Mihai Limbasan writes:
BZ2_bzclose fails to perform a NULL pointer check before actually
using the passed BZFILE * argument. The NULL check *is* performed but
only after the argument is used for the first time, resulting in a
potential NULL pointer dereference.

http://bugs.gentoo.org/show_bug.cgi?id=75305

Sent upstream but no feedback thus far :(
diff -Naur bzip2-1.0.2-orig/bzlib.c bzip2-1.0.2/bzlib.c
--- bzip2-1.0.2-orig/bzlib.c	2002-01-05 02:48:41.000000000 +0200
+++ bzip2-1.0.2/bzlib.c	2004-12-22 15:12:52.824593032 +0200
@@ -1536,9 +1536,12 @@
 void BZ_API(BZ2_bzclose) (BZFILE* b)
 {
    int bzerr;
-   FILE *fp = ((bzFile *)b)->handle;
-   
+   FILE *fp;
+
    if (b==NULL) {return;}
+
+   fp = ((bzFile *)b)->handle;
+
    if(((bzFile*)b)->writing){
       BZ2_bzWriteClose(&bzerr,b,0,NULL,NULL);
       if(bzerr != BZ_OK){