libctf, serialize: functions with no args have a NULL dtd_vlen

Every place that accesses a function's dtd_vlen accesses it only if the number of args is nonzero, except the serializer, which always tries to memcpy it. The number of bytes it memcpys in this case is zero, but it is still undefined behaviour to copy zero bytes from a null pointer. So check for this case explicitly. libctf/ChangeLog 2021-03-25 Nick Alcock <nick.alcock@oracle.com> PR libctf/27628 * ctf-serialize.c (ctf_emit_type_sect): Allow for a NULL vlen in CTF_K_FUNCTION types.
2021-03-25 16:32:46 +00:00 · 2021-03-25 16:32:46 +00:00 · 86f64bf43f
commit 86f64bf43f
parent 24c877f9b1
2 changed files with 9 additions and 1 deletions
--- a/libctf/ChangeLog
+++ b/libctf/ChangeLog
@ -1,3 +1,9 @@
+2021-03-25  Nick Alcock  <nick.alcock@oracle.com>
+
+	PR libctf/27628
+	* ctf-serialize.c (ctf_emit_type_sect): Allow for a NULL vlen in
+	CTF_K_FUNCTION types.
+
 2021-03-25  Nick Alcock  <nick.alcock@oracle.com>

 	* ctf-dump.c (ctf_dump_format_type): Don't emit size or alignment
--- a/libctf/ctf-serialize.c
+++ b/libctf/ctf-serialize.c
@ -849,7 +849,9 @@ ctf_emit_type_sect (ctf_dict_t *fp, unsigned char **tptr)
 	  break;

 	case CTF_K_FUNCTION:
-	  memcpy (t, dtd->dtd_vlen, sizeof (uint32_t) * (vlen + (vlen & 1)));
+	  /* Functions with no args also have no vlen.  */
+	  if (dtd->dtd_vlen)
+	    memcpy (t, dtd->dtd_vlen, sizeof (uint32_t) * (vlen + (vlen & 1)));
 	  t += sizeof (uint32_t) * (vlen + (vlen & 1));
 	  break;