From baa8f663a22a9e167c35d9b8d0959ebcfaafffb5 Mon Sep 17 00:00:00 2001
From: Jesse Yurkovich <jesse.y@gmail.com>
Date: Mon, 21 Aug 2023 20:15:22 +0200
Subject: [PATCH] Fix (unreported) nullptr access in
 BKE_fcurve_handles_recalc_ex

Don't access fields of the potentially null `FCurve` struct before it's
been validated.

Pull Request: https://projects.blender.org/blender/blender/pulls/111315
---
 source/blender/blenkernel/intern/fcurve.cc | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/source/blender/blenkernel/intern/fcurve.cc b/source/blender/blenkernel/intern/fcurve.cc
index c102997ee58..0295404c0f2 100644
--- a/source/blender/blenkernel/intern/fcurve.cc
+++ b/source/blender/blenkernel/intern/fcurve.cc
@@ -1217,15 +1217,13 @@ static BezTriple *cycle_offset_triple(
 
 void BKE_fcurve_handles_recalc_ex(FCurve *fcu, eBezTriple_Flag handle_sel_flag)
 {
-  int a = fcu->totvert;
-
   /* Error checking:
    * - Need at least two points.
    * - Need bezier keys.
    * - Only bezier-interpolation has handles (for now).
    */
   if (ELEM(nullptr, fcu, fcu->bezt) ||
-      (a < 2) /*|| ELEM(fcu->ipo, BEZT_IPO_CONST, BEZT_IPO_LIN) */) {
+      (fcu->totvert < 2) /*|| ELEM(fcu->ipo, BEZT_IPO_CONST, BEZT_IPO_LIN) */) {
     return;
   }
 
@@ -1241,6 +1239,7 @@ void BKE_fcurve_handles_recalc_ex(FCurve *fcu, eBezTriple_Flag handle_sel_flag)
   BezTriple *next = (bezt + 1);
 
   /* Loop over all beztriples, adjusting handles. */
+  int a = fcu->totvert;
   while (a--) {
     /* Clamp timing of handles to be on either side of beztriple. */
     if (bezt->vec[0][0] > bezt->vec[1][0]) {