From d1c322b86007cdfa43dca99877d5d7f12ff92ce2 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Tue, 2 Sep 2025 17:41:51 +0200
Subject: [PATCH] BUILD: acl: silence a possible null deref warning in
 parse_acl_expr()

The fix in commit 441cd614f9 ("BUG/MINOR: acl: set arg_list->kw to
aclkw->kw string literal if aclkw is found") involves an unchecked
access to "al" after that one is tested for possibly being NULL. This
rightfully upsets Coverity (GH #3095) and might also trigger warnings
depending on the compilers. However, no known caller to date passes
a NULL arg list here so there's no way to trigger this theoretical
bug.

This should be backported along with the fix above to avoid emitting
warnings, possibly as far as 2.6 since that fix was tagged as such.

(cherry picked from commit 4902195313f16eeca44507bfbc9e5b3b8016a61f)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 137dccf2c7c0e066ed5008ebc2b6ac66bd143752)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit eb39181b955a677651e29eb2a276715d0be36b53)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
---
 src/acl.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/acl.c b/src/acl.c
index b3ba83c..340aac8 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -171,7 +171,9 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list *
 	if (aclkw) {
 		/* OK we have a real ACL keyword */
 
-		al->kw = aclkw->kw;
+		if (al)
+			al->kw = aclkw->kw;
+
 		/* build new sample expression for this ACL */
 		smp = calloc(1, sizeof(*smp));
 		if (!smp) {
-- 
1.7.10.4