From 6ddbca6f2bc94b7e45958dab5576b3d9e48a6e5e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
Date: Tue, 15 May 2018 08:18:01 +0200
Subject: [PATCH] isc_buffer_*(): if source can be NULL, only call memmove()
 when length is non-zero

Certain isc_buffer_*() functions might call memmove() with the second
argument (source) set to NULL and the third argument (length) set to 0.
While harmless, it triggers an ubsan warning:

    runtime error: null pointer passed as argument 2, which is declared to never be null

Modify all memmove() call sites in lib/isc/include/isc/buffer.h and
lib/isc/buffer.c which may potentially use NULL as the second argument
(source) so that memmove() is only called if the third argument (length)
is non-zero.
---
 lib/isc/buffer.c             | 15 +++++++++++----
 lib/isc/include/isc/buffer.h |  6 ++++--
 lib/isc/netaddr.c            |  2 +-
 3 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/lib/isc/buffer.c b/lib/isc/buffer.c
index 3e24a27b27..79b64d75c4 100644
--- a/lib/isc/buffer.c
+++ b/lib/isc/buffer.c
@@ -59,7 +59,10 @@ isc_buffer_reinit(isc_buffer_t *b, void *base, unsigned int length) {
 	REQUIRE(base != NULL);
 	REQUIRE(!b->autore);
 
-	(void)memmove(base, b->base, b->length);
+	if (b->length > 0U) {
+		(void)memmove(base, b->base, b->length);
+	}
+
 	b->base = base;
 	b->length = length;
 }
@@ -253,7 +256,9 @@ isc_buffer_compact(isc_buffer_t *b) {
 
 	src = isc_buffer_current(b);
 	length = isc_buffer_remaininglength(b);
-	(void)memmove(b->base, src, (size_t)length);
+	if (length > 0U) {
+		(void)memmove(b->base, src, (size_t)length);
+	}
 
 	if (b->active > b->current)
 		b->active -= b->current;
@@ -526,8 +531,10 @@ isc_buffer_copyregion(isc_buffer_t *b, const isc_region_t *r) {
 	}
 	if (r->length > available)
 		return (ISC_R_NOSPACE);
-	memmove(base, r->base, r->length);
-	b->used += r->length;
+	if (r->length > 0U) {
+		memmove(base, r->base, r->length);
+		b->used += r->length;
+	}
 
 	return (ISC_R_SUCCESS);
 }
diff --git a/lib/isc/include/isc/buffer.h b/lib/isc/include/isc/buffer.h
index 8eb7791a09..9af0f40fe3 100644
--- a/lib/isc/include/isc/buffer.h
+++ b/lib/isc/include/isc/buffer.h
@@ -920,8 +920,10 @@ ISC_LANG_ENDDECLS
 				== ISC_R_SUCCESS); \
 		} \
 		ISC_REQUIRE(isc_buffer_availablelength(_b) >= (unsigned int) _length); \
-		memmove(isc_buffer_used(_b), (_base), (_length)); \
-		(_b)->used += (_length); \
+		if (_length > 0U) { \
+			memmove(isc_buffer_used(_b), (_base), (_length)); \
+			(_b)->used += (_length); \
+		} \
 	} while (0)
 
 #define ISC__BUFFER_PUTSTR(_b, _source) \
diff --git a/lib/isc/netaddr.c b/lib/isc/netaddr.c
index 0f29a6fff3..233c1e90df 100644
--- a/lib/isc/netaddr.c
+++ b/lib/isc/netaddr.c
@@ -166,7 +166,7 @@ isc_netaddr_totext(const isc_netaddr_t *netaddr, isc_buffer_t *target) {
 		return (ISC_R_NOSPACE);
 
 	isc_buffer_putmem(target, (unsigned char *)abuf, alen);
-	isc_buffer_putmem(target, (unsigned char *)zbuf, zlen);
+	isc_buffer_putmem(target, (unsigned char *)zbuf, (unsigned int)zlen);
 
 	return (ISC_R_SUCCESS);
 }