* module/dav/main/util.c (dav_check_bufsize): Don't call

memcpy(,NULL,0) if the buffer is uninitialized, to avoid tripping UBSan. (Unclear if this is valid for this API.) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874144 13f79535-47bb-0310-9956-ffa450edef68
author: Joe Orton <jorton@apache.org> 2020-02-17 17:18:57 +0000
committer: Joe Orton <jorton@apache.org> 2020-02-17 17:18:57 +0000
commit: 7873b26c9843f93c452f864a7960bccc208e6a86 (patch)
tree: 38900a25abb50166e43090f1cf10c2597e148fe8 /modules/dav
parent: e788a8e25006e3dfbdaef4fff032dd2ecbc3ec31 (diff)
download: httpd-7873b26c9843f93c452f864a7960bccc208e6a86.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/modules/dav/main/util.c b/modules/dav/main/util.c
index f131a486aa..e21f626068 100644
--- a/modules/dav/main/util.c
+++ b/modules/dav/main/util.c
@@ -101,6 +101,9 @@ DAV_DECLARE(dav_error*) dav_join_error(dav_error *dest, dav_error *src)
     return dest;
 }
 
+/* ### Unclear if this was designed to be used with an uninitialized
+ * dav_buffer struct, but is used on by dav_lock_get_activelock().
+ * Hence check for pbuf->buf. */
 DAV_DECLARE(void) dav_check_bufsize(apr_pool_t * p, dav_buffer *pbuf,
                                     apr_size_t extra_needed)
 {
@@ -110,7 +113,8 @@ DAV_DECLARE(void) dav_check_bufsize(apr_pool_t * p, dav_buffer *pbuf,
 
         pbuf->alloc_len += extra_needed + DAV_BUFFER_PAD;
         newbuf = apr_palloc(p, pbuf->alloc_len);
-        memcpy(newbuf, pbuf->buf, pbuf->cur_len);
+        if (pbuf->buf)
+            memcpy(newbuf, pbuf->buf, pbuf->cur_len);
         pbuf->buf = newbuf;
     }
 }
author	Joe Orton <jorton@apache.org>	2020-02-17 17:18:57 +0000
committer	Joe Orton <jorton@apache.org>	2020-02-17 17:18:57 +0000
commit	7873b26c9843f93c452f864a7960bccc208e6a86 (patch)
tree	38900a25abb50166e43090f1cf10c2597e148fe8 /modules/dav
parent	e788a8e25006e3dfbdaef4fff032dd2ecbc3ec31 (diff)
download	httpd-7873b26c9843f93c452f864a7960bccc208e6a86.tar.gz