gunixfdlist: Fix a potential NULL pointer dereference

In the case that (n_fds == 0 && fds == NULL), memcpy() would be called
against a NULL src pointer. Even though the number of bytes to copy is
0, avoid the possibility of a crash by only calling if fds is non-NULL.

Found by scan-build.

https://bugzilla.gnome.org/show_bug.cgi?id=113075

diff --git a/gio/gunixfdlist.c b/gio/gunixfdlist.c
index 4898202..7d5d732 100644 (file)
--- a/gio/gunixfdlist.c
+++ b/gio/gunixfdlist.c
@@ -183,7 +183,8 @@ g_unix_fd_list_new_from_array (const gint *fds,
   list->priv->fds = g_new (gint, n_fds + 1);
   list->priv->nfd = n_fds;
 
-  memcpy (list->priv->fds, fds, sizeof (gint) * n_fds);
+  if (n_fds > 0)
+    memcpy (list->priv->fds, fds, sizeof (gint) * n_fds);
   list->priv->fds[n_fds] = -1;
 
   return list;