From 52f042edea68f0adf2c6a4b72c7a8ca48b9b098a Mon Sep 17 00:00:00 2001
From: Victor Julien <vjulien@oisf.net>
Date: Mon, 5 Jan 2026 12:07:59 +0100
Subject: [PATCH] affinity: harden config parsing

To fix a null ptr deref:

        Program received signal SIGSEGV, Segmentation fault.
        __strcmp_avx2_rtm () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:115
        115     ../sysdeps/x86_64/multiarch/strcmp-avx2.S: No such file or directory.
        (gdb) bt
        #0  __strcmp_avx2_rtm () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:115
        #1  0x000055555568afec in AffinitySetupLoadFromConfig () at util-affinity.c:183
        #2  0x0000555555748785 in RunModeInitializeThreadSettings () at runmodes.c:1000
        #3  0x0000555555682f51 in SuricataMain (argc=19, argv=<optimized out>) at suricata.c:2979
        #4  0x00007ffff6829d90 in __libc_start_call_main (main=main@entry=0x55555567fa20 <main>, argc=argc@entry=19, argv=argv@entry=0x7fffffffe168) at ../sysdeps/nptl/libc_start_call_main.h:58
        #5  0x00007ffff6829e40 in __libc_start_main_impl (main=0x55555567fa20 <main>, argc=19, argv=0x7fffffffe168, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe158) at ../csu/libc-start.c:392
        #6  0x000055555567f955 in _start ()
        (gdb) f 1
        #1  0x000055555568afec in AffinitySetupLoadFromConfig () at util-affinity.c:183
        183             if (strcmp(affinity->val, "decode-cpu-set") == 0 ||
        (gdb) p affinity->val
        $1 = 0x0
---
 src/util-affinity.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/util-affinity.c b/src/util-affinity.c
index d1028ff7e0..4c135c70c1 100644
--- a/src/util-affinity.c
+++ b/src/util-affinity.c
@@ -180,10 +180,10 @@ void AffinitySetupLoadFromConfig(void)
     }
 
     TAILQ_FOREACH(affinity, &root->head, next) {
-        if (strcmp(affinity->val, "decode-cpu-set") == 0 ||
-            strcmp(affinity->val, "stream-cpu-set") == 0 ||
-            strcmp(affinity->val, "reject-cpu-set") == 0 ||
-            strcmp(affinity->val, "output-cpu-set") == 0) {
+        if (affinity->val == NULL || strcmp(affinity->val, "decode-cpu-set") == 0 ||
+                strcmp(affinity->val, "stream-cpu-set") == 0 ||
+                strcmp(affinity->val, "reject-cpu-set") == 0 ||
+                strcmp(affinity->val, "output-cpu-set") == 0) {
             continue;
         }