| commit | e5ed410c8c0fe823883b65b293fb2d9c9d12673a | |
| author | Simon McVittie <smcv@debian.org> | |
| Fri, 2 Dec 2016 10:03:16 +0000 (2 10:03 +0000) | ||
| committer | Simon McVittie <smcv@debian.org> | |
| Fri, 2 Dec 2016 19:10:39 +0000 (2 19:10 +0000) | ||
| tree | f42abcea13b43f45e4393eea7d458fbc16431d1f | treesnapshot (tar.gz zip) |
| parent | 5e7eaaaaeead0925a9267515ad583357f44274b0 | commitdiff |
Avoid calling Standard C string/array functions with NULL arguments
glibc string.h declares memcpy() with attribute(nonnull(1,2)), causing
calls with NULL arguments to be treated as undefined behaviour.
This is consistent with ISO C99 and C11, which state that passing 0
to string functions as an array length does not remove the requirement
that the pointer to the array is a valid pointer.
gcc -fsanitize=undefined catches this while running OSTree's test suite.
Similarly, running the GLib test suite reports similar issues for
qsort(), memmove(), memcmp().
Signed-off-by: Simon McVittie <smcv@debian.org>
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=775510
Reviewed-by: Colin Walters
glibc string.h declares memcpy() with attribute(nonnull(1,2)), causing
calls with NULL arguments to be treated as undefined behaviour.
This is consistent with ISO C99 and C11, which state that passing 0
to string functions as an array length does not remove the requirement
that the pointer to the array is a valid pointer.
gcc -fsanitize=undefined catches this while running OSTree's test suite.
Similarly, running the GLib test suite reports similar issues for
qsort(), memmove(), memcmp().
Signed-off-by: Simon McVittie <smcv@debian.org>
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=775510
Reviewed-by: Colin Walters