[glib] gunixfdlist: Fix a potential NULL pointer dereference

From: Philip Withnall <pwithnall src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib] gunixfdlist: Fix a potential NULL pointer dereference
Date: Wed, 27 Nov 2013 10:02:22 +0000 (UTC)

commit aa28ced44e0460fb01406aa17996d863ffe3cbf6
Author: Philip Withnall <philip withnall collabora co uk>
Date:   Tue Nov 26 11:11:21 2013 +0000

    gunixfdlist: Fix a potential NULL pointer dereference
    
    In the case that (n_fds == 0 && fds == NULL), memcpy() would be called
    against a NULL src pointer. Even though the number of bytes to copy is
    0, avoid the possibility of a crash by only calling if fds is non-NULL.
    
    Found by scan-build.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=113075

 gio/gunixfdlist.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)
---
diff --git a/gio/gunixfdlist.c b/gio/gunixfdlist.c
index 4898202..7d5d732 100644
--- a/gio/gunixfdlist.c
+++ b/gio/gunixfdlist.c
@@ -183,7 +183,8 @@ g_unix_fd_list_new_from_array (const gint *fds,
   list->priv->fds = g_new (gint, n_fds + 1);
   list->priv->nfd = n_fds;
 
-  memcpy (list->priv->fds, fds, sizeof (gint) * n_fds);
+  if (n_fds > 0)
+    memcpy (list->priv->fds, fds, sizeof (gint) * n_fds);
   list->priv->fds[n_fds] = -1;
 
   return list;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]