gvariant: Fix a potential memcpy(NULL) call

This probably won’t crash, as it can only happen if (size == 0), but
add a check to be safe, and to shut up the static analyser.

This case can be reached with the following call:
    gvs_read_unaligned_le(NULL, 0)
which can be called from:
    gvs_tuple_get_child(value, index_)
with (value.data == NULL) and (value.size == 0).

Found by scan-build.

https://bugzilla.gnome.org/show_bug.cgi?id=715164

1 files changed, 3 insertions, 1 deletions

diff --git a/glib/gvariant-serialiser.c b/glib/gvariant-serialiser.c
index cc5cc7b50..d903d74c9 100644
--- a/glib/gvariant-serialiser.c
+++ b/glib/gvariant-serialiser.c
@@ -552,6 +552,7 @@ gvs_fixed_sized_array_is_normal (GVariantSerialised value)
  * normal form and that is the one that the serialiser must produce.
  */
 
+/* bytes may be NULL if (size == 0). */
 static inline gsize
 gvs_read_unaligned_le (guchar *bytes,
                        guint   size)
@@ -563,7 +564,8 @@ gvs_read_unaligned_le (guchar *bytes,
   } tmpvalue;
 
   tmpvalue.integer = 0;
-  memcpy (&tmpvalue.bytes, bytes, size);
+  if (bytes != NULL)
+    memcpy (&tmpvalue.bytes, bytes, size);
 
   return GSIZE_FROM_LE (tmpvalue.integer);
 }