Fix a bug in buf_move_all() when the input buffer is empty.

We found this in #40076, after we started using buf_move_all() in
more places.  Fixes bug #40076; bugfix on 0.3.3.1-alpha.  As far as
I know, the crash only affects master, but I think this warrants a
backport, "just in case".

diff --git a/changes/bug40076 b/changes/bug40076
new file mode 100644 (file)
index 0000000..9ef5969
--- /dev/null
+++ b/changes/bug40076
@@ -0,0 +1,5 @@
+  o Minor bugfixes (correctness, buffers):
+    - Fix a correctness bug that could cause an assertion failure if we ever
+      tried using the buf_move_all() function with an empty input.
+      As far as we know, no released versions of Tor do this.
+      Fixes bug 40076; bugfix on 0.3.3.1-alpha.

diff --git a/src/lib/container/buffers.c b/src/lib/container/buffers.c
index 67887f2f30616c0ff383ab50fab9870014a7271d..fe4cf7c38596f9eda130b1b23e21f901b9e2f3fd 100644 (file)
--- a/src/lib/container/buffers.c
+++ b/src/lib/container/buffers.c
@@ -689,6 +689,8 @@ buf_move_all(buf_t *buf_out, buf_t *buf_in)
   tor_assert(buf_out);
   if (!buf_in)
     return;
+  if (buf_datalen(buf_in) == 0)
+    return;
   if (BUG(buf_out->datalen >= INT_MAX || buf_in->datalen >= INT_MAX))
     return;
   if (BUG(buf_out->datalen >= INT_MAX - buf_in->datalen))

diff --git a/src/test/test_buffers.c b/src/test/test_buffers.c
index 67a49a5017d4c13e4f1e9d52dfd4c5df3c7fbaf5..3e7364a5c8f402f3e107b596e8a5cfd119d362f2 100644 (file)
--- a/src/test/test_buffers.c
+++ b/src/test/test_buffers.c
@@ -310,7 +310,6 @@ test_buffers_move_all(void *arg)
   buf_t *output = buf_new();
   char *s = NULL;
 
-#if 0
   /* Move from empty buffer to nonempty buffer. (This is a regression test for
    * #40076) */
   buf_add(output, "abc", 3);
@@ -329,7 +328,6 @@ test_buffers_move_all(void *arg)
   /* Move from empty to empty. */
   output = buf_new();
   input = buf_new();
-#endif
   buf_move_all(output, input);
   buf_assert_ok(input);
   buf_assert_ok(output);