From fa32879c2dd08aff49712e0430b3722044db0f5d Mon Sep 17 00:00:00 2001
From: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Date: Mon, 11 Aug 2025 11:09:33 +0000
Subject: [PATCH] tests: [fuzz] fix potential null dereference

There is a possibility that zstate.msg = NULL, which is set
in inflateInit2() function. In that case, we should not
compare against another string.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 tests/fuzz/igzip_checked_inflate_fuzz_test.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/tests/fuzz/igzip_checked_inflate_fuzz_test.c b/tests/fuzz/igzip_checked_inflate_fuzz_test.c
index 2cd7b7a..c17ca41 100644
--- a/tests/fuzz/igzip_checked_inflate_fuzz_test.c
+++ b/tests/fuzz/igzip_checked_inflate_fuzz_test.c
@@ -59,10 +59,11 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
                         /* If zlib errors, assert isal errors, excluding a few
                          * cases where zlib is overzealous and when zlib notices
                          * an error faster than isal */
-                        assert(iret < 0 || strcmp(zstate.msg, z_msg_invalid_code_set) == 0 ||
-                               strcmp(zstate.msg, z_msg_invalid_dist_set) == 0 ||
-                               strcmp(zstate.msg, z_msg_invalid_lit_len_set) == 0 ||
-                               (iret == ISAL_END_INPUT && zstate.avail_in < 3));
+                        assert(iret < 0 || (iret == ISAL_END_INPUT && zstate.avail_in < 3) ||
+                               (zstate.msg != NULL &&
+                                (strcmp(zstate.msg, z_msg_invalid_code_set) == 0 ||
+                                 strcmp(zstate.msg, z_msg_invalid_dist_set) == 0 ||
+                                 strcmp(zstate.msg, z_msg_invalid_lit_len_set) == 0)));
 
         } else
                 /* If zlib did not finish or error, assert isal did not finish