Additional safety check for negative array index

inet_ntop result should always protect against empty string accepted
without an error. Make additional check to satisfy coverity scans.

diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
index 1665f87d9388302d10799f013fc962d82c8fe6e1..76e25955f7a63ec53b9045fb9034e5ff73171188 100644 (file)
--- a/lib/dns/rdata.c
+++ b/lib/dns/rdata.c
@@ -1937,9 +1937,9 @@ inet_totext(int af, uint32_t flags, isc_region_t *src, isc_buffer_t *target) {
         * parsing, so append 0 in that case.
         */
        if (af == AF_INET6 && (flags & DNS_STYLEFLAG_YAML) != 0) {
-               isc_textregion_t tr;
-               isc_buffer_usedregion(target, (isc_region_t *)&tr);
-               if (tr.base[tr.length - 1] == ':') {
+               isc_region_t r;
+               isc_buffer_usedregion(target, &r);
+               if (r.length > 0 && r.base[r.length - 1] == ':') {
                        if (isc_buffer_availablelength(target) == 0) {
                                return (ISC_R_NOSPACE);
                        }