diff options
author | Philip Withnall <philip.withnall@collabora.co.uk> | 2013-11-25 13:50:20 +0000 |
---|---|---|
committer | Philip Withnall <philip.withnall@collabora.co.uk> | 2013-11-27 10:05:56 +0000 |
commit | c1d5db618688a78aa897d269859a1bc6413a9e55 (patch) | |
tree | 151b6a43c0723ec33a20eadc0ba5795d6a35544d /glib/gvariant-serialiser.c | |
parent | c9344fd5135474471dc34e29141a186454e7473e (diff) | |
download | glib-c1d5db618688a78aa897d269859a1bc6413a9e55.tar.gz |
gvariant: Fix a potential memcpy(NULL) call
This probably won’t crash, as it can only happen if (size == 0), but
add a check to be safe, and to shut up the static analyser.
This case can be reached with the following call:
gvs_read_unaligned_le(NULL, 0)
which can be called from:
gvs_tuple_get_child(value, index_)
with (value.data == NULL) and (value.size == 0).
Found by scan-build.
https://bugzilla.gnome.org/show_bug.cgi?id=715164
Diffstat (limited to 'glib/gvariant-serialiser.c')
-rw-r--r-- | glib/gvariant-serialiser.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/glib/gvariant-serialiser.c b/glib/gvariant-serialiser.c index cc5cc7b50..d903d74c9 100644 --- a/glib/gvariant-serialiser.c +++ b/glib/gvariant-serialiser.c @@ -552,6 +552,7 @@ gvs_fixed_sized_array_is_normal (GVariantSerialised value) * normal form and that is the one that the serialiser must produce. */ +/* bytes may be NULL if (size == 0). */ static inline gsize gvs_read_unaligned_le (guchar *bytes, guint size) @@ -563,7 +564,8 @@ gvs_read_unaligned_le (guchar *bytes, } tmpvalue; tmpvalue.integer = 0; - memcpy (&tmpvalue.bytes, bytes, size); + if (bytes != NULL) + memcpy (&tmpvalue.bytes, bytes, size); return GSIZE_FROM_LE (tmpvalue.integer); } |