Skip to content
Snippets Groups Projects
Commit 88d5948e authored by Simon Tatham's avatar Simon Tatham
Browse files

Fix undefined behaviour in safegrowarray. 

UBsan points out that if the input pointer is NULL, we'll pass it to
memcpy, which is technically illegal by the C standard _even_ if the
length you pass with it is zero.
parent 02d0990b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 5 additions and 3 deletions
memory.c
+ 5
3
View file @ 88d5948e
...@@ -121,9 +121,11 @@ void *safegrowarray(void *ptr, size_t *allocated, size_t eltsize, ...@@ -121,9 +121,11 @@ void *safegrowarray(void *ptr, size_t *allocated, size_t eltsize,
void *toret; void *toret;
if (secret) { if (secret) {
toret = safemalloc(newsize, eltsize, 0); toret = safemalloc(newsize, eltsize, 0);
memcpy(toret, ptr, oldsize * eltsize); if (oldsize) {
smemclr(ptr, oldsize * eltsize); memcpy(toret, ptr, oldsize * eltsize);
sfree(ptr); smemclr(ptr, oldsize * eltsize);
sfree(ptr);
}
} else { } else {
toret = saferealloc(ptr, newsize, eltsize); toret = saferealloc(ptr, newsize, eltsize);
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

A HIFIS Service | Privacy | Imprint | Support | Documentation | Changelog