From 3abac6e33720bc994501cfb868cb20ca59a276f4 Mon Sep 17 00:00:00 2001
From: Test User <test@example.com>
Date: Mon, 4 May 2026 15:59:11 +0800
Subject: [PATCH] Add NULL check after struct_field_read_integer calls

The macros struct_field_get_unsigned_int and struct_field_get_signed_int
call struct_field_read_integer which can return NULL when the field is
out of bounds of the provided memory. Add a NULL check to prevent
undefined behavior from dereferencing a NULL pointer.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 src/0xc/std/struct.h | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/0xc/std/struct.h b/src/0xc/std/struct.h
index 53e820a..669273e 100644
--- a/src/0xc/std/struct.h
+++ b/src/0xc/std/struct.h
@@ -370,6 +370,11 @@ struct_field_read_integer(
 	} \
 \
 	iv_0xc = struct_field_read_integer((SF), (P), (L), &ivmem_0xc); \
+	if (!iv_0xc) { \
+		panicx("failed to read unsigned integer field: " \
+				"obj = %s, field = %s", \
+				(SF)->sf_struct, (SF)->sf_fld); \
+	} \
 	switch ((SF)->sf_size) { \
 	case sizeof(uint8_t): \
 		v_0xc = iv_0xc->iv_int8.vu; \
@@ -424,6 +429,11 @@ struct_field_read_integer(
 	} \
 \
 	iv_0xc = struct_field_read_integer((SF), (P), (L), &ivmem_0xc); \
+	if (!iv_0xc) { \
+		panicx("failed to read signed integer field: " \
+				"obj = %s, field = %s", \
+				(SF)->sf_struct, (SF)->sf_fld); \
+	} \
 	switch ((SF)->sf_size) { \
 	case sizeof(int8_t): \
 		v_0xc = iv_0xc->iv_int8.v; \