From: Ben Kallus <49924171+kenballus@users.noreply.github.com>
Date: Mon, 18 Dec 2023 18:43:03 +0000 (+0000)
Subject: Bug 5119: Null pointer dereference in makeMemNodeDataOffset() (#1623)
X-Git-Tag: SQUID_7_0_1~249
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=abcbf879fc8970d0a9a929fe43667362b5f4be6d;p=thirdparty%2Fsquid.git

Bug 5119: Null pointer dereference in makeMemNodeDataOffset() (#1623)

    UndefinedBehaviorSanitizer: undefined-behavior mem_node.cc:27:26 in
    runtime error: member access within null pointer of type 'mem_node'

Since only the address of the data member is computed, a compiler is
likely to perform pointer arithmetic rather than dereference a nullptr,
but it is best to replace this UB with a safe and clearer alternative.
---

diff --git a/src/mem_node.cc b/src/mem_node.cc
index 0b75ed2dde..a8a6f11fda 100644
--- a/src/mem_node.cc
+++ b/src/mem_node.cc
@@ -12,6 +12,9 @@
 #include "mem/Pool.h"
 #include "mem_node.h"
 
+#include <cstddef>
+#include <type_traits>
+
 static ptrdiff_t makeMemNodeDataOffset();
 
 static ptrdiff_t _mem_node_data_offset = makeMemNodeDataOffset();
@@ -23,8 +26,8 @@ static ptrdiff_t _mem_node_data_offset = makeMemNodeDataOffset();
 static ptrdiff_t
 makeMemNodeDataOffset()
 {
-    mem_node *p = nullptr;
-    return ptrdiff_t(&p->data);
+    static_assert(std::is_standard_layout<mem_node>::value, "offsetof(mem_node) is unconditionally supported");
+    return ptrdiff_t(offsetof(mem_node, data));
 }
 
 /*