summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorShawn Landden <shawn@churchofgit.com>2013-12-16 15:41:00 -0800
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2013-12-16 23:46:01 -0500
commit08c6f819cb0ed435649583da02fa0de965b32dbe (patch)
tree7651468566f69a99b675e205e87802fea7ab8ed6
parent7fd97d7829de4e62690b5fb8d41de81bcde24db2 (diff)
journal: fix against (theoretical) undefined behavior
While all the libc implementations I know return NULL when memchr's size parameter is 0, without accessing any memory, passing NULL to memchr is still invalid: C11 7.24.1p2: Where an argument declared as "size_t n" specifies the length of the array for a function, n can have the value zero on a call to that function. Unless explicitly stated otherwise in the description of a particular function in this subclause, pointer arguments on such a call shall still have valid values, as described in 7.1.4. On such a call, a function that locates a character finds no occurrence, a function that compares two character sequences returns zero, and a function that copies characters copies zero characters. see http://llvm.org/bugs/show_bug.cgi?id=18247
-rw-r--r--src/journal/journal-file.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index 48fdb6163a..9e89cb9699 100644
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -1010,7 +1010,10 @@ static int journal_file_append_data(
if (r < 0)
return r;
- eq = memchr(data, '=', size);
+ if (!data)
+ eq = NULL;
+ else
+ eq = memchr(data, '=', size);
if (eq && eq > data) {
uint64_t fp;
Object *fo;