From 557bdf9afbf02abdfbb9fa9a39c6357917347c66 Mon Sep 17 00:00:00 2001 From: Alami-Amine Date: Sun, 15 Sep 2024 19:52:43 +0200 Subject: [PATCH] Fix null pointer passed to non-null argument in CHIPMemString.h Error Message: CHIPMemString.h:88:22: runtime error: null pointer passed as argument 2, which is declared to never be null when PI= is in mDNS TXT record (its value is empty) , and Dnssd::Internal::GetPairingInstruction calls CopyString, source is an empty bytespan and source.data() will return a null pointer, that will be passed to memcpy Fix: avoid memcpy in that case. --- src/lib/support/CHIPMemString.h | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/src/lib/support/CHIPMemString.h b/src/lib/support/CHIPMemString.h index 51341192a76250..3b74acdbcaf195 100644 --- a/src/lib/support/CHIPMemString.h +++ b/src/lib/support/CHIPMemString.h @@ -82,12 +82,20 @@ inline void CopyString(char (&dest)[N], const char * source) */ inline void CopyString(char * dest, size_t destLength, ByteSpan source) { - if (dest && destLength) + if ((dest == nullptr) || (destLength == 0)) { - size_t maxChars = std::min(destLength - 1, source.size()); - memcpy(dest, source.data(), maxChars); - dest[maxChars] = '\0'; + return; // no space to copy anything, not even a null terminator } + + if (source.empty()) + { + *dest = '\0'; // just a null terminator, we are copying empty data + return; + } + + size_t maxChars = std::min(destLength - 1, source.size()); + memcpy(dest, source.data(), maxChars); + dest[maxChars] = '\0'; } /**