[PATCH v2] erofs-utils: lib: fix potential NULL pointer dereference in docker_config.c

[Gao Xiang]

Hi Lucus,

On Wed, Mar 18, 2026 at 10:26:08AM -0400, Lucas Karpinski wrote:
> On 2026-03-18 10:06 a.m., Lucas Karpinski wrote:
> > On 2026-03-16 4:53 a.m., lasyaprathipati at gmail.com wrote:
> >> From: Sri Lasya <lasyaprathipati at gmail.com>
> >>
> >> ---
> >>  lib/remotes/docker_config.c | 4 +++-
> >>  1 file changed, 3 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/lib/remotes/docker_config.c b/lib/remotes/docker_config.c
> >> index b346ee8..6401c1b 100644
> >> --- a/lib/remotes/docker_config.c
> >> +++ b/lib/remotes/docker_config.c
> >> @@ -202,8 +202,10 @@ int erofs_docker_config_lookup(const char *registry,
> >>  		}
> >>  
> >>  		entry = json_object_iter_peek_value(&it);
> >> -                if (!entry)
> >> +                if (!entry) {
> >> +			json_object_iter_next(&it);
> >>  			continue;
> >> +		}
> >>  		if (json_object_object_get_ex(entry, "auth", &auth_field)) {
> >>  			b64 = json_object_get_string(auth_field);
> >>  			if (b64 && *b64) {
> > There's still a tab issue as Gao mentioned in v1. This looks like a diff
> > from your v1 to your v2 patch. Similarly, you also dropped your
> > Signed-Off and are now using a From.
> > 
> > Lastly, you submitted another patch just yesterday that includes this
> > change in addition to other changes. It is very difficult to follow what
> > you're doing.
> 
> One correction, no tab issue anymore.

Thanks for reply and help.

As you may noticed, this year EROFS became a GSOC organization,
so there are many new students sending patches and proposal
these days.

Of course, it's a good thing since we could get more new
developers. But one thing that I'm not quite sure if they are
really humans or AI-assisted bots, taking a simple example:

As you may noticed, this thread Cc an email <gaoxiang25 at kernel.org>
which is never existed (my email is xiang at kernel.org or a very
very old gaoxiang25 at huawei.com one but it never works for many
years since I changed my job many years ago.

also

Another thread I've seen <yifan.yfzhao at linux.dev>, which is
never existed either.
https://lore.kernel.org/r/CAGSu4WMGStFw7DzePCDW0JKM4DFeia4oj_U1PMDz=kG4hdLEaQ@mail.gmail.com

I'm not sure if they are AI hallucination or not, but they really
warns me that I should take those GSoC proposals more carefully.

Of course, those patches can be still valid, but I need to
review more carefully in case of potential random AI hallucination
or meaningless changes.

Thanks,
Gao Xiang


>