From: Philip Withnall Date: Mon, 25 Nov 2013 13:50:20 +0000 (+0000) Subject: gvariant: Fix a potential memcpy(NULL) call X-Git-Tag: 2.39.2~79 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c1d5db618688a78aa897d269859a1bc6413a9e55;p=platform%2Fupstream%2Fglib.git gvariant: Fix a potential memcpy(NULL) call This probably won’t crash, as it can only happen if (size == 0), but add a check to be safe, and to shut up the static analyser. This case can be reached with the following call: gvs_read_unaligned_le(NULL, 0) which can be called from: gvs_tuple_get_child(value, index_) with (value.data == NULL) and (value.size == 0). Found by scan-build. https://bugzilla.gnome.org/show_bug.cgi?id=715164 --- diff --git a/glib/gvariant-serialiser.c b/glib/gvariant-serialiser.c index cc5cc7b..d903d74 100644 --- a/glib/gvariant-serialiser.c +++ b/glib/gvariant-serialiser.c @@ -552,6 +552,7 @@ gvs_fixed_sized_array_is_normal (GVariantSerialised value) * normal form and that is the one that the serialiser must produce. */ +/* bytes may be NULL if (size == 0). */ static inline gsize gvs_read_unaligned_le (guchar *bytes, guint size) @@ -563,7 +564,8 @@ gvs_read_unaligned_le (guchar *bytes, } tmpvalue; tmpvalue.integer = 0; - memcpy (&tmpvalue.bytes, bytes, size); + if (bytes != NULL) + memcpy (&tmpvalue.bytes, bytes, size); return GSIZE_FROM_LE (tmpvalue.integer); }