diff options
author | Shawn Landden <shawn@churchofgit.com> | 2013-12-16 15:41:00 -0800 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2013-12-16 23:46:01 -0500 |
commit | 08c6f819cb0ed435649583da02fa0de965b32dbe (patch) | |
tree | 7651468566f69a99b675e205e87802fea7ab8ed6 | |
parent | 7fd97d7829de4e62690b5fb8d41de81bcde24db2 (diff) |
journal: fix against (theoretical) undefined behavior
While all the libc implementations I know return NULL when memchr's size
parameter is 0, without accessing any memory, passing NULL to memchr is
still invalid:
C11 7.24.1p2: Where an argument declared as "size_t n" specifies the length
of the array for a function, n can have the value zero on a call to that
function. Unless explicitly stated otherwise in the description of a
particular function in this subclause, pointer arguments on such a call
shall still have valid values, as described in 7.1.4. On such a call, a
function that locates a character finds no occurrence, a function that
compares two character sequences returns zero, and a function that copies
characters copies zero characters.
see http://llvm.org/bugs/show_bug.cgi?id=18247
-rw-r--r-- | src/journal/journal-file.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c index 48fdb6163a..9e89cb9699 100644 --- a/src/journal/journal-file.c +++ b/src/journal/journal-file.c @@ -1010,7 +1010,10 @@ static int journal_file_append_data( if (r < 0) return r; - eq = memchr(data, '=', size); + if (!data) + eq = NULL; + else + eq = memchr(data, '=', size); if (eq && eq > data) { uint64_t fp; Object *fo; |