apps: fix tagtree arithmetic on null pointers

It was possible for the tag tree's buflib move callback to turn a
null pointer non-null. The tagcache_search_clause->str can be null
for OR clauses. Also ensure that clauses are zeroed on allocation
to ensure garbage pointers don't creep in.

Change-Id: Ic823a8eecc501eeaa75798066521e427a9a89190

1 files changed, 3 insertions, 2 deletions

diff --git a/apps/tagtree.c b/apps/tagtree.c
index 9fb2172e57..45d2bb991b 100644
--- a/apps/tagtree.c
+++ b/apps/tagtree.c
@@ -223,7 +223,8 @@ static int move_callback(int handle, void* current, void* new)
             {
                 for(int l = 0; l < mentry->si.clause_count[k]; l++)
                 {
-                    UPDATE(mentry->si.clause[k][l]->str, diff);
+                    if(mentry->si.clause[k][l]->str)
+                        UPDATE(mentry->si.clause[k][l]->str, diff);
                     UPDATE(mentry->si.clause[k][l], diff);
                 }
             }
@@ -702,7 +703,7 @@ static int get_condition(struct search_instruction *inst)
         return -2;
     }
 
-    new_clause = tagtree_alloc(sizeof(struct tagcache_search_clause));
+    new_clause = tagtree_alloc0(sizeof(struct tagcache_search_clause));
     if (!new_clause)
     {
         logf("tagtree failed to allocate %s", "search clause");