multi_runsingle: added precaution against easy_conn NULL pointer

In many states the easy_conn pointer is referenced and just assumed to
be working. This is an added extra check since analyzing indicates
there's a risk we can end up in these states with a NULL pointer there.

diff --git a/lib/multi.c b/lib/multi.c
index f4e15c4138bcbdc1108efe561a04324b76bb898a..ff43378f561dfa34a50a3b05b17326b9943b735a 100644 (file)
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -984,6 +984,16 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
       break;
     }
 
+    if(!easy->easy_conn &&
+       easy->state > CURLM_STATE_CONNECT &&
+       easy->state < CURLM_STATE_DONE) {
+      /* In all these states, the code will blindly access 'easy->easy_conn'
+         so this is precaution that it isn't NULL. And it silences static
+         analyzers. */
+      failf(data, "In state %d with no easy_conn, bail out!\n", easy->state);
+      return CURLM_INTERNAL_ERROR;
+    }
+
     if(easy->easy_conn && easy->state > CURLM_STATE_CONNECT &&
        easy->state < CURLM_STATE_COMPLETED)
       /* Make sure we set the connection's current owner */