Additional safety check for negative array index

inet_ntop result should always protect against empty string accepted
without an error. Make additional check to satisfy coverity scans.

(cherry picked from commit 656a0f076f7f49d166b414d7cf5972d2919877d5)

diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
index 2c94d11765ca12bf38c5d43cc26c4f365ff81d2a..b44894adbea0dee9a428d3759214d6b224a85498 100644 (file)
--- a/lib/dns/rdata.c
+++ b/lib/dns/rdata.c
@@ -1890,9 +1890,9 @@ inet_totext(int af, uint32_t flags, isc_region_t *src, isc_buffer_t *target) {
         * parsing, so append 0 in that case.
         */
        if (af == AF_INET6 && (flags & DNS_STYLEFLAG_YAML) != 0) {
-               isc_textregion_t tr;
-               isc_buffer_usedregion(target, (isc_region_t *)&tr);
-               if (tr.base[tr.length - 1] == ':') {
+               isc_region_t r;
+               isc_buffer_usedregion(target, &r);
+               if (r.length > 0 && r.base[r.length - 1] == ':') {
                        if (isc_buffer_availablelength(target) == 0) {
                                return (ISC_R_NOSPACE);
                        }