dhcpcd/src/if-options.c NULL Pointer Dereference in parse_option

### dhcpcd/src/if-options.c NULL Pointer Dereference in parse_option

#### Description:
The issue is reproducible during testing on synthetic builds (instrumented fuzzing build). While testing the dhcpcd configuration parser, probably, "parse_option()" performs a member access on a NULL pointer of type "struct dhcp_opt" at "src/if-options.c:1886" (and was previously observed at 1887 as well). This indicates that a lookup/parse path can yield a NULL "struct dhcp_opt " (ex: unknown/invalid option token or unexpected parsing state), but the code assumes it is always non-NULL and dereferences it.

#### Output:

asan-build:
<details>
  <summary>show full -click to expand</summary>
  
```bash
/media/user/8ed8205b-4114-4c2a-b2d0-e2ad6640262d/l-mst/uil-dev/dhcpcd/src/if-options.c:1886:21: runtime error: member access within null pointer of type 'struct dhcp_opt'
    #0 0x55cc35d1d254 in parse_option /media/user/8ed8205b-4114-4c2a-b2d0-e2ad6640262d/l-mst/uil-dev/dhcpcd/src/if-options.c:1886:21
    #1 0x55cc35d0e756 in read_config /media/user/8ed8205b-4114-4c2a-b2d0-e2ad6640262d/l-mst/uil-dev/dhcpcd/src/if-options.c:2940:3
    #2 0x55cc35cf1c52 in LLVMFuzzerTestOneInput /media/user/8ed8205b-4114-4c2a-b2d0-e2ad6640262d/l-mst/uil-dev/dhcpcd/dhcpcd_conf_read/fuzz_dhcpcd_conf_read.c:35:30
    #3 0x55cc35cf1996 in main /media/user/8ed8205b-4114-4c2a-b2d0-e2ad6640262d/l-mst/uil-dev/dhcpcd/dhcpcd_conf_read/afl_stdin_driver.c:57:12
    #4 0x7fb80313aca7 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #5 0x7fb80313ad64 in __libc_start_main csu/../csu/libc-start.c:360:3
    #6 0x55cc35c10520 in _start (/media/user/8ed8205b-4114-4c2a-b2d0-e2ad6640262d/l-mst/uil-dev/dhcpcd/dhcpcd_conf_read/build_asan/asan_dhcpcd_conf_read+0x55520) (BuildId: 00bf00587119903bbb27c3a9264e41ed4fdafb51)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /media/user/8ed8205b-4114-4c2a-b2d0-e2ad6640262d/l-mst/uil-dev/dhcpcd/src/if-options.c:1886:21 
zsh: IOT instruction   /tmp/if-options_c_1886

```

</details>

#### Environment

    OS: tested at 6.12.25-1kali1 (2025-04-30) x86_64 GNU/Linux ;
    Compiler version: Clang 19.1.7 ;
    Build-opts: -g -O1 -fno-omit-frame-pointer -fsanitize=address,undefined ;
    CPU type: x86_64 ;
    dhcpcd - commit hash 2de751b3691642151a4fdc49e444d6b4dc364e98 ;

#### Additional context

link to the sample (github-url):

[if-options_c_1886](https://github.com/sigdevel/pocs/blob/main/res/dhcpcd/1/if-options_c_1886/if-options_c_1886)

#### Screenshots

![screen](https://github.com/sigdevel/pocs/blob/main/res/dhcpcd/1/if-options_c_1886/2025-12-13_17-48.png?raw=true "screen")



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

dhcpcd/src/if-options.c NULL Pointer Dereference in parse_option #567