From af43a49191843b2f39cfbca1b58b46149b8fee0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20Grubbstr=C3=B6m=20=28Grubba=29?=
 <grubba@grubba.org>
Date: Sat, 16 Feb 2013 23:13:01 +0100
Subject: [PATCH] Added some more paranoia to decode_value().

There was a potential NULL-deref when decoding destructed objects.
---
 src/encode.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/encode.c b/src/encode.c
index 4ff1dd938f..48c9212540 100644
--- a/src/encode.c
+++ b/src/encode.c
@@ -1691,8 +1691,8 @@ static void encode_value2(struct svalue *val, struct encode_data *data, int forc
 
 		  break;
 
-		default:;
 #ifdef PIKE_DEBUG
+		default:
 		  Pike_fatal ("Unknown identifier type: 0x%04x for symbol \"%s\".\n",
 			      id->identifier_flags & IDENTIFIER_TYPE_MASK,
 			      id->name->str);
@@ -3754,6 +3754,7 @@ static void decode_value2(struct decode_data *data)
 		  /* Let the codec do it's job... */
 		  apply_low(decoder_codec (data), decode_fun, 2);
 		  if ((TYPEOF(Pike_sp[-1]) == T_ARRAY) &&
+		      o->prog &&
 		      ((fun = FIND_LFUN(o->prog, LFUN_CREATE)) != -1)) {
 		    /* Call lfun::create(@args). */
 		    INT32 args;
-- 
GitLab