From 2e9e8562873f8a9a6eac62d24d577175ae711672 Mon Sep 17 00:00:00 2001 From: Alan Antonuk Date: Sat, 20 Aug 2016 11:43:21 -0700 Subject: Lib: fix undefined behavior in amqp_encode_bytes Passing a NULL pointer to the src parameter of memcpy results in undefined behavior even if the len parameter is 0. Fix is to check for the length before attempting to memcpy. --- librabbitmq/amqp_private.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/librabbitmq/amqp_private.h b/librabbitmq/amqp_private.h index 772e976..952480c 100644 --- a/librabbitmq/amqp_private.h +++ b/librabbitmq/amqp_private.h @@ -346,6 +346,13 @@ static inline int amqp_encode_bytes(amqp_bytes_t encoded, size_t *offset, amqp_bytes_t input) { size_t o = *offset; + /* The memcpy below has undefined behavior if the input is NULL. It is valid + * for a 0-length amqp_bytes_t to have .bytes == NULL. Thus we should check + * before encoding. + */ + if (input.len == 0) { + return 1; + } if ((*offset = o + input.len) <= encoded.len) { memcpy(amqp_offset(encoded.bytes, o), input.bytes, input.len); return 1; -- cgit v1.2.1