From c08f1613744351338e822c309d2c6815edca205f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Deuc=D0=B5?= <shurd@sasktel.net>
Date: Sun, 5 Jan 2025 00:07:41 -0500
Subject: [PATCH] Fix NULL dereference in strbuf error

If strbuf is over 5MB, or the realloc() fails, clear strbuf and
break before writing to strbuf.
Found by scan-build
---
 src/conio/cterm.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/conio/cterm.c b/src/conio/cterm.c
index 884b5ff724..4e6334072e 100644
--- a/src/conio/cterm.c
+++ b/src/conio/cterm.c
@@ -5615,12 +5615,14 @@ CIOLIBEXPORT char* cterm_write(struct cterminal * cterm, const void *vbuf, int b
 										if (cterm->strbufsize > 1024 * 1024 * 512) {
 											FREE_AND_NULL(cterm->strbuf);
 											cterm->strbuflen = cterm->strbufsize = 0;
+											break;
 										}
 										else {
 											p = realloc(cterm->strbuf, cterm->strbufsize);
 											if (p == NULL) {
 												FREE_AND_NULL(cterm->strbuf);
 												cterm->strbuflen = cterm->strbufsize = 0;
+												break;
 											}
 											else
 												cterm->strbuf = p;
-- 
GitLab