From 520b6fd36ed553f973e94f6783ab0ea0fb3efa02 Mon Sep 17 00:00:00 2001 From: Dmitry Volyntsev Date: Thu, 29 Aug 2019 15:12:44 +0300 Subject: [PATCH] Fixed null pointer passing for args declared to never be null. Found by UndefinedBehaviorSanitizer. --- src/njs_array.c | 4 +++- src/njs_generator.c | 12 ++++++++---- src/njs_sprintf.c | 9 +++++++-- src/njs_string.c | 7 +++++-- src/njs_vm.c | 7 +++++-- 5 files changed, 28 insertions(+), 11 deletions(-) diff --git a/src/njs_array.c b/src/njs_array.c index fce09472..31bcf661 100644 --- a/src/njs_array.c +++ b/src/njs_array.c @@ -152,7 +152,9 @@ njs_array_expand(njs_vm_t *vm, njs_array_t *array, uint32_t prepend, array->data = start; start += prepend; - memcpy(start, array->start, array->length * sizeof(njs_value_t)); + if (array->length != 0) { + memcpy(start, array->start, array->length * sizeof(njs_value_t)); + } array->start = start; diff --git a/src/njs_generator.c b/src/njs_generator.c index dbefd02c..b272bcbf 100644 --- a/src/njs_generator.c +++ b/src/njs_generator.c @@ -1323,7 +1323,7 @@ njs_generate_find_block(njs_generator_block_t *block, uint32_t mask, * loop or switch statement. */ if ((mask & NJS_GENERATOR_ALL) == NJS_GENERATOR_ALL - && !njs_strstr_eq(label, &no_label)) + && label->length != 0) { mask |= NJS_GENERATOR_BLOCK; } @@ -3376,9 +3376,13 @@ njs_generate_reference_error(njs_vm_t *vm, njs_generator_t *generator, ref_err->token_line = node->token_line; - ret = njs_name_copy(vm, &ref_err->file, &node->scope->file); - if (njs_slow_path(ret != NJS_OK)) { - return NJS_ERROR; + ref_err->file.length = node->scope->file.length; + + if (ref_err->file.length != 0) { + ret = njs_name_copy(vm, &ref_err->file, &node->scope->file); + if (njs_slow_path(ret != NJS_OK)) { + return NJS_ERROR; + } } return njs_name_copy(vm, &ref_err->name, &node->u.reference.name); diff --git a/src/njs_sprintf.c b/src/njs_sprintf.c index 1f7358e8..9ae73966 100644 --- a/src/njs_sprintf.c +++ b/src/njs_sprintf.c @@ -86,7 +86,7 @@ njs_vsprintf(u_char *buf, u_char *end, const char *fmt, va_list args) u_char *p; int d; double f, i; - size_t length; + size_t size, length; int64_t i64; uint64_t ui64, frac; njs_str_t *v; @@ -418,7 +418,12 @@ njs_vsprintf(u_char *buf, u_char *end, const char *fmt, va_list args) copy: - buf = njs_cpymem(buf, p, njs_min((size_t) (end - buf), length)); + size = njs_min((size_t) (end - buf), length); + + if (size != 0) { + buf = njs_cpymem(buf, p, size); + } + continue; } diff --git a/src/njs_string.c b/src/njs_string.c index 848710f5..1f1db2cc 100644 --- a/src/njs_string.c +++ b/src/njs_string.c @@ -3789,8 +3789,11 @@ njs_string_replace_join(njs_vm_t *vm, njs_string_replace_t *r) p = string; for (i = 0; i < n; i++) { - p = memcpy(p, part[i].start, part[i].size); - p += part[i].size; + size = part[i].size; + + if (size != 0) { + p = njs_cpymem(p, part[i].start, size); + } /* GC: release valid values. */ } diff --git a/src/njs_vm.c b/src/njs_vm.c index 4261a4bf..5aef0174 100644 --- a/src/njs_vm.c +++ b/src/njs_vm.c @@ -347,8 +347,11 @@ njs_vm_init(njs_vm_t *vm) frame->native.free = values + scope_size; vm->scopes[NJS_SCOPE_GLOBAL] = (njs_value_t *) values; - memcpy(values + NJS_INDEX_GLOBAL_OFFSET, vm->global_scope, - vm->scope_size); + + if (vm->global_scope != 0) { + memcpy(values + NJS_INDEX_GLOBAL_OFFSET, vm->global_scope, + vm->scope_size); + } ret = njs_regexp_init(vm); if (njs_slow_path(ret != NJS_OK)) { -- 2.47.3