From: Kevin McCarthy Date: Thu, 19 Nov 2015 00:14:39 +0000 (-0800) Subject: Fix memcpy buf=NULL/len=0 issue in replace_part(). (closes #3790) X-Git-Tag: neomutt-20160404~101 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=17846f2a37be2f5762de9f3fce6fd3431bbb3ea8;p=neomutt Fix memcpy buf=NULL/len=0 issue in replace_part(). (closes #3790) Calling memcpy with src or dest=NULL is technically illegal, even if len=0. Recent compilers seem to now be generating warnings/errors with this. replace_part() is currently the only place we are getting bug reports, so for now just fix the problem in this one place. --- diff --git a/enter.c b/enter.c index 377e7a1c2..4ea636ffb 100644 --- a/enter.c +++ b/enter.c @@ -166,24 +166,32 @@ static void replace_part (ENTER_STATE *state, size_t from, char *buf) { /* Save the suffix */ size_t savelen = state->lastchar - state->curpos; - wchar_t *savebuf = safe_calloc (savelen, sizeof (wchar_t)); - memcpy (savebuf, state->wbuf + state->curpos, savelen * sizeof (wchar_t)); + wchar_t *savebuf = NULL; + + if (savelen) + { + savebuf = safe_calloc (savelen, sizeof (wchar_t)); + memcpy (savebuf, state->wbuf + state->curpos, savelen * sizeof (wchar_t)); + } /* Convert to wide characters */ state->curpos = my_mbstowcs (&state->wbuf, &state->wbuflen, from, buf); - /* Make space for suffix */ - if (state->curpos + savelen > state->wbuflen) + if (savelen) { - state->wbuflen = state->curpos + savelen; - safe_realloc (&state->wbuf, state->wbuflen * sizeof (wchar_t)); + /* Make space for suffix */ + if (state->curpos + savelen > state->wbuflen) + { + state->wbuflen = state->curpos + savelen; + safe_realloc (&state->wbuf, state->wbuflen * sizeof (wchar_t)); + } + + /* Restore suffix */ + memcpy (state->wbuf + state->curpos, savebuf, savelen * sizeof (wchar_t)); + FREE (&savebuf); } - /* Restore suffix */ - memcpy (state->wbuf + state->curpos, savebuf, savelen * sizeof (wchar_t)); state->lastchar = state->curpos + savelen; - - FREE (&savebuf); } /*