From acb4fcb2ef38e318ce60f3b8ae413c5760bf366f Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 18 Mar 2026 00:00:52 +0100
Subject: [PATCH] tool_msgs: avoid null pointer deref for early errors

When errorf()/warnf() is used early on, before the global pointer is
setup, curl would previosly deref the null pointer.

Follow-up to 3b40128b0f11a3

Found by Codex Security

Closes #20967
---
 src/tool_msgs.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/tool_msgs.c b/src/tool_msgs.c
index 9bc8ca18f1..2e1245503f 100644
--- a/src/tool_msgs.c
+++ b/src/tool_msgs.c
@@ -78,7 +78,7 @@ static void voutf(const char *prefix, const char *fmt, va_list ap)
  */
 void notef(const char *fmt, ...)
 {
-  if(global->tracetype) {
+  if(global && global->tracetype) {
     va_list ap;
     va_start(ap, fmt);
     voutf(NOTE_PREFIX, fmt, ap);
@@ -92,7 +92,7 @@ void notef(const char *fmt, ...)
  */
 void warnf(const char *fmt, ...)
 {
-  if(!global->silent) {
+  if(!global || !global->silent) {
     va_list ap;
     va_start(ap, fmt);
     voutf(WARN_PREFIX, fmt, ap);
@@ -128,7 +128,7 @@ void helpf(const char *fmt, ...)
  */
 void errorf(const char *fmt, ...)
 {
-  if(!global->silent || global->showerror) {
+  if(!global || !global->silent || global->showerror) {
     va_list ap;
     va_start(ap, fmt);
     voutf(ERROR_PREFIX, fmt, ap);