diff options
author | Joe Orton <jorton@apache.org> | 2020-02-17 17:18:57 +0000 |
---|---|---|
committer | Joe Orton <jorton@apache.org> | 2020-02-17 17:18:57 +0000 |
commit | 7873b26c9843f93c452f864a7960bccc208e6a86 (patch) | |
tree | 38900a25abb50166e43090f1cf10c2597e148fe8 /modules/dav | |
parent | e788a8e25006e3dfbdaef4fff032dd2ecbc3ec31 (diff) | |
download | httpd-7873b26c9843f93c452f864a7960bccc208e6a86.tar.gz |
* module/dav/main/util.c (dav_check_bufsize): Don't call
memcpy(,NULL,0) if the buffer is uninitialized, to avoid tripping
UBSan. (Unclear if this is valid for this API.)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874144 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/dav')
-rw-r--r-- | modules/dav/main/util.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/modules/dav/main/util.c b/modules/dav/main/util.c index f131a486aa..e21f626068 100644 --- a/modules/dav/main/util.c +++ b/modules/dav/main/util.c @@ -101,6 +101,9 @@ DAV_DECLARE(dav_error*) dav_join_error(dav_error *dest, dav_error *src) return dest; } +/* ### Unclear if this was designed to be used with an uninitialized + * dav_buffer struct, but is used on by dav_lock_get_activelock(). + * Hence check for pbuf->buf. */ DAV_DECLARE(void) dav_check_bufsize(apr_pool_t * p, dav_buffer *pbuf, apr_size_t extra_needed) { @@ -110,7 +113,8 @@ DAV_DECLARE(void) dav_check_bufsize(apr_pool_t * p, dav_buffer *pbuf, pbuf->alloc_len += extra_needed + DAV_BUFFER_PAD; newbuf = apr_palloc(p, pbuf->alloc_len); - memcpy(newbuf, pbuf->buf, pbuf->cur_len); + if (pbuf->buf) + memcpy(newbuf, pbuf->buf, pbuf->cur_len); pbuf->buf = newbuf; } } |