libctf, serialize: functions with no args have a NULL dtd_vlen

Every place that accesses a function's dtd_vlen accesses it only if the
number of args is nonzero, except the serializer, which always tries to
memcpy it.  The number of bytes it memcpys in this case is zero, but it
is still undefined behaviour to copy zero bytes from a null pointer.
So check for this case explicitly.

libctf/ChangeLog
2021-03-25  Nick Alcock  <nick.alcock@oracle.com>

	PR libctf/27628
	* ctf-serialize.c (ctf_emit_type_sect): Allow for a NULL vlen in
	CTF_K_FUNCTION types.

diff --git a/libctf/ChangeLog b/libctf/ChangeLog
index 909c4fc87b5c2806daecd141b27a11f481ac00c7..a9e76ecd7cae88132f13bbda636aaf195dc1dc96 100644 (file)
--- a/libctf/ChangeLog
+++ b/libctf/ChangeLog
@@ -1,3 +1,9 @@
+2021-03-25  Nick Alcock  <nick.alcock@oracle.com>
+
+       PR libctf/27628
+       * ctf-serialize.c (ctf_emit_type_sect): Allow for a NULL vlen in
+       CTF_K_FUNCTION types.
+
 2021-03-25  Nick Alcock  <nick.alcock@oracle.com>
 
        * ctf-dump.c (ctf_dump_format_type): Don't emit size or alignment

diff --git a/libctf/ctf-serialize.c b/libctf/ctf-serialize.c
index 0811b7b6efed4e2d3f1ae4fa4ca9dacb1c19ce26..9f50280176c5ab6d0594087d3f83efca32f9a4a6 100644 (file)
--- a/libctf/ctf-serialize.c
+++ b/libctf/ctf-serialize.c
@@ -849,7 +849,9 @@ ctf_emit_type_sect (ctf_dict_t *fp, unsigned char **tptr)
          break;
 
        case CTF_K_FUNCTION:
-         memcpy (t, dtd->dtd_vlen, sizeof (uint32_t) * (vlen + (vlen & 1)));
+         /* Functions with no args also have no vlen.  */
+         if (dtd->dtd_vlen)
+           memcpy (t, dtd->dtd_vlen, sizeof (uint32_t) * (vlen + (vlen & 1)));
          t += sizeof (uint32_t) * (vlen + (vlen & 1));
          break;