diff options
author | Marko Mäkelä <marko.makela@mariadb.com> | 2020-09-23 12:47:49 +0300 |
---|---|---|
committer | Marko Mäkelä <marko.makela@mariadb.com> | 2020-09-23 12:47:49 +0300 |
commit | 7c5519c12d46ead947d341cbdcbb6fbbe4d4fe1b (patch) | |
tree | 005b12e21b8c38e7bac3aca5042f1145e28acc30 | |
parent | 70960bd33d2699bc96821ec0a0381ca6de86e93e (diff) | |
download | mariadb-git-7c5519c12d46ead947d341cbdcbb6fbbe4d4fe1b.tar.gz |
MDEV-22387: Do not violate __attribute__((nonnull))
Passing a null pointer to a nonnull argument is not only undefined
behaviour, but it also grants the compiler the permission to optimize
away further checks whether the pointer is null. GCC -O2 at least
starting with version 8 may do that, potentially causing SIGSEGV.
-rw-r--r-- | sql/protocol.cc | 8 | ||||
-rw-r--r-- | sql/sql_string.cc | 2 | ||||
-rw-r--r-- | strings/ctype-mb.c | 6 |
3 files changed, 10 insertions, 6 deletions
diff --git a/sql/protocol.cc b/sql/protocol.cc index aa795b9d12a..de6d1b96f76 100644 --- a/sql/protocol.cc +++ b/sql/protocol.cc @@ -1,5 +1,5 @@ /* Copyright (c) 2000, 2012, Oracle and/or its affiliates. - Copyright (c) 2008, 2012, Monty Program Ab + Copyright (c) 2008, 2020, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -58,7 +58,8 @@ bool Protocol_binary::net_store_data(const uchar *from, size_t length) packet->realloc(packet_length+9+length)) return 1; uchar *to= net_store_length((uchar*) packet->ptr()+packet_length, length); - memcpy(to,from,length); + if (length) + memcpy(to,from,length); packet->length((uint) (to+length-(uchar*) packet->ptr())); return 0; } @@ -715,7 +716,8 @@ void net_send_progress_packet(THD *thd) uchar *net_store_data(uchar *to, const uchar *from, size_t length) { to=net_store_length_fast(to,length); - memcpy(to,from,length); + if (length) + memcpy(to,from,length); return to+length; } diff --git a/sql/sql_string.cc b/sql/sql_string.cc index 177d2a77d09..b79ca82698b 100644 --- a/sql/sql_string.cc +++ b/sql/sql_string.cc @@ -826,7 +826,7 @@ int sortcmp(const String *s,const String *t, CHARSET_INFO *cs) int stringcmp(const String *s,const String *t) { uint32 s_len=s->length(),t_len=t->length(),len=MY_MIN(s_len,t_len); - int cmp= memcmp(s->ptr(), t->ptr(), len); + int cmp= len ? memcmp(s->ptr(), t->ptr(), len) : 0; return (cmp) ? cmp : (int) (s_len - t_len); } diff --git a/strings/ctype-mb.c b/strings/ctype-mb.c index 3bcd29bbb8b..cabc940065b 100644 --- a/strings/ctype-mb.c +++ b/strings/ctype-mb.c @@ -1,5 +1,5 @@ /* Copyright (c) 2000, 2014, Oracle and/or its affiliates. - Copyright (c) 2009, 2014, SkySQL Ab. + Copyright (c) 2009, 2020, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -407,7 +407,9 @@ my_copy_fix_mb(CHARSET_INFO *cs, src, src + src_length, nchars, status); DBUG_ASSERT(well_formed_nchars <= nchars); - memmove(dst, src, (well_formed_length= status->m_source_end_pos - src)); + well_formed_length= status->m_source_end_pos - src; + if (well_formed_length) + memmove(dst, src, well_formed_length); if (!status->m_well_formed_error_pos) return well_formed_length; |