Fix several UBsan issues with memcpy
Most of the changes are trivial.
Bug: webrtc:14432
Change-Id: I0444527bf57c72c8d65f69754b4a4a1c1d7b2e92
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/275340
Reviewed-by: Erik Språng <sprang@webrtc.org>
Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org>
Reviewed-by: Victor Boivie <boivie@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#38074}
diff --git a/modules/rtp_rtcp/source/rtcp_packet/app.cc b/modules/rtp_rtcp/source/rtcp_packet/app.cc
index c839b72..d5734c6 100644
--- a/modules/rtp_rtcp/source/rtcp_packet/app.cc
+++ b/modules/rtp_rtcp/source/rtcp_packet/app.cc
@@ -91,7 +91,9 @@
ByteWriter<uint32_t>::WriteBigEndian(&packet[*index + 0], sender_ssrc());
ByteWriter<uint32_t>::WriteBigEndian(&packet[*index + 4], name_);
- memcpy(&packet[*index + 8], data_.data(), data_.size());
+ if (!data_.empty()) {
+ memcpy(&packet[*index + 8], data_.data(), data_.size());
+ }
*index += (8 + data_.size());
RTC_DCHECK_EQ(index_end, *index);
return true;
diff --git a/modules/rtp_rtcp/source/rtp_packet.cc b/modules/rtp_rtcp/source/rtp_packet.cc
index 1616024..e26cec5 100644
--- a/modules/rtp_rtcp/source/rtp_packet.cc
+++ b/modules/rtp_rtcp/source/rtp_packet.cc
@@ -672,8 +672,12 @@
}
// Copy payload data to new packet.
- memcpy(new_packet.AllocatePayload(payload_size()), payload().data(),
- payload_size());
+ if (payload_size() > 0) {
+ memcpy(new_packet.AllocatePayload(payload_size()), payload().data(),
+ payload_size());
+ } else {
+ new_packet.SetPayloadSize(0);
+ }
// Allocate padding -- must be last!
new_packet.SetPadding(padding_size());
diff --git a/modules/rtp_rtcp/source/rtp_packetizer_av1.cc b/modules/rtp_rtcp/source/rtp_packetizer_av1.cc
index 9cca983..c866c60 100644
--- a/modules/rtp_rtcp/source/rtp_packetizer_av1.cc
+++ b/modules/rtp_rtcp/source/rtp_packetizer_av1.cc
@@ -383,7 +383,9 @@
int payload_offset =
std::max(0, obu_offset - (ObuHasExtension(obu.header) ? 2 : 1));
size_t payload_size = obu.payload.size() - payload_offset;
- memcpy(write_at, obu.payload.data() + payload_offset, payload_size);
+ if (!obu.payload.empty() && payload_size > 0) {
+ memcpy(write_at, obu.payload.data() + payload_offset, payload_size);
+ }
write_at += payload_size;
// All obus are stored from the beginning, except, may be, the first one.
obu_offset = 0;
diff --git a/modules/rtp_rtcp/source/rtp_sender.cc b/modules/rtp_rtcp/source/rtp_sender.cc
index adf7384..f1f7544 100644
--- a/modules/rtp_rtcp/source/rtp_sender.cc
+++ b/modules/rtp_rtcp/source/rtp_sender.cc
@@ -694,7 +694,9 @@
// Add original payload data.
auto payload = packet.payload();
- memcpy(rtx_payload + kRtxHeaderSize, payload.data(), payload.size());
+ if (!payload.empty()) {
+ memcpy(rtx_payload + kRtxHeaderSize, payload.data(), payload.size());
+ }
// Add original additional data.
rtx_packet->set_additional_data(packet.additional_data());
diff --git a/net/dcsctp/packet/bounded_byte_writer.h b/net/dcsctp/packet/bounded_byte_writer.h
index 467f268..d754549 100644
--- a/net/dcsctp/packet/bounded_byte_writer.h
+++ b/net/dcsctp/packet/bounded_byte_writer.h
@@ -88,8 +88,11 @@
}
void CopyToVariableData(rtc::ArrayView<const uint8_t> source) {
- memcpy(data_.data() + FixedSize, source.data(),
- std::min(source.size(), data_.size() - FixedSize));
+ size_t copy_size = std::min(source.size(), data_.size() - FixedSize);
+ if (source.data() == nullptr || copy_size == 0) {
+ return;
+ }
+ memcpy(data_.data() + FixedSize, source.data(), copy_size);
}
private:
diff --git a/rtc_base/memory_stream.cc b/rtc_base/memory_stream.cc
index 94d31ad..cbd78ac 100644
--- a/rtc_base/memory_stream.cc
+++ b/rtc_base/memory_stream.cc
@@ -128,7 +128,9 @@
return SR_SUCCESS;
if (char* new_buffer = new char[size]) {
- memcpy(new_buffer, buffer_, data_length_);
+ if (buffer_ != nullptr && data_length_ > 0) {
+ memcpy(new_buffer, buffer_, data_length_);
+ }
delete[] buffer_;
buffer_ = new_buffer;
buffer_length_ = size;
