From: Theodore Ts'o <tytso@mit.edu>
Date: Mon, 4 Nov 2019 23:43:49 +0000 (-0500)
Subject: libext2fs: fix UBSan when updating an inline_data file
X-Git-Tag: v1.45.5~48
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=41c05c9dc26a87bf0ffea64976be1a34dd542056;p=thirdparty%2Fe2fsprogs.git

libext2fs: fix UBSan when updating an inline_data file

What memcpy does when the length is zero is not well-defined.  So
avoid it.

Bug: https://github.com/tytso/e2fsprogs/issues/25
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---

diff --git a/lib/ext2fs/ext_attr.c b/lib/ext2fs/ext_attr.c
index 78a823a90..affc1a8fc 100644
--- a/lib/ext2fs/ext_attr.c
+++ b/lib/ext2fs/ext_attr.c
@@ -1550,14 +1550,15 @@ errcode_t ext2fs_xattr_set(struct ext2_xattr_handle *h,
 						       new_value, &value_len);
 		if (ret)
 			goto out;
-	} else
+	} else if (value_len)
 		memcpy(new_value, value, value_len);
 
 	/* Imitate kernel behavior by skipping update if value is the same. */
 	for (x = h->attrs; x < h->attrs + h->count; x++) {
 		if (!strcmp(x->name, name)) {
 			if (!x->ea_ino && x->value_len == value_len &&
-			    !memcmp(x->value, new_value, value_len)) {
+			    (!value_len ||
+			     !memcmp(x->value, new_value, value_len))) {
 				ret = 0;
 				goto out;
 			}