From 314b10154495b91eca684124275407b8186bb762 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Fri, 24 Apr 2026 12:14:01 +0200
Subject: Fix an spprintf undefined behaviour

`getenv("REMOTE_ADDR")` can return NULL, and it is passed directly to
`spprintf`. While `spprintf` might handle `NULL` gracefully, it's not always
the case.
---
 src/sp_upload_validation.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/sp_upload_validation.c b/src/sp_upload_validation.c
index 4ac4992..e24149e 100644
--- a/src/sp_upload_validation.c
+++ b/src/sp_upload_validation.c
@@ -54,8 +54,9 @@ static int sp_rfc1867_callback(unsigned int event, void *event_data, void **extr
       cmd[1] = tmp_name;
       cmd[2] = NULL;
 
+      const char *remote_addr = getenv("REMOTE_ADDR");
       spprintf(&env[0], 0, "SP_FILENAME=%s", filename);
-      spprintf(&env[1], 0, "SP_REMOTE_ADDR=%s", getenv("REMOTE_ADDR"));
+      spprintf(&env[1], 0, "SP_REMOTE_ADDR=%s", remote_addr ? remote_addr : "");
       spprintf(&env[2], 0, "SP_CURRENT_FILE=%s", zend_get_executed_filename(TSRMLS_C));
       spprintf(&env[3], 0, "SP_FILESIZE=%zu", filesize);
       env[4] = NULL;
-- 
cgit v1.3