db: avoid calling memcpy on NULL

It is possible for db_column_bytes() to return 0 and for db_column_blob() to return NULL even when db_column_is_null() returns false. We need to short circuit in this case. Detected by UBSan: db/bindings.c:479:12: runtime error: null pointer passed as argument 2, which is declared to never be null /usr/include/string.h:44:28: note: nonnull attribute specified here #0 0x95f117 in db_col_arr_ db/bindings.c:479:2 #1 0x95ef85 in db_col_channel_type db/bindings.c:459:32 #2 0x852c03 in wallet_stmt2channel wallet/wallet.c:1483:9 #3 0x81f396 in wallet_channels_load_active wallet/wallet.c:1749:23 #4 0x81f03d in wallet_init_channels wallet/wallet.c:1765:9 #5 0x72f1f9 in load_channels_from_wallet lightningd/peer_control.c:2257:7 #6 0x672856 in main lightningd/lightningd.c:1121:25
2025-02-22 14:42:40 +01:00 · 2023-04-12 12:08:36 -05:00 · 2023-04-12 12:08:36 -05:00 · 45cb2b149c
commit 45cb2b149c
parent a5afb4f811
1 changed files with 2 additions and 1 deletions
--- a/db/bindings.c
+++ b/db/bindings.c
@ -490,7 +490,8 @@ void *db_col_arr_(const tal_t *ctx, struct db_stmt *stmt, const char *colname,
 			 caller, colname, col, sourcelen, label, bytes);

 	p = tal_arr_label(ctx, char, sourcelen, label);
-	memcpy(p, db_column_blob(stmt, col), sourcelen);
+	if (sourcelen != 0)
+		memcpy(p, db_column_blob(stmt, col), sourcelen);
 	return p;
 }