Commit c1d5db61 authored by Philip Withnall's avatar Philip Withnall

gvariant: Fix a potential memcpy(NULL) call

This probably won’t crash, as it can only happen if (size == 0), but
add a check to be safe, and to shut up the static analyser.

This case can be reached with the following call:
    gvs_read_unaligned_le(NULL, 0)
which can be called from:
    gvs_tuple_get_child(value, index_)
with (value.data == NULL) and (value.size == 0).

Found by scan-build.

https://bugzilla.gnome.org/show_bug.cgi?id=715164
parent c9344fd5
......@@ -552,6 +552,7 @@ gvs_fixed_sized_array_is_normal (GVariantSerialised value)
* normal form and that is the one that the serialiser must produce.
*/
/* bytes may be NULL if (size == 0). */
static inline gsize
gvs_read_unaligned_le (guchar *bytes,
guint size)
......@@ -563,7 +564,8 @@ gvs_read_unaligned_le (guchar *bytes,
} tmpvalue;
tmpvalue.integer = 0;
memcpy (&tmpvalue.bytes, bytes, size);
if (bytes != NULL)
memcpy (&tmpvalue.bytes, bytes, size);
return GSIZE_FROM_LE (tmpvalue.integer);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment