evbuffer_drain has the code below.
Can chain ever be NULL in line 956 ?
If the while was completed due to the test in line 935, which dereferenced chain, it can’t.
If the while was broken in line 950, then line 949 dereferenced chain, so it can’t be NULL either.
I.e. either the test in line 956 is not needed, or one of the above might crash.
934 for (chain = buf->first;
935 remaining >= chain->off;
936 chain = next) {
937 next = chain->next;
938 remaining -= chain->off;
939
940 if (chain == *buf->last_with_datap) {
941 buf->last_with_datap = &buf->first;
942 }
943 if (&chain->next == buf->last_with_datap)
944 buf->last_with_datap = &buf->first;
945
946 if (CHAIN_PINNED_R(chain)) {
947 EVUTIL_ASSERT(remaining == 0);
948 chain->misalign += chain->off;
949 chain->off = 0;
950 break;
951 } else
952 evbuffer_chain_free(chain);
953 }
954
955 buf->first = chain;
956 if (chain) {
957 chain->misalign += remaining;
958 chain->off -= remaining;
959 }