From 4e4949b4dc229a3033407100916a474b6d3fd291 Mon Sep 17 00:00:00 2001 From: wm4 Date: Sun, 9 Jun 2019 19:04:46 +0200 Subject: [PATCH] audio_buffer: fix some more theoretical UB This may call memmove() with size==0 and a NULL data pointer. In addition to this being UB with memmove(), I think it's UB to do arithmetic on a NULL pointer too. Of course, this doesn't matter in practice at all, and is just stupidity to torture programmers. --- audio/audio_buffer.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/audio/audio_buffer.c b/audio/audio_buffer.c index b54f1f41b8..a5591e1fe8 100644 --- a/audio/audio_buffer.c +++ b/audio/audio_buffer.c @@ -87,6 +87,9 @@ static void copy_planes(struct mp_audio_buffer *ab, uint8_t **dst, int dst_offset, uint8_t **src, int src_offset, int length) { + if (!length) + return; + for (int n = 0; n < ab->num_planes; n++) { memmove((char *)dst[n] + dst_offset * ab->sstride, (char *)src[n] + src_offset * ab->sstride,