From 572b55baa42787447643169811784bc64024fb5e Mon Sep 17 00:00:00 2001
From: Marc Mutz <marc.mutz@qt.io>
Date: Thu, 16 Dec 2021 09:31:39 +0100
Subject: tst_QIODevice: fix UB (precondition violation) in
 SequentialReadBuffer::readData()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

memcpy() mustn't be called with a nullptr, even if the size is zero.

Fixes ubsan error:

   tst_qiodevice.cpp:561:15: runtime error: null pointer passed as argument 1, which is declared to never be null

Even though ubsan only complained about one of them, fix all three
occurrences of the pattern in the test.

Pick-to: 6.3 6.2 5.15
Change-Id: I5c06ab4a20a9e9f8831392c46c6969c05248fdac
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
---
 tests/auto/corelib/io/qiodevice/tst_qiodevice.cpp | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'tests/auto/corelib/io/qiodevice')

diff --git a/tests/auto/corelib/io/qiodevice/tst_qiodevice.cpp b/tests/auto/corelib/io/qiodevice/tst_qiodevice.cpp
index 88e41092a6..87e46bff09 100644
--- a/tests/auto/corelib/io/qiodevice/tst_qiodevice.cpp
+++ b/tests/auto/corelib/io/qiodevice/tst_qiodevice.cpp
@@ -558,7 +558,8 @@ protected:
     qint64 readData(char *data, qint64 maxSize) override
     {
         maxSize = qMin(maxSize, qint64(buf->size() - offset));
-        memcpy(data, buf->constData() + offset, maxSize);
+        if (maxSize > 0)
+            memcpy(data, buf->constData() + offset, maxSize);
         offset += maxSize;
         return maxSize;
     }
@@ -601,13 +602,15 @@ protected:
     qint64 readData(char *data, qint64 maxSize) override
     {
         maxSize = qMin(maxSize, qint64(buf.size() - pos()));
-        memcpy(data, buf.constData() + pos(), maxSize);
+        if (maxSize > 0)
+            memcpy(data, buf.constData() + pos(), maxSize);
         return maxSize;
     }
     qint64 writeData(const char *data, qint64 maxSize) override
     {
         maxSize = qMin(maxSize, qint64(buf.size() - pos()));
-        memcpy(buf.data() + pos(), data, maxSize);
+        if (maxSize > 0)
+            memcpy(buf.data() + pos(), data, maxSize);
         return maxSize;
     }
 
-- 
cgit v1.2.3