decode: fix possible NULL dereference

Found by a recently added fuzzer. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61743 Signed-off-by: David Korczynski <[email protected]>
fluent · Aug 28, 2023 · 0e0dd95 · 0e0dd95
1 parent fe0ccc7
commit 0e0dd95
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/src/cmt_decode_msgpack.c b/src/cmt_decode_msgpack.c
@@ -1006,7 +1006,12 @@ static int unpack_basic_type_meta(mpack_reader_t *reader, size_t index, void *co
         }
         else if(decode_context->map->type == CMT_COUNTER) {
             counter = (struct cmt_counter *) decode_context->map->parent;
-            counter->aggregation_type = decode_context->aggregation_type;
+            if (counter == NULL) {
+                result = CMT_DECODE_MSGPACK_ALLOCATION_ERROR;
+            }
+            else {
+                counter->aggregation_type = decode_context->aggregation_type;
+            }
         }
     }