diff options
author | Lasse Collin <lasse.collin@tukaani.org> | 2019-05-13 20:05:17 +0300 |
---|---|---|
committer | Lasse Collin <lasse.collin@tukaani.org> | 2019-07-13 17:56:28 +0300 |
commit | 596ed3de4485a4b1d83b5fe506ae9d0a172139b4 (patch) | |
tree | 180958bc66ccbca4a38fd988154273ba302e1481 /src/scripts | |
parent | Update THANKS. (diff) | |
download | xz-596ed3de4485a4b1d83b5fe506ae9d0a172139b4.tar.xz |
liblzma: Avoid memcpy(NULL, foo, 0) because it is undefined behavior.
I should have always known this but I didn't. Here is an example
as a reminder to myself:
int mycopy(void *dest, void *src, size_t n)
{
memcpy(dest, src, n);
return dest == NULL;
}
In the example, a compiler may assume that dest != NULL because
passing NULL to memcpy() would be undefined behavior. Testing
with GCC 8.2.1, mycopy(NULL, NULL, 0) returns 1 with -O0 and -O1.
With -O2 the return value is 0 because the compiler infers that
dest cannot be NULL because it was already used with memcpy()
and thus the test for NULL gets optimized out.
In liblzma, if a null-pointer was passed to memcpy(), there were
no checks for NULL *after* the memcpy() call, so I cautiously
suspect that it shouldn't have caused bad behavior in practice,
but it's hard to be sure, and the problematic cases had to be
fixed anyway.
Thanks to Jeffrey Walton.
Diffstat (limited to 'src/scripts')
0 files changed, 0 insertions, 0 deletions