diff options
| author | Marko Mäkelä <marko.makela@mariadb.com> | 2020-09-03 09:05:56 +0300 |
|---|---|---|
| committer | Marko Mäkelä <marko.makela@mariadb.com> | 2020-09-03 09:05:56 +0300 |
| commit | 94a520ddbe39ae97de1135d98699cf2674e6b77e (patch) | |
| tree | 051dc62fd84edc150754dd826830d467b45074d8 /mysys | |
| parent | a256070e7d94fdd1d63a4823c638ff5c76ca9c73 (diff) | |
| download | mariadb-git-94a520ddbe39ae97de1135d98699cf2674e6b77e.tar.gz | |
MDEV-22387: Do not pass null pointer to some memcpy()
Passing a null pointer to a nonnull argument is not only undefined
behaviour, but it also grants the compiler the permission to optimize
away further checks whether the pointer is null. GCC -O2 at least
starting with version 8 may do that, potentially causing SIGSEGV.
These problems were caught in a WITH_UBSAN=ON build with the
Bug#7024 test in main.view.
Diffstat (limited to 'mysys')
| -rw-r--r-- | mysys/mf_iocache.c | 8 | ||||
| -rw-r--r-- | mysys/my_alloc.c | 4 |
2 files changed, 8 insertions, 4 deletions
diff --git a/mysys/mf_iocache.c b/mysys/mf_iocache.c index 1245a622262..11f7bbd81b4 100644 --- a/mysys/mf_iocache.c +++ b/mysys/mf_iocache.c @@ -1,6 +1,6 @@ /* Copyright (c) 2000, 2011, Oracle and/or its affiliates - Copyright (c) 2010, 2015, MariaDB + Copyright (c) 2010, 2020, MariaDB This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -703,7 +703,8 @@ int _my_b_cache_read(IO_CACHE *info, uchar *Buffer, size_t Count) info->read_pos=info->buffer+Count; info->read_end=info->buffer+length; info->pos_in_file=pos_in_file; - memcpy(Buffer, info->buffer, Count); + if (Count) + memcpy(Buffer, info->buffer, Count); DBUG_RETURN(0); } @@ -1206,7 +1207,8 @@ static int _my_b_cache_read_r(IO_CACHE *cache, uchar *Buffer, size_t Count) DBUG_RETURN(1); } cnt= (len > Count) ? Count : len; - memcpy(Buffer, cache->read_pos, cnt); + if (cnt) + memcpy(Buffer, cache->read_pos, cnt); Count -= cnt; Buffer+= cnt; left_length+= cnt; diff --git a/mysys/my_alloc.c b/mysys/my_alloc.c index 3b614cb4c15..5bfcb455b8a 100644 --- a/mysys/my_alloc.c +++ b/mysys/my_alloc.c @@ -1,5 +1,6 @@ /* Copyright (c) 2000, 2010, Oracle and/or its affiliates + Copyright (c) 2010, 2020, MariaDB This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -449,7 +450,8 @@ char *strmake_root(MEM_ROOT *root, const char *str, size_t len) char *pos; if ((pos=alloc_root(root,len+1))) { - memcpy(pos,str,len); + if (len) + memcpy(pos,str,len); pos[len]=0; } return pos; |