Ensure that a zero-blob does not cause in invocation of memcpy() with a

zero length and a NULL source pointer. FossilOrigin-Name: 35441eb5e1447e01f2031837a4ede705bce34f87be27912278cc730abce6cf05
2025-08-08 14:02:16 +03:00 · 2022-04-02 19:21:58 +00:00
parent 2c144b0f63
commit d13527daed
3 changed files with 14 additions and 10 deletions
--- a/src/vdbe.c
+++ b/src/vdbe.c
@@ -3412,14 +3412,18 @@ case OP_MakeRecord: {
      }
    }else if( serial_type<0x80 ){
      *(zHdr++) = serial_type;
-      if( serial_type>=14 ){
+      if( serial_type>=14 && pRec->n>0 ){
+        assert( pRec->z!=0 );
        memcpy(zPayload, pRec->z, pRec->n);
        zPayload += pRec->n;
      }
    }else{
      zHdr += sqlite3PutVarint(zHdr, serial_type);
-      memcpy(zPayload, pRec->z, pRec->n);
-      zPayload += pRec->n;
+      if( pRec->n ){
+        assert( pRec->z!=0 );
+        memcpy(zPayload, pRec->z, pRec->n);
+        zPayload += pRec->n;
+      }
    }
    if( pRec==pLast ) break;
    pRec++;