From af4e85925d98d7fb0de84613a3ec422c9ea0afd2 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 1 Jan 2025 01:00:33 +0100
Subject: [PATCH] select: avoid a NULL deref in cwfds_add_sock

curl_multi_waitfds(m, NULL, ...);

=> Curl_waitfds_init(&cwfds, ufds, size);

=> Curl_waitfds_add_ps(&cwfds);

=>   cwfds_add_sock(cwfds, ...);

Would then try to use the ->wfds array while set to NULL previously.
This should not happen, which this is now also protected with an assert
to trigger debug builds if it happens.

Caught by CodeSonar

Assisted-by: Jay Satiro

Closes #15881
---
 lib/select.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/select.c b/lib/select.c
index a0f2ade071..a14696d114 100644
--- a/lib/select.c
+++ b/lib/select.c
@@ -503,7 +503,10 @@ static unsigned int cwfds_add_sock(struct curl_waitfds *cwfds,
                                    curl_socket_t sock, short events)
 {
   int i;
-
+  if(!cwfds->wfds) {
+    DEBUGASSERT(!cwfds->count && !cwfds->n);
+    return 1;
+  }
   if(cwfds->n <= INT_MAX) {
     for(i = (int)cwfds->n - 1; i >= 0; --i) {
       if(sock == cwfds->wfds[i].fd) {