Fix missing null-pointer checks in queue API

The queue_peek() and queue_dequeue() functions did not check for
null before dereferencing the queue pointer, causing potential
undefined behavior. This patch adds explicit null checks in
queue.h to align its safety behavior with list.h.
Redundant checks in queue.c were removed, and queue_enqueue() was
updated to return an error when given a null pointer.

As part of this update, queue_count() now treats a null pointer
as an empty queue and returns 0, ensuring safe behavior even when
invalid pointers are passed.

Author: tsaiiuo

include/lib/queue.h

@@ -11,6 +11,7 @@
 #pragma once
 
 #include <lib/libc.h>
+#include "private/utils.h"
 
 /* State is managed entirely by head/tail indices. The capacity is always
  * a power of two to allow for efficient bitwise masking instead of a more
@@ -46,19 +47,27 @@ int32_t queue_destroy(queue_t *q);
 /* Checks if the queue is empty. */
 static inline bool queue_is_empty(const queue_t *q)
 {
-    return q->head == q->tail;
+    return !q || q->head == q->tail;
 }
 
-/* Returns the number of elements currently in the queue. */
+/* Returns the number of elements currently in the queue.
+ *
+ * If the queue pointer is NULL, it is treated as an empty queue
+ * and this function returns 0. This ensures safe behavior even
+ * when invalid pointers are passed.
+ */
 static inline uint32_t queue_count(const queue_t *q)
 {
+    /* Treat NULL queue as empty to prevent undefined behavior */
+    if (unlikely(!q))
+        return 0u;
     return (q->tail - q->head + q->size) & q->mask;
 }
 
 /* Checks if the queue is full. */
 static inline bool queue_is_full(const queue_t *q)
 {
-    return ((q->tail + 1) & q->mask) == q->head;
+    return q && (((q->tail + 1) & q->mask) == q->head);
 }
 
 /* Adds an element to the tail of the queue (FIFO). */

lib/queue.c

@@ -37,7 +37,7 @@ queue_t *queue_create(int32_t capacity)
 int32_t queue_destroy(queue_t *q)
 {
     /* Refuse to destroy a non-empty queue. */
-    if (!q || !queue_is_empty(q))
+    if (!queue_is_empty(q))
         return ERR_FAIL;
 
     free(q->buf);
@@ -48,8 +48,10 @@ int32_t queue_destroy(queue_t *q)
 /* Adds an element to the tail of the queue. */
 int32_t queue_enqueue(queue_t *q, void *ptr)
 {
-    /* The queue can only store up to 'size - 1' items. */
-    if (queue_is_full(q))
+    /* Reject null pointer or enqueue into a full queue.
+     * The queue can only store up to 'size - 1' items.
+     */
+    if (!q || queue_is_full(q))
         return ERR_FAIL;
 
     q->buf[q->tail] = ptr;