Opened 4 years ago

Closed 4 years ago

#18373 closed defect (fixed)

Trunnel can generate memcpy(p,NULL,0)

Reported by: nickm Owned by: nickm
Priority: Medium Milestone: Tor: 0.2.8.x-final
Component: Core Tor/Tor Version:
Severity: Minor Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Passing a null pointer to memcpy is undefined behavior, even when the length is zero. Trunnel could try to do this when serializing an empty dynamic-length array. Still, undefined behavior is bad.

Child Tickets

Change History (2)

comment:1 Changed 4 years ago by nickm

Owner: set to nickm
Status: newaccepted

comment:2 Changed 4 years ago by nickm

Resolution: fixed
Status: acceptedclosed

Fixed in a508119169388fbef84204cb7f8e25b84823b71e. (I believe this bug is only reachable from the unit tests.)

Note: See TracTickets for help on using tickets.