Skip to content

Commit

Permalink
db: avoid calling memcpy on NULL
Browse files Browse the repository at this point in the history
It is possible for db_column_bytes() to return 0 and for
db_column_blob() to return NULL even when db_column_is_null() returns
false. We need to short circuit in this case.

Detected by UBSan:

  db/bindings.c:479:12: runtime error: null pointer passed as argument 2, which is declared to never be null
  /usr/include/string.h:44:28: note: nonnull attribute specified here

  #0 0x95f117 in db_col_arr_ db/bindings.c:479:2
  #1 0x95ef85 in db_col_channel_type db/bindings.c:459:32
  #2 0x852c03 in wallet_stmt2channel wallet/wallet.c:1483:9
  #3 0x81f396 in wallet_channels_load_active wallet/wallet.c:1749:23
  #4 0x81f03d in wallet_init_channels wallet/wallet.c:1765:9
  ElementsProject#5 0x72f1f9 in load_channels_from_wallet lightningd/peer_control.c:2257:7
  ElementsProject#6 0x672856 in main lightningd/lightningd.c:1121:25
  • Loading branch information
morehouse authored and cdecker committed Jun 5, 2023
1 parent a5afb4f commit 45cb2b1
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion db/bindings.c
Original file line number Diff line number Diff line change
Expand Up @@ -490,7 +490,8 @@ void *db_col_arr_(const tal_t *ctx, struct db_stmt *stmt, const char *colname,
caller, colname, col, sourcelen, label, bytes);

p = tal_arr_label(ctx, char, sourcelen, label);
memcpy(p, db_column_blob(stmt, col), sourcelen);
if (sourcelen != 0)
memcpy(p, db_column_blob(stmt, col), sourcelen);
return p;
}

Expand Down

0 comments on commit 45cb2b1

Please sign in to comment.