From: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: Wed, 8 Jan 2025 11:31:46 +0000 (+0900)
Subject: hw/xen: Check if len is 0 before memcpy()
X-Git-Tag: v10.0.0-rc0~95^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b6014c5089a313ac84fe74970eee56e3fc87b49b;p=thirdparty%2Fqemu.git

hw/xen: Check if len is 0 before memcpy()

data->data can be NULL when len is 0. Strictly speaking, the behavior
of memcpy() in such a scenario is undefined so UBSan complaints.

Satisfy UBSan by checking if len is 0 before memcpy().

Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
---

diff --git a/hw/i386/kvm/xen_xenstore.c b/hw/i386/kvm/xen_xenstore.c
index 59691056670..17802aa33d2 100644
--- a/hw/i386/kvm/xen_xenstore.c
+++ b/hw/i386/kvm/xen_xenstore.c
@@ -532,6 +532,10 @@ static void xs_read(XenXenstoreState *s, unsigned int req_id,
         return;
     }
 
+    if (!len) {
+        return;
+    }
+
     memcpy(&rsp_data[rsp->len], data->data, len);
     rsp->len += len;
 }