From 45cb2b149c7c862b34b8433ad0716edaedef2b78 Mon Sep 17 00:00:00 2001
From: Matt Morehouse <mattmorehouse@gmail.com>
Date: Wed, 12 Apr 2023 12:08:36 -0500
Subject: [PATCH] db: avoid calling memcpy on NULL

It is possible for db_column_bytes() to return 0 and for
db_column_blob() to return NULL even when db_column_is_null() returns
false. We need to short circuit in this case.

Detected by UBSan:

  db/bindings.c:479:12: runtime error: null pointer passed as argument 2, which is declared to never be null
  /usr/include/string.h:44:28: note: nonnull attribute specified here

  #0 0x95f117 in db_col_arr_ db/bindings.c:479:2
  #1 0x95ef85 in db_col_channel_type db/bindings.c:459:32
  #2 0x852c03 in wallet_stmt2channel wallet/wallet.c:1483:9
  #3 0x81f396 in wallet_channels_load_active wallet/wallet.c:1749:23
  #4 0x81f03d in wallet_init_channels wallet/wallet.c:1765:9
  #5 0x72f1f9 in load_channels_from_wallet lightningd/peer_control.c:2257:7
  #6 0x672856 in main lightningd/lightningd.c:1121:25
---
 db/bindings.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/db/bindings.c b/db/bindings.c
index 7ca864b45b7b..ac2fc4fa211a 100644
--- a/db/bindings.c
+++ b/db/bindings.c
@@ -490,7 +490,8 @@ void *db_col_arr_(const tal_t *ctx, struct db_stmt *stmt, const char *colname,
 			 caller, colname, col, sourcelen, label, bytes);
 
 	p = tal_arr_label(ctx, char, sourcelen, label);
-	memcpy(p, db_column_blob(stmt, col), sourcelen);
+	if (sourcelen != 0)
+		memcpy(p, db_column_blob(stmt, col), sourcelen);
 	return p;
 }