From 3c952f0b80da40d5efb3e71788325b48bce82276 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sat, 2 Aug 2025 10:51:55 +0200
Subject: [PATCH] garray: Add checks to g_ptr_array_extend_and_steal

Make sure that arguments are not null. While internal functions are
properly protected, the code execution continues and eventually leads
to a NULL pointer dereference.
---
 glib/garray.c           |  3 +++
 glib/tests/array-test.c | 17 +++++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/glib/garray.c b/glib/garray.c
index f4340d963..c0c522ee3 100644
--- a/glib/garray.c
+++ b/glib/garray.c
@@ -2316,6 +2316,9 @@ g_ptr_array_extend_and_steal (GPtrArray  *array_to_extend,
 {
   gpointer *pdata;
 
+  g_return_if_fail (array_to_extend != NULL);
+  g_return_if_fail (array != NULL);
+
   g_ptr_array_extend (array_to_extend, array, NULL, NULL);
 
   /* Get rid of @array without triggering the GDestroyNotify attached
diff --git a/glib/tests/array-test.c b/glib/tests/array-test.c
index 5f57779e3..3ec488b1b 100644
--- a/glib/tests/array-test.c
+++ b/glib/tests/array-test.c
@@ -2299,6 +2299,23 @@ pointer_array_extend_and_steal (void)
   const gsize array_size = 100;
   guintptr *array_test = g_malloc (array_size * sizeof (guintptr));
 
+  if (g_test_undefined ())
+    {
+      /* Testing degenerated cases */
+      ptr_array = g_ptr_array_sized_new (0);
+      g_test_expect_message (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL,
+                             "*assertion*!= NULL*");
+      g_ptr_array_extend_and_steal (NULL, ptr_array);
+      g_test_assert_expected_messages ();
+
+      g_test_expect_message (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL,
+                             "*assertion*!= NULL*");
+      g_ptr_array_extend_and_steal (ptr_array, NULL);
+      g_test_assert_expected_messages ();
+
+      g_ptr_array_unref (ptr_array);
+    }
+
   /* Initializing array_test */
   for (i = 0; i < array_size; i++)
     array_test[i] = i;