diff options
author | Alan Antonuk <alan.antonuk@gmail.com> | 2016-08-20 11:43:21 -0700 |
---|---|---|
committer | Alan Antonuk <alan.antonuk@gmail.com> | 2016-08-20 11:43:21 -0700 |
commit | 2e9e8562873f8a9a6eac62d24d577175ae711672 (patch) | |
tree | 4e5f58744d236a28f42f8a8ac7a6fbe07f29fedd | |
parent | 5560f30b771d85bac9f753eb12074c40c6de1e97 (diff) | |
download | rabbitmq-c-2e9e8562873f8a9a6eac62d24d577175ae711672.tar.gz |
Lib: fix undefined behavior in amqp_encode_bytes
Passing a NULL pointer to the src parameter of memcpy results in
undefined behavior even if the len parameter is 0. Fix is to check for
the length before attempting to memcpy.
-rw-r--r-- | librabbitmq/amqp_private.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/librabbitmq/amqp_private.h b/librabbitmq/amqp_private.h index 772e976..952480c 100644 --- a/librabbitmq/amqp_private.h +++ b/librabbitmq/amqp_private.h @@ -346,6 +346,13 @@ static inline int amqp_encode_bytes(amqp_bytes_t encoded, size_t *offset, amqp_bytes_t input) { size_t o = *offset; + /* The memcpy below has undefined behavior if the input is NULL. It is valid + * for a 0-length amqp_bytes_t to have .bytes == NULL. Thus we should check + * before encoding. + */ + if (input.len == 0) { + return 1; + } if ((*offset = o + input.len) <= encoded.len) { memcpy(amqp_offset(encoded.bytes, o), input.bytes, input.len); return 1; |