From 975f8fcfdba56294bb190d745cdd449a52e633f4 Mon Sep 17 00:00:00 2001 From: Olly Betts Date: Fri, 4 Sep 2020 10:44:49 +1200 Subject: [PATCH] Avoid undefined behaviour in DOH Replace() function If the source and replacement strings were the same length, the code was performing undefined pointer arithmetic involving a NULL pointer. I'm not aware of any observable effects of this in practice, but it's potentially problematic. It's detected by ubsan, for example when running `make check-python-test-suite`: DOH/string.c:839:4: runtime error: applying non-zero offset to non-null pointer 0x602000001558 produced null pointer SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior DOH/string.c:839:4 in --- Source/DOH/string.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Source/DOH/string.c b/Source/DOH/string.c index 3689f4ffe..093330b89 100644 --- a/Source/DOH/string.c +++ b/Source/DOH/string.c @@ -836,7 +836,9 @@ static int replace_simple(String *str, char *token, char *rep, int flags, int co memmove(t, s, (str->str + str->len) - s + 1); } } else { - t += (c - s); + if (c) { + t += (c - s); + } } s = c; ic--;