From: Petr Menšík <pemensik@redhat.com>
Date: Wed, 19 Jan 2022 16:05:00 +0000 (+0100)
Subject: Additional safety check for negative array index
X-Git-Tag: v9.19.1~30^2
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=656a0f076f7f49d166b414d7cf5972d2919877d5;p=thirdparty%2Fbind9.git

Additional safety check for negative array index

inet_ntop result should always protect against empty string accepted
without an error. Make additional check to satisfy coverity scans.
---

diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
index 1665f87d938..76e25955f7a 100644
--- a/lib/dns/rdata.c
+++ b/lib/dns/rdata.c
@@ -1937,9 +1937,9 @@ inet_totext(int af, uint32_t flags, isc_region_t *src, isc_buffer_t *target) {
 	 * parsing, so append 0 in that case.
 	 */
 	if (af == AF_INET6 && (flags & DNS_STYLEFLAG_YAML) != 0) {
-		isc_textregion_t tr;
-		isc_buffer_usedregion(target, (isc_region_t *)&tr);
-		if (tr.base[tr.length - 1] == ':') {
+		isc_region_t r;
+		isc_buffer_usedregion(target, &r);
+		if (r.length > 0 && r.base[r.length - 1] == ':') {
 			if (isc_buffer_availablelength(target) == 0) {
 				return (ISC_R_NOSPACE);
 			}