From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Mon, 9 Nov 2020 23:30:06 +0000 (+0200)
Subject: lib-fts: Avoid NULL pointer arithmetic
X-Git-Tag: 2.3.14.rc1~364
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1a96ec2fae6372223f226685ba9c4819628ba7be;p=thirdparty%2Fdovecot%2Fcore.git

lib-fts: Avoid NULL pointer arithmetic

Even though it was only doing +0. Fixes:
runtime error: applying zero offset to null pointer
---

diff --git a/src/lib-fts/fts-tokenizer-generic.c b/src/lib-fts/fts-tokenizer-generic.c
index 4284f37aba..844503c377 100644
--- a/src/lib-fts/fts-tokenizer-generic.c
+++ b/src/lib-fts/fts-tokenizer-generic.c
@@ -297,7 +297,8 @@ fts_tokenizer_generic_simple_next(struct fts_tokenizer *_tok,
 		}
 	}
 	/* word boundary not found yet */
-	tok_append_truncated(tok, data + start, i - start);
+	if (i > start)
+		tok_append_truncated(tok, data + start, i - start);
 	*skip_r = i;
 
 	/* return the last token */
@@ -757,7 +758,8 @@ fts_tokenizer_generic_tr29_next(struct fts_tokenizer *_tok,
 		}
 	}
 	i_assert(i >= start_pos && size >= start_pos);
-	tok_append_truncated(tok, data + start_pos, i - start_pos);
+	if (i > start_pos)
+		tok_append_truncated(tok, data + start_pos, i - start_pos);
 	*skip_r = i;
 
 	if (size == 0 && tok->token->used > 0) {
diff --git a/src/lib-fts/fts-tokenizer.c b/src/lib-fts/fts-tokenizer.c
index 8e9baa9f2c..989b521339 100644
--- a/src/lib-fts/fts-tokenizer.c
+++ b/src/lib-fts/fts-tokenizer.c
@@ -144,7 +144,15 @@ fts_tokenizer_next_self(struct fts_tokenizer *tok,
 	} else {
 		/* continuing previous data */
 		i_assert(tok->prev_skip <= size);
-		ret = tok->v->next(tok, data + tok->prev_skip,
+
+		const unsigned char *data_next;
+		if (data != NULL)
+			data_next = data + tok->prev_skip;
+		else {
+			i_assert(tok->prev_skip == 0 && size == 0);
+			data_next = NULL;
+		}
+		ret = tok->v->next(tok, data_next,
 				   size - tok->prev_skip, &skip,
 				   token_r, error_r);
 	}