diff options
author | John MacFarlane <jgm@berkeley.edu> | 2020-05-13 17:07:29 -0700 |
---|---|---|
committer | John MacFarlane <jgm@berkeley.edu> | 2020-05-13 17:07:29 -0700 |
commit | 53abb8e3ab21a31ca7b4921207bd97bb42355c80 (patch) | |
tree | 4100fe6e4e0b1aa943e7e947457e590eb5940430 | |
parent | 3bfdadcb66aa969bee2eefe6da5df5028b55849d (diff) |
Don't call memcpy with NULL as 1st parameter.
This is illegal according to the C standard, sec. 7.1.4.
"If an argument to a function has an invalid value (such as a value
outside the domain of the function, or a pointer outside the address
space of the program, or a null pointer, or a pointer to non-modifiable
storage when the corresponding parameter is not const-qualified) or a
type (after promotion) not expected by a function with variable number
of arguments, the behavior is undefined."
7.24.1(2): "Where an argument declared as size_t n specifies the length
of the array for a function, n can have the value zero […] pointer
arguments on such a call shall still have valid values, as described in
7.1.4."
See https://www.imperialviolet.org/2016/06/26/nonnull.html
-rw-r--r-- | src/inlines.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/inlines.c b/src/inlines.c index 13dd466..5b2edc6 100644 --- a/src/inlines.c +++ b/src/inlines.c @@ -99,9 +99,10 @@ static CMARK_INLINE cmark_node *make_simple(cmark_mem *mem, cmark_node_type t) { static cmark_node *make_str(subject *subj, int sc, int ec, cmark_chunk s) { cmark_node *e = make_literal(subj, CMARK_NODE_TEXT, sc, ec); - // NOLINTNEXTLINE(clang-analyzer-core.NonNullParamChecker) e->data = (unsigned char *)subj->mem->realloc(NULL, s.len + 1); - memcpy(e->data, s.data, s.len); + if (s.data != NULL) { + memcpy(e->data, s.data, s.len); + } e->data[s.len] = 0; e->len = s.len; return e; |