From ff03d9559e168b249604ae4245a8cef08d2df662 Mon Sep 17 00:00:00 2001
From: Nathan Nguyen <146415969+NathanDrake2406@users.noreply.github.com>
Date: Thu, 9 Apr 2026 19:46:12 +1000
Subject: [PATCH] Fix macOS StorageProvider null pointer bugs (#21115)

* fix: correct null check variable in TryResolveFileReferenceUri on macOS

The null check on line 401 tested `fileUri` instead of `filePathUri`,
making it dead code since `fileUri` was already checked on line 394.
When `[fileUri filePathURL]` returned nil (non-file URL or unreachable
resource), the nil `filePathUri` was passed to `[filePathUri absoluteString]`
and then to `CreateAvnString`, causing a native crash.

* fix: initialize NSError to nil in SaveBookmarkToBytes on macOS

NSError* was declared without initialization, containing stack garbage.
On the success path (bookmarkData non-nil), Cocoa does not guarantee
zeroing the error out-parameter, so the subsequent `if (error != nil)`
check could read garbage and incorrectly call CreateAvnString with a
garbage pointer.

Initialize to nil and restructure to `else if` so the error is only
inspected when bookmarkData is nil (the failure path).

* chore: retrigger CI

* fix: guard out-parameters in SaveBookmarkToBytes

Initialize *ppv to nullptr on entry so callers never read garbage on
the nil-fileUri / nil-bookmarkData paths. Guard *err write with a
nullptr check for callers that pass no error out-parameter.

* chore: retrigger CI

---------

Co-authored-by: Julien Lebosquain <julien@lebosquain.net>
---
 native/Avalonia.Native/src/OSX/StorageProvider.mm | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/native/Avalonia.Native/src/OSX/StorageProvider.mm b/native/Avalonia.Native/src/OSX/StorageProvider.mm
index 6abf4604bc..a608f6ffaf 100644
--- a/native/Avalonia.Native/src/OSX/StorageProvider.mm
+++ b/native/Avalonia.Native/src/OSX/StorageProvider.mm
@@ -82,14 +82,16 @@ public:
             if(ppv == nullptr)
                 return E_POINTER;
 
-            NSError* error;
+            *ppv = nullptr;
+
+            NSError* error = nil;
             auto fileUri = [NSURL URLWithString: GetNSStringAndRelease(fileUriStr)];
             auto bookmarkData = [fileUri bookmarkDataWithOptions:NSURLBookmarkCreationWithSecurityScope includingResourceValuesForKeys:nil relativeToURL:nil error:&error];
             if (bookmarkData)
             {
                 *ppv = CreateByteArray((void*)bookmarkData.bytes, (int)bookmarkData.length);
             }
-            if (error != nil)
+            else if (error != nil && err != nullptr)
             {
                 *err = CreateAvnString([error localizedDescription]);
             }
@@ -398,7 +400,7 @@ public:
         }
         
         auto filePathUri = [fileUri filePathURL];
-        if (fileUri == nil)
+        if (filePathUri == nil)
         {
             *ret = nullptr;
             return S_OK;