diff options
| author | Robin Haberkorn <robin.haberkorn@googlemail.com> | 2021-12-19 02:38:04 +0100 |
|---|---|---|
| committer | Robin Haberkorn <robin.haberkorn@googlemail.com> | 2021-12-19 02:38:04 +0100 |
| commit | 3614e5877818a3f3e187b43f8247cabaf842c39f (patch) | |
| tree | b93802bf8a26fbebb3c9068b273c8a92e0a97afd /src/cmdline.c | |
| parent | 4ccae4f8c6e9724c7b5a891aecfe37475549ee6a (diff) | |
| download | sciteco-3614e5877818a3f3e187b43f8247cabaf842c39f.tar.gz | |
safer use of memcpy() and memchr(): we must not pass in NULL pointers
* The C standard actually forbids this (undefined behaviour) even though
it seems intuitive that something like `memcpy(foo, NULL, 0)` does no harm.
* It turned out, there were actual real bugs related to this.
If memchr() was called with a variable that can be NULL,
the compiler could assume that the variable is actually always non-NULL
(since glibc declares memchr() with nonnull), consequently eliminating
checks for NULL afterwards.
The same could theoretically happen with memcpy().
This manifested itself in the empty search crashing when building with -O3.
Test case:
sciteco -e '@S//'
* Consequently, the nightly builds (at least for Ubuntu) also had this bug.
* In some cases, the passed in pointers are passed down from the caller but
should not be NULL, so I added runtime assertions to guard against it.
Diffstat (limited to 'src/cmdline.c')
| -rw-r--r-- | src/cmdline.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/cmdline.c b/src/cmdline.c index 5c080af..199bc9a 100644 --- a/src/cmdline.c +++ b/src/cmdline.c @@ -279,6 +279,8 @@ teco_cmdline_keypress_c(gchar key, GError **error) gboolean teco_cmdline_fnmacro(const gchar *name, GError **error) { + g_assert(name != NULL); + /* * NOTE: It should be safe to allocate on the stack since * there are only a limited number of possible function key macros. |