From: Tom Lane <tgl@sss.pgh.pa.us> Date: Sun, 2 Aug 2015 19:48:27 +0000 (-0400) Subject: Avoid calling memcpy() with a NULL source pointer and count == 0. X-Git-Tag: REL9_6_BETA1~1570 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=13bba02271dce865cd20b6f49224889c73fed4e7;p=postgresql Avoid calling memcpy() with a NULL source pointer and count == 0. As in commit 0a52d378b03b7d5a, avoid doing something that has undefined results according to the C standard, even though in practice there does not seem to be any problem with it. This fixes two places in numeric.c that demonstrably could call memcpy() with such arguments. I looked through that file and didn't see any other places with similar hazards; this is not to claim that there are not such places in other files. Per report from Piotr Stefaniak. Back-patch to 9.5 which is where the previous commit was added. We're more or less setting a precedent that we will not worry about this type of issue in pre-9.5 branches unless someone demonstrates a problem in the field. --- diff --git a/src/backend/utils/adt/numeric.c b/src/backend/utils/adt/numeric.c index 7ce41b7888..1bfa29e1b2 100644 --- a/src/backend/utils/adt/numeric.c +++ b/src/backend/utils/adt/numeric.c @@ -4769,7 +4769,9 @@ set_var_from_var(NumericVar *value, NumericVar *dest) newbuf = digitbuf_alloc(value->ndigits + 1); newbuf[0] = 0; /* spare digit for rounding */ - memcpy(newbuf + 1, value->digits, value->ndigits * sizeof(NumericDigit)); + if (value->ndigits > 0) /* else value->digits might be null */ + memcpy(newbuf + 1, value->digits, + value->ndigits * sizeof(NumericDigit)); digitbuf_free(dest->buf); @@ -5090,8 +5092,9 @@ make_result(NumericVar *var) result->choice.n_long.n_weight = weight; } - memcpy(NUMERIC_DIGITS(result), digits, n * sizeof(NumericDigit)); Assert(NUMERIC_NDIGITS(result) == n); + if (n > 0) + memcpy(NUMERIC_DIGITS(result), digits, n * sizeof(NumericDigit)); /* Check for overflow of int16 fields */ if (NUMERIC_WEIGHT(result) != weight ||