From a9793feacefac6d44b761bed12566029f5811063 Mon Sep 17 00:00:00 2001 From: Ben Wagner Date: Tue, 15 Aug 2023 11:30:26 -0400 Subject: [PATCH] [base] Avoid UB with memcpy `FT_NEW_ARRAY(p, 0)` sets `p` to `NULL`. `FT_Stream_ReadAt` with a memory based stream uses `FT_MEM_COPY` which is `memcpy` which specifies that it is undefined behavior for either the `src` or `dst` to be `NULL`. Instead of forcing all callers work around calling `FT_Stream_Read` when `buffer == NULL && count == 0` do the check in `FT_StreamRead`. This allows any call with `count == 0` to succesfully read zero bytes without UB. * src/base/ftstream.c (FT_Stream_ReadAt): skip `FT_MEM_COPY` when `count == 0`. (FT_Stream_TryRead): ditto Fixes: #1250 --- src/base/ftstream.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/base/ftstream.c b/src/base/ftstream.c index 05c563757..64826aceb 100644 --- a/src/base/ftstream.c +++ b/src/base/ftstream.c @@ -141,7 +141,9 @@ if ( read_bytes > count ) read_bytes = count; - FT_MEM_COPY( buffer, stream->base + pos, read_bytes ); + /* Allow "reading" zero bytes without UB even if buffer is NULL */ + if ( count ) + FT_MEM_COPY( buffer, stream->base + pos, read_bytes ); } stream->pos = pos + read_bytes; @@ -178,7 +180,9 @@ if ( read_bytes > count ) read_bytes = count; - FT_MEM_COPY( buffer, stream->base + stream->pos, read_bytes ); + /* Allow "reading" zero bytes without UB even if buffer is NULL */ + if ( count ) + FT_MEM_COPY( buffer, stream->base + stream->pos, read_bytes ); } stream->pos += read_bytes;