Avoid passing NULL pointers to memcmp() or memcpy(), even when the

"number-of-bytes" argument is passed 0.

FossilOrigin-Name: 56ff72ab44288296efc99a608f7edc4346366a50

ext/session/sqlite3session.c

@@ -374,9 +374,7 @@ static int sessionSerializeValue(
   
         if( aBuf ){
           sessionVarintPut(&aBuf[1], n);
-          memcpy(&aBuf[nVarint + 1], eType==SQLITE_TEXT ? 
+          if( n ) memcpy(&aBuf[nVarint + 1], z, n);
-              sqlite3_value_text(pValue) : sqlite3_value_blob(pValue), n
-          );
         }
   
         nByte = 1 + nVarint + n;
@@ -1792,7 +1790,7 @@ static void sessionAppendBlob(
   int nBlob, 
   int *pRc
 ){
-  if( 0==sessionBufferGrow(p, nBlob, pRc) ){
+  if( nBlob>0 && 0==sessionBufferGrow(p, nBlob, pRc) ){
     memcpy(&p->aBuf[p->nBuf], aBlob, nBlob);
     p->nBuf += nBlob;
   }
@@ -1978,13 +1976,13 @@ static int sessionAppendUpdate(
       }
 
       default: {
-        int nByte;
+        int n;
-        int nHdr = 1 + sessionVarintGet(&pCsr[1], &nByte);
+        int nHdr = 1 + sessionVarintGet(&pCsr[1], &n);
         assert( eType==SQLITE_TEXT || eType==SQLITE_BLOB );
-        nAdvance = nHdr + nByte;
+        nAdvance = nHdr + n;
         if( eType==sqlite3_column_type(pStmt, i) 
-         && nByte==sqlite3_column_bytes(pStmt, i) 
+         && n==sqlite3_column_bytes(pStmt, i) 
-         && 0==memcmp(&pCsr[nHdr], sqlite3_column_blob(pStmt, i), nByte)
+         && (n==0 || 0==memcmp(&pCsr[nHdr], sqlite3_column_blob(pStmt, i), n))
         ){
           break;
         }

manifest

@@ -1,5 +1,5 @@
-C Fix\sa\sharmless\scompiler\swarning\sin\sfuzzcheck.c
+C Avoid\spassing\sNULL\spointers\sto\smemcmp()\sor\smemcpy(),\seven\swhen\sthe\n"number-of-bytes"\sargument\sis\spassed\s0.
-D 2016-12-30T12:10:48.960
+D 2016-12-30T14:15:56.745
 F Makefile.in 41bd4cad981487345c4a84081074bcdb876e4b2e
 F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
 F Makefile.msc b8ca53350ae545e3562403d5da2a69cec79308da
@@ -303,7 +303,7 @@ F ext/session/sessionG.test 01ef705096a9d3984eebdcca79807a211dee1b60
 F ext/session/session_common.tcl 9b696a341cf1d3744823715ed92bb19749b6c3d4
 F ext/session/sessionfault.test da273f2712b6411e85e71465a1733b8501dbf6f7
 F ext/session/sessionfault2.test 04aa0bc9aa70ea43d8de82c4f648db4de1e990b0
-F ext/session/sqlite3session.c 37485891b4add26cf61495df193c419f36556a32
+F ext/session/sqlite3session.c c61a43396368ec00dc127f7bc647e9bd6a4ee5fb
 F ext/session/sqlite3session.h 9345166bd8f80562145586cf817f707de5ecada2
 F ext/session/test_session.c eb0bd6c1ea791c1d66ee4ef94c16500dad936386
 F ext/userauth/sqlite3userauth.h 19cb6f0e31316d0ee4afdfb7a85ef9da3333a220
@@ -325,7 +325,7 @@ F sqlite.pc.in 42b7bf0d02e08b9e77734a47798d1a55a9e0716b
 F sqlite3.1 fc7ad8990fc8409983309bb80de8c811a7506786
 F sqlite3.pc.in 48fed132e7cb71ab676105d2a4dc77127d8c1f3a
 F src/alter.c 3b23977620ce9662ac54443f65b87ba996e36121
-F src/analyze.c 8b62b2cf4da85451534ac0af82cafc418d837f68
+F src/analyze.c 3c4a63ff7a55faefecf6eb1589932fdbc06b2415
 F src/attach.c f6725410c184a80d8141b294fdf98a854c8a52b5
 F src/auth.c 930b376a9c56998557367e6f7f8aaeac82a2a792
 F src/backup.c faf17e60b43233c214aae6a8179d24503a61e83b
@@ -344,7 +344,7 @@ F src/delete.c c8bc10d145c9666a34ae906250326fdaa8d58fa5
 F src/expr.c a90e37bc542abe33890cafccacbf8a7db9cb5401
 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007
 F src/fkey.c 2e9aabe1aee76273aff8a84ee92c464e095400ae
-F src/func.c 43916c1d8e6da5d107d91d2b212577d4f69a876a
+F src/func.c e0190fd64810a66889bd52c8950f6b5ab3e67356
 F src/global.c dcdb89f30b7aa531c5660030af106bc5bc48ef2e
 F src/hash.c 63d0ee752a3b92d4695b2b1f5259c4621b2cfebd
 F src/hash.h ab34c5c54a9e9de2e790b24349ba5aab3dbb4fd4
@@ -353,7 +353,7 @@ F src/in-operator.md 10cd8f4bcd225a32518407c2fb2484089112fd71
 F src/insert.c 91ba5d0143e66479081536ebbaff1850ec9f57d9
 F src/legacy.c 75d3023be8f0d2b99d60f905090341a03358c58e
 F src/loadext.c 5d6642d141c07d366e43d359e94ec9de47add41d
-F src/main.c f2d0e34457ba8c5cce6d78a32cacab388d33e967
+F src/main.c e207b81542d13b9f13d61e78ca441f9781f055b0
 F src/malloc.c f3fad34cd570022abca558c573f1761fb09a8212
 F src/mem0.c 6a55ebe57c46ca1a7d98da93aaa07f99f1059645
 F src/mem1.c 6919bcf12f221868ea066eec27e579fed95ce98b
@@ -384,7 +384,7 @@ F src/pcache1.c e3967219b2a92b9edcb9324a4ba75009090d3953
 F src/pragma.c 5a23557e490e7ac5afef097efc4b59dce5b482c2
 F src/pragma.h f9b221b2c8949ea941dbee49934299e4ed5af41c
 F src/prepare.c b1140c3d0cf59bc85ace00ce363153041b424b7a
-F src/printf.c f94da4935d1dd25420ac50c6745db1deb35e07c1
+F src/printf.c 0c8579432f47948d9be5077eb590e8c4a01be667
 F src/random.c 80f5d666f23feb3e6665a6ce04c7197212a88384
 F src/resolve.c bb070cf5f23611c44ab7e4788803684e385fc3fb
 F src/rowset.c 7b7e7e479212e65b723bf40128c7b36dc5afdfac
@@ -1540,7 +1540,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 3e25ba6e42fba239795a465b8510386a361ee5be
+P 2842bc60538369f888c7df8365858c910322277d
-R cb43d33d19adf32bebd1dfaa0e0b456a
+R 2f360df0a4ed7700031588f42df25e4f
-U drh
+U dan
-Z 067d360edde333b631fbf0df03bf7c2e
+Z 37bb29b03ead205804ed648a38318574

manifest.uuid

@@ -1 +1 @@
-2842bc60538369f888c7df8365858c910322277d
+56ff72ab44288296efc99a608f7edc4346366a50

src/analyze.c

@@ -1766,7 +1766,9 @@ static int loadStatTbl(
       sqlite3_finalize(pStmt);
       return SQLITE_NOMEM_BKPT;
     }
-    memcpy(pSample->p, sqlite3_column_blob(pStmt, 4), pSample->n);
+    if( pSample->n ){
+      memcpy(pSample->p, sqlite3_column_blob(pStmt, 4), pSample->n);
+    }
     pIdx->nSample++;
   }
   rc = sqlite3_finalize(pStmt);

src/func.c

@@ -200,25 +200,27 @@ static void instrFunc(
   if( typeHaystack==SQLITE_NULL || typeNeedle==SQLITE_NULL ) return;
   nHaystack = sqlite3_value_bytes(argv[0]);
   nNeedle = sqlite3_value_bytes(argv[1]);
-  if( typeHaystack==SQLITE_BLOB && typeNeedle==SQLITE_BLOB ){
+  if( nNeedle>0 ){
-    zHaystack = sqlite3_value_blob(argv[0]);
+    if( typeHaystack==SQLITE_BLOB && typeNeedle==SQLITE_BLOB ){
-    zNeedle = sqlite3_value_blob(argv[1]);
+      zHaystack = sqlite3_value_blob(argv[0]);
-    isText = 0;
+      zNeedle = sqlite3_value_blob(argv[1]);
-  }else{
+      isText = 0;
-    zHaystack = sqlite3_value_text(argv[0]);
+    }else{
-    zNeedle = sqlite3_value_text(argv[1]);
+      zHaystack = sqlite3_value_text(argv[0]);
-    isText = 1;
+      zNeedle = sqlite3_value_text(argv[1]);
-    if( zNeedle==0 ) return;
+      isText = 1;
-    assert( zHaystack );
+      if( zNeedle==0 ) return;
+      assert( zHaystack );
+    }
+    while( nNeedle<=nHaystack && memcmp(zHaystack, zNeedle, nNeedle)!=0 ){
+      N++;
+      do{
+        nHaystack--;
+        zHaystack++;
+      }while( isText && (zHaystack[0]&0xc0)==0x80 );
+    }
+    if( nNeedle>nHaystack ) N = 0;
   }
-  while( nNeedle<=nHaystack && memcmp(zHaystack, zNeedle, nNeedle)!=0 ){
-    N++;
-    do{
-      nHaystack--;
-      zHaystack++;
-    }while( isText && (zHaystack[0]&0xc0)==0x80 );
-  }
-  if( nNeedle>nHaystack ) N = 0;
   sqlite3_result_int(context, N);
 }
 

src/main.c

@@ -2739,7 +2739,9 @@ int sqlite3ParseUri(
   }else{
     zFile = sqlite3_malloc64(nUri+2);
     if( !zFile ) return SQLITE_NOMEM_BKPT;
-    memcpy(zFile, zUri, nUri);
+    if( nUri ){
+      memcpy(zFile, zUri, nUri);
+    }
     zFile[nUri] = '\0';
     zFile[nUri+1] = '\0';
     flags &= ~SQLITE_OPEN_URI;

src/printf.c

@@ -841,7 +841,7 @@ void sqlite3StrAccumAppend(StrAccum *p, const char *z, int N){
   assert( p->accError==0 || p->nAlloc==0 );
   if( p->nChar+N >= p->nAlloc ){
     enlargeAndAppend(p,z,N);
-  }else{
+  }else if( N ){
     assert( p->zText );
     p->nChar += N;
     memcpy(&p->zText[p->nChar-N], z, N);