On Tue, May 4, 2021 at 7:23 PM Andrzej Hunt <andrzej@xxxxxxxxx> wrote: > If src->offset_len is 0 then offsets will be NULL - and passing NULL > into memcpy() results in undefined behaviour. I think we should either > add an "if (src->offset_len)" check around the memcpy, or perhaps switch > to COPY_ARRAY() which performs that check for us. (We can probably also > skip the malloc and hence also olen calculation in this scenario though, > because obj->offsets should already be NULL if src->offsets was NULL?) Thanks for the detailed report. I've fixed this for the next round. -- Han-Wen Nienhuys - Google Munich I work 80%. Don't expect answers from me on Fridays. -- Google Germany GmbH, Erika-Mann-Strasse 33, 80636 Munich Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
