From 9e32b8f531a1e15f85cce97bea931c43a9db7798 Mon Sep 17 00:00:00 2001 From: Shawn Landden Date: Mon, 16 Dec 2013 15:41:00 -0800 Subject: [PATCH] journal: fix against (theoretical) undefined behavior While all the libc implementations I know return NULL when memchr's size parameter is 0, without accessing any memory, passing NULL to memchr is still invalid: C11 7.24.1p2: Where an argument declared as "size_t n" specifies the length of the array for a function, n can have the value zero on a call to that function. Unless explicitly stated otherwise in the description of a particular function in this subclause, pointer arguments on such a call shall still have valid values, as described in 7.1.4. On such a call, a function that locates a character finds no occurrence, a function that compares two character sequences returns zero, and a function that copies characters copies zero characters. see http://llvm.org/bugs/show_bug.cgi?id=18247 --- src/journal/journal-file.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c index 8ea258b..71ef092 100644 --- a/src/journal/journal-file.c +++ b/src/journal/journal-file.c @@ -1010,7 +1010,10 @@ static int journal_file_append_data( if (r < 0) return r; - eq = memchr(data, '=', size); + if (!data) + eq = NULL; + else + eq = memchr(data, '=', size); if (eq && eq > data) { uint64_t fp; Object *fo;