Lib: fix undefined behavior in amqp_encode_bytes

Passing a NULL pointer to the src parameter of memcpy results in undefined behavior even if the len parameter is 0. Fix is to check for the length before attempting to memcpy.
author: Alan Antonuk <alan.antonuk@gmail.com> 2016-08-20 11:43:21 -0700
committer: Alan Antonuk <alan.antonuk@gmail.com> 2016-08-20 11:43:21 -0700
commit: 2e9e8562873f8a9a6eac62d24d577175ae711672 (patch)
tree: 4e5f58744d236a28f42f8a8ac7a6fbe07f29fedd /librabbitmq
parent: 5560f30b771d85bac9f753eb12074c40c6de1e97 (diff)
download: rabbitmq-c-2e9e8562873f8a9a6eac62d24d577175ae711672.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/librabbitmq/amqp_private.h b/librabbitmq/amqp_private.h
index 772e976..952480c 100644
--- a/librabbitmq/amqp_private.h
+++ b/librabbitmq/amqp_private.h
@@ -346,6 +346,13 @@ static inline int amqp_encode_bytes(amqp_bytes_t encoded, size_t *offset,
                                     amqp_bytes_t input)
 {
   size_t o = *offset;
+  /* The memcpy below has undefined behavior if the input is NULL. It is valid
+   * for a 0-length amqp_bytes_t to have .bytes == NULL. Thus we should check
+   * before encoding.
+   */
+  if (input.len == 0) {
+    return 1;
+  }
   if ((*offset = o + input.len) <= encoded.len) {
     memcpy(amqp_offset(encoded.bytes, o), input.bytes, input.len);
     return 1;
author	Alan Antonuk <alan.antonuk@gmail.com>	2016-08-20 11:43:21 -0700
committer	Alan Antonuk <alan.antonuk@gmail.com>	2016-08-20 11:43:21 -0700
commit	2e9e8562873f8a9a6eac62d24d577175ae711672 (patch)
tree	4e5f58744d236a28f42f8a8ac7a6fbe07f29fedd /librabbitmq
parent	5560f30b771d85bac9f753eb12074c40c6de1e97 (diff)
download	rabbitmq-c-2e9e8562873f8a9a6eac62d24d577175ae711672.tar.gz