• René Scharfe's avatar
    parse-options: avoid arithmetic on pointer that's potentially NULL · 169bed74
    René Scharfe authored
    parse_options_dup() counts the number of elements in the given array
    without the end marker, allocates enough memory to hold all of them plus
    an end marker, then copies them and terminates the new array.  The
    counting part is done by advancing a pointer through the array, and the
    original pointer is reconstructed using pointer subtraction before the
    copy operation.
    
    The function is also prepared to handle a NULL pointer passed to it.
    None of its callers do that currently, but this feature was used by
    46e91b66 ("checkout: split part of it to new command 'restore'",
    2019-04-25); it seems worth keeping.
    
    It ends up doing arithmetic on that NULL pointer, though, which is
    undefined in standard C, when it tries to calculate "NULL - 0".  Better
    avoid doing that by remembering the originally given pointer value.
    
    There is another issue, though.  memcpy(3) does not support NULL
    pointers, even for empty arrays.  Use COPY_ARRAY instead, which does
    support such empty arrays.  Its call is also shorter and safer by
    inferring the element type automatically.
    
    Coccinelle and contrib/coccinelle/array.cocci did not propose to use
    COPY_ARRAY because of the pointer subtraction and because the source is
    const -- the semantic patch cautiously only considers pointers and array
    references of the same type.
    Signed-off-by: default avatarRené Scharfe <l.s.r@web.de>
    Signed-off-by: default avatarJunio C Hamano <gitster@pobox.com>
    169bed74
parse-options-cb.c 6.52 KB