From 656a0f076f7f49d166b414d7cf5972d2919877d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Wed, 19 Jan 2022 17:05:00 +0100
Subject: [PATCH] Additional safety check for negative array index

inet_ntop result should always protect against empty string accepted
without an error. Make additional check to satisfy coverity scans.
---
 lib/dns/rdata.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
index 1665f87d93..76e25955f7 100644
--- a/lib/dns/rdata.c
+++ b/lib/dns/rdata.c
@@ -1937,9 +1937,9 @@ inet_totext(int af, uint32_t flags, isc_region_t *src, isc_buffer_t *target) {
 	 * parsing, so append 0 in that case.
 	 */
 	if (af == AF_INET6 && (flags & DNS_STYLEFLAG_YAML) != 0) {
-		isc_textregion_t tr;
-		isc_buffer_usedregion(target, (isc_region_t *)&tr);
-		if (tr.base[tr.length - 1] == ':') {
+		isc_region_t r;
+		isc_buffer_usedregion(target, &r);
+		if (r.length > 0 && r.base[r.length - 1] == ':') {
 			if (isc_buffer_availablelength(target) == 0) {
 				return (ISC_R_NOSPACE);
 			}