flb_snappy: harden out_data/out_len NULL checks in flb_snappy_uncompress_framed_data #11552
Description
Summary
In src/flb_snappy.c, the function flb_snappy_uncompress_framed_data validates out_data and out_len for NULL after the raw/block snappy fallback path. This means a caller passing NULL output pointers will be forwarded to flb_snappy_uncompress (which will likely crash or behave incorrectly) rather than receiving a clean -1 return.
The validation of out_data and out_len should be moved before the framed-format detection conditional so that both the raw fallback path and the framed path benefit from the guard.
Suggested fix
Move the out_data/out_len NULL checks and the output pointer initialization (*out_data = NULL, *out_len = 0) to the very top of the function, before the 10-byte stream identifier check.
Context
- This pre-existing issue was identified during review of PR snappy: fix intermittent decompression failures for raw snappy data #11550 (which fixes intermittent decompression failures for raw snappy data).
- It was agreed to track this as a separate issue to avoid expanding the scope of snappy: fix intermittent decompression failures for raw snappy data #11550.