From b2476a07128fc1e83a0b322fe6eb9dfa761db53d Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 13 May 2026 12:41:51 +0200
Subject: [PATCH] tool_urlglob: check glob use before access

As this function can now be invoked with only the second glob "active",
it must avoid accessing the first one if not in use.

Follow-up to 2238f0921cb00b3395847

Spotted by Codex Security

Closes #21586
---
 src/tool_urlglob.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
index dd7a6a9d8e..ee894d79dd 100644
--- a/src/tool_urlglob.c
+++ b/src/tool_urlglob.c
@@ -716,7 +716,7 @@ CURLcode glob_match_url(char **output, const char *filename,
   while(*filename) {
     CURLcode result = CURLE_OK;
     struct URLPattern *pat = NULL;
-    if(*filename == '#' && ISDIGIT(filename[1])) {
+    if(glob_inuse(glob) && *filename == '#' && ISDIGIT(filename[1])) {
       /* a numbered glob reference */
       const char *ptr = filename++;
       curl_off_t num;