diff options
author | Alan Antonuk <alan.antonuk@gmail.com> | 2016-08-20 11:43:21 -0700 |
---|---|---|
committer | Alan Antonuk <alan.antonuk@gmail.com> | 2016-08-20 11:43:21 -0700 |
commit | 2e9e8562873f8a9a6eac62d24d577175ae711672 (patch) | |
tree | 4e5f58744d236a28f42f8a8ac7a6fbe07f29fedd /librabbitmq | |
parent | 5560f30b771d85bac9f753eb12074c40c6de1e97 (diff) | |
download | rabbitmq-c-2e9e8562873f8a9a6eac62d24d577175ae711672.tar.gz |
Lib: fix undefined behavior in amqp_encode_bytes
Passing a NULL pointer to the src parameter of memcpy results in
undefined behavior even if the len parameter is 0. Fix is to check for
the length before attempting to memcpy.
Diffstat (limited to 'librabbitmq')
-rw-r--r-- | librabbitmq/amqp_private.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/librabbitmq/amqp_private.h b/librabbitmq/amqp_private.h index 772e976..952480c 100644 --- a/librabbitmq/amqp_private.h +++ b/librabbitmq/amqp_private.h @@ -346,6 +346,13 @@ static inline int amqp_encode_bytes(amqp_bytes_t encoded, size_t *offset, amqp_bytes_t input) { size_t o = *offset; + /* The memcpy below has undefined behavior if the input is NULL. It is valid + * for a 0-length amqp_bytes_t to have .bytes == NULL. Thus we should check + * before encoding. + */ + if (input.len == 0) { + return 1; + } if ((*offset = o + input.len) <= encoded.len) { memcpy(amqp_offset(encoded.bytes, o), input.bytes, input.len); return 1; |