From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 19 Jun 2019 11:11:07 +0000 (+0200)
Subject: Fix memcpy null arg UB
X-Git-Tag: php-7.4.0alpha2~51^2~19
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=317dfab81bedd918de9cf6a9b93428a0b0f86307;p=php

Fix memcpy null arg UB
---

diff --git a/ext/standard/http.c b/ext/standard/http.c
index 3ec6d3b932..dbd71add81 100644
--- a/ext/standard/http.c
+++ b/ext/standard/http.c
@@ -130,8 +130,10 @@ PHPAPI int php_url_encode_hash_ex(HashTable *ht, smart_str *formstr,
 					p += key_prefix_len;
 				}
 
-				memcpy(p, num_prefix, num_prefix_len);
-				p += num_prefix_len;
+				if (num_prefix) {
+					memcpy(p, num_prefix, num_prefix_len);
+					p += num_prefix_len;
+				}
 
 				memcpy(p, ekey, ekey_len);
 				p += ekey_len;
@@ -162,7 +164,9 @@ PHPAPI int php_url_encode_hash_ex(HashTable *ht, smart_str *formstr,
 				smart_str_appendl(formstr, arg_sep, arg_sep_len);
 			}
 			/* Simple key=value */
-			smart_str_appendl(formstr, key_prefix, key_prefix_len);
+			if (key_prefix) {
+				smart_str_appendl(formstr, key_prefix, key_prefix_len);
+			}
 			if (key) {
 				zend_string *ekey;
 				if (enc_type == PHP_QUERY_RFC3986) {
@@ -179,7 +183,9 @@ PHPAPI int php_url_encode_hash_ex(HashTable *ht, smart_str *formstr,
 				}
 				smart_str_append_long(formstr, idx);
 			}
-			smart_str_appendl(formstr, key_suffix, key_suffix_len);
+			if (key_suffix) {
+				smart_str_appendl(formstr, key_suffix, key_suffix_len);
+			}
 			smart_str_appendl(formstr, "=", 1);
 			switch (Z_TYPE_P(zdata)) {
 				case IS_STRING: {