From 28f5dd8a4c8aa053f417bcf7f1da94daa8915ca9 Mon Sep 17 00:00:00 2001 From: Florin Malita Date: Thu, 14 Jun 2018 13:56:53 -0400 Subject: [skjson] Fix ASAN undefined behavior ASAN opines that a nullptr memcpy dest is undefined behavior, even when n == 0. ASAN may be right. This doesn't occur internally, in the parser, but can be triggered with the DOM builder API (as do some tests currently). We could say "don't do that", but if someone wants to build an empty string/array/object, it's kind of awkward to force them to provide a valid source pointer instead of simply e.g. Array(nullptr, 0). So let's guard for this case to make ASAN happy. Change-Id: If12e39f5eb8b273f22bbb0b5fce3321bf6482173 Reviewed-on: https://skia-review.googlesource.com/134944 Reviewed-by: Mike Klein Commit-Queue: Florin Malita --- modules/skjson/src/SkJSON.cpp | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/skjson/src/SkJSON.cpp b/modules/skjson/src/SkJSON.cpp index e0a8f4371c..64f1302a7e 100644 --- a/modules/skjson/src/SkJSON.cpp +++ b/modules/skjson/src/SkJSON.cpp @@ -82,9 +82,12 @@ static void* MakeVector(const void* src, size_t size, SkArenaAlloc& alloc) { // The Ts are already in memory, so their size should be safe. const auto total_size = sizeof(size_t) + size * sizeof(T) + extra_alloc_size; auto* size_ptr = reinterpret_cast(alloc.makeBytesAlignedTo(total_size, kRecAlign)); - auto* data_ptr = reinterpret_cast(size_ptr + 1); *size_ptr = size; - memcpy(data_ptr, src, size * sizeof(T)); + + if (size) { + auto* data_ptr = reinterpret_cast(size_ptr + 1); + memcpy(data_ptr, src, size * sizeof(T)); + } return size_ptr; } @@ -121,8 +124,10 @@ StringValue::StringValue(const char* src, size_t size, SkArenaAlloc& alloc) { this->init_tagged(Tag::kShortString); auto* payload = this->cast(); - memcpy(payload, src, size); - payload[size] = '\0'; + if (size) { + memcpy(payload, src, size); + payload[size] = '\0'; + } const auto len_tag = SkTo(kMaxInlineStringSize - size); // This technically overwrites the tag, but is safe because -- cgit v1.2.3