diff options
author | Lode Vandevenne <lvandeve@users.noreply.github.com> | 2022-06-18 17:39:52 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-06-18 17:39:52 +0300 |
commit | 884b57e4dd5e23b9de4fd0e6dc05322768e0d0b6 (patch) | |
tree | f545cfd9669e9a4be48c8a7fc41652d8478d1723 | |
parent | 71064f28b6ac8283a3fc529aa5b67f6c027293f7 (diff) | |
parent | 56d7b4fa2b1b6fb1c15ab053a18b912a6749892e (diff) |
Merge pull request #167 from hpjansson/fix-null-ptr-arith
Fix undefined behavior found by UBSan fuzzing
-rw-r--r-- | lodepng.cpp | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lodepng.cpp b/lodepng.cpp index 466bcc5..056a100 100644 --- a/lodepng.cpp +++ b/lodepng.cpp @@ -1367,8 +1367,11 @@ static unsigned inflateNoCompression(ucvector* out, LodePNGBitReader* reader, /*read the literal data: LEN bytes are now stored in the out buffer*/ if(bytepos + LEN > size) return 23; /*error: reading outside of in buffer*/ - lodepng_memcpy(out->data + out->size - LEN, reader->data + bytepos, LEN); - bytepos += LEN; + /*out->data can be NULL (when LEN is zero), and arithmetics on NULL ptr is undefined. so we check*/ + if (out->data) { + lodepng_memcpy(out->data + out->size - LEN, reader->data + bytepos, LEN); + bytepos += LEN; + } reader->bp = bytepos << 3u; |