From 88ac2dd43c3ceb894341d9ed31652140f64819ad Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 24 Apr 2010 13:03:27 +0200
Subject: [PATCH] sftp_close_handle: add precation to not access NULL pointer

clang-analyzer pointed this out as a "Pass-by-value argument in
function call is undefined" but while I can't see exactly how
this can ever happen in reality I think a little check for safety
isn't such a bad thing here.
---
 src/sftp.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/sftp.c b/src/sftp.c
index a2e5d9c..35eba94 100644
--- a/src/sftp.c
+++ b/src/sftp.c
@@ -1604,7 +1604,7 @@ sftp_close_handle(LIBSSH2_SFTP_HANDLE *handle)
     int retcode;
     /* 13 = packet_len(4) + packet_type(1) + request_id(4) + handle_len(4) */
     ssize_t packet_len = handle->handle_len + 13;
-    unsigned char *s, *data;
+    unsigned char *s, *data = NULL;
     int rc;
 
     if (handle->close_state == libssh2_NB_state_idle) {
@@ -1657,6 +1657,12 @@ sftp_close_handle(LIBSSH2_SFTP_HANDLE *handle)
         handle->close_state = libssh2_NB_state_sent1;
     }
 
+    if(!data)
+        /* if it reaches this point with data unset, something unwanted
+           happened (like this function is called again when in
+           libssh2_NB_state_sent1 state) and we just bail out */
+        return LIBSSH2_ERROR_INVAL;
+
     retcode = _libssh2_ntohu32(data + 5);
     LIBSSH2_FREE(session, data);