Avoid calling Standard C string/array functions with NULL arguments

glibc string.h declares memcpy() with attribute(nonnull(1,2)), causing calls with NULL arguments to be treated as undefined behaviour. This is consistent with ISO C99 and C11, which state that passing 0 to string functions as an array length does not remove the requirement that the pointer to the array is a valid pointer. gcc -fsanitize=undefined catches this while running OSTree's test suite. Similarly, running the GLib test suite reports similar issues for qsort(), memmove(), memcmp(). Signed-off-by: Simon McVittie <smcv@debian.org> Bug: https://bugzilla.gnome.org/show_bug.cgi?id=775510 Reviewed-by: Colin Walters
2025-08-02 07:23:41 +02:00 · 2016-12-02 10:03:16 +00:00
parent 5e7eaaaaee
commit e5ed410c8c
10 changed files with 43 additions and 18 deletions
--- a/gio/gvdb/gvdb-builder.c
+++ b/gio/gvdb/gvdb-builder.c
@@ -291,7 +291,8 @@ file_builder_add_string (FileBuilder *fb,
  chunk->offset = fb->offset;
  chunk->size = length;
  chunk->data = g_malloc (length);
-  memcpy (chunk->data, string, length);
+  if (length != 0)
+    memcpy (chunk->data, string, length);

  *start = guint32_to_le (fb->offset);
  *size = guint16_to_le (length);