From 8e47ca8e62b3dabbe97ddb46c6cd072dba07daf6 Mon Sep 17 00:00:00 2001
From: Christophe CURIS <christophe.curis@free.fr>
Date: Sun, 16 May 2021 15:47:07 +0200
Subject: [PATCH] WPrefs: Add check for invalid OPEN_MENU/EXEC in PL-Menu to
 avoid potential crash

As reported by Coverity (CID #50047, #50048), if the proplist is incorrect
and has an OPEN_MENU or (SH)EXEC command without its arguments, we did
dereference a NULL pointer.
Now we simply return the NULL value, appropriate to have the caller of the
function issue a message.

Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
---
 WPrefs.app/Menu.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/WPrefs.app/Menu.c b/WPrefs.app/Menu.c
index 79ff541b..8a04b517 100644
--- a/WPrefs.app/Menu.c
+++ b/WPrefs.app/Menu.c
@@ -914,6 +914,11 @@ static ItemData *parseCommand(WMPropList * item)
 
 		data->type = ExecInfo;
 
+		if (parameter == NULL) {
+			wfree(data);
+			return NULL;
+		}
+
 		data->param.exec.command = wstrdup(parameter);
 		if (shortcut)
 			data->param.exec.shortcut = wstrdup(shortcut);
@@ -926,6 +931,12 @@ static ItemData *parseCommand(WMPropList * item)
 		 * |pipe
 		 */
 		p = parameter;
+
+		if (p == NULL) {
+			wfree(data);
+			return NULL;
+		}
+
 		while (isspace(*p) && *p)
 			p++;
 		if (*p == '|') {