_and(expr_alloc_symbol(menu->sym), expr_copy(dep)));
+ if (es) {
+ es->rev_dep.expr = expr_alloc_or(es->rev_dep.expr,
+ expr_alloc_and(expr_alloc_symbol(menu->sym), expr_copy(dep)));
+ } else
+ menu_warn(menu, "select property has no symbol");
} else if (prop->type == P_IMPLY) {
struct symbol *es = prop_get_symbol(prop);
- es->implied.expr = expr_alloc_or(es->implied.expr,
- expr_alloc_and(expr_alloc_symbol(menu->sym), expr_copy(dep)));
+ if (es) {
+ es->implied.expr = expr_alloc_or(es->implied.expr,
+ expr_alloc_and(expr_alloc_symbol(menu->sym), expr_copy(dep)));
+ } else
+ menu_warn(menu, "imply property has no symbol");
}
}
}
--
2.30.2
