Avoid calling memcpy with n == 0

Some callers of these functions ask to copy 0 items from a NULL source,
which would be valid if they were copied in a loop (because NULL would
never be dereferenced), but is declared to be undefined behaviour for
Standard C memcpy. Guard the call to memcpy so that we only call it
if we have more than 0 items, and therefore should have a non-NULL
source pointer.

Detected by running a subset of the test suite with
-Dsanitize=address,undefined on x86_64.

Signed-off-by: Simon McVittie <smcv@debian.org>
This commit is contained in:
Simon McVittie 2024-07-27 19:06:10 +01:00
parent ca7094296c
commit 6649af5ec6
2 changed files with 4 additions and 2 deletions

View File

@ -207,6 +207,7 @@ gdk_dmabuf_formats_new (GdkDmabufFormat *formats,
self->n_formats = n_formats;
self->formats = g_new (GdkDmabufFormat, n_formats);
if (n_formats != 0)
memcpy (self->formats, formats, n_formats * sizeof (GdkDmabufFormat));
return self;

View File

@ -110,6 +110,7 @@ gtk_symbolic_paintable_snapshot_symbolic (GtkSymbolicPaintable *paintable,
[GTK_SYMBOLIC_COLOR_SUCCESS] = { 0.3046921492332342,0.6015716792553597, 0.023437857633325704, 1.0 }
};
if (n_colors != 0)
memcpy (real_colors, colors, sizeof (GdkRGBA) * n_colors);
iface->snapshot_symbolic (paintable, snapshot, width, height, real_colors, 4);