s3:lib: Fix undefined behavior in tdb_pack()

util_tdb.c:98:5: runtime error: null pointer passed as argument 2, which
is declared to never be null

This means the second argument of memcpy() can't be NULL.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

diff --git a/source3/lib/util_tdb.c b/source3/lib/util_tdb.c
index 4f2450c5773ff4d9d9028d7059a7291c398abe5b..8a5d831225e8c1e1cb1c62163e1736245e538829 100644 (file)
--- a/source3/lib/util_tdb.c
+++ b/source3/lib/util_tdb.c
@@ -76,14 +76,11 @@ static size_t tdb_pack_va(uint8_t *buf, int bufsize, const char *fmt, va_list ap
                                SIVAL(buf, 0, d);
                        break;
                case 'P': /* null-terminated string */
-                       s = va_arg(ap,char *);
-                       w = strlen(s);
-                       len = w + 1;
-                       if (bufsize && bufsize >= len)
-                               memcpy(buf, s, len);
-                       break;
                case 'f': /* null-terminated string */
                        s = va_arg(ap,char *);
+                       if (s == NULL) {
+                               smb_panic("Invalid argument");
+                       }
                        w = strlen(s);
                        len = w + 1;
                        if (bufsize && bufsize >= len)
@@ -95,7 +92,9 @@ static size_t tdb_pack_va(uint8_t *buf, int bufsize, const char *fmt, va_list ap
                        len = 4+i;
                        if (bufsize && bufsize >= len) {
                                SIVAL(buf, 0, i);
-                               memcpy(buf+4, s, i);
+                               if (s != NULL) {
+                                       memcpy(buf+4, s, i);
+                               }
                        }
                        break;
                default: