From 6245dcd57d3cb78aa1d9fdbf53832716478396ca Mon Sep 17 00:00:00 2001 From: Ferdinand Bachmann Date: Tue, 27 Aug 2024 17:59:14 +0200 Subject: [PATCH] RVZ: Fix undefined behaviour when copying 0 bytes to a null pointer A vector of length 0 can have a null data pointer, which causes UB when passed to memcpy, so only copy when we actually have data to copy. This caused crashes in certain cases when compiling Dolphin with Clang and LTO enabled. --- Source/Core/DiscIO/WIABlob.cpp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/Source/Core/DiscIO/WIABlob.cpp b/Source/Core/DiscIO/WIABlob.cpp index 92bab36d81..10c4f261ed 100644 --- a/Source/Core/DiscIO/WIABlob.cpp +++ b/Source/Core/DiscIO/WIABlob.cpp @@ -765,7 +765,14 @@ bool WIARVZFileReader::Chunk::Decompress() const size_t bytes_to_move = m_out.bytes_written - m_out_bytes_used_for_exceptions; DecompressionBuffer in{std::vector(bytes_to_move), bytes_to_move}; - std::memcpy(in.data.data(), m_out.data.data() + m_out_bytes_used_for_exceptions, bytes_to_move); + + // Copying to a null pointer is undefined behaviour, so only copy when we + // actually have data to copy. + if (bytes_to_move > 0) + { + std::memcpy(in.data.data(), m_out.data.data() + m_out_bytes_used_for_exceptions, + bytes_to_move); + } m_out.bytes_written = m_out_bytes_used_for_exceptions;