From b316a7135b146968d78b2c1d81bca61fdb7cbadb Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Fri, 28 Mar 2025 18:12:24 +1100 Subject: [PATCH] mroonga: undefined behaviour fix The value of dv[0].data being null showed up in the mtr tests: mroonga/storage.alter_table_fulltext_add_no_primary_key as: /source/storage/mroonga/vendor/groonga/lib/ii.c:2052:37: runtime error: applying non-zero offset 28 to null pointer Correct this by entrying the if condition on null pointer value. The free is valid, and the data of size is allocated. --- storage/mroonga/vendor/groonga/lib/ii.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/storage/mroonga/vendor/groonga/lib/ii.c b/storage/mroonga/vendor/groonga/lib/ii.c index 3e402e15e7e..8ce4857bfc2 100644 --- a/storage/mroonga/vendor/groonga/lib/ii.c +++ b/storage/mroonga/vendor/groonga/lib/ii.c @@ -2049,7 +2049,7 @@ grn_p_decv(grn_ctx *ctx, uint8_t *data, uint32_t data_size, datavec *dv, uint32_ if ((df & 1)) { df >>= 1; size = nreq == dvlen ? data_size : df * nreq; - if (dv[dvlen].data < dv[0].data + size) { + if (!dv[0].data || dv[dvlen].data < dv[0].data + size) { if (dv[0].data) { GRN_FREE(dv[0].data); } if (!(rp = GRN_MALLOC(size * sizeof(uint32_t)))) { return 0; } dv[dvlen].data = rp + size; @@ -10653,7 +10653,7 @@ grn_ii_builder_options_fix(grn_ii_builder_options *options) } #define GRN_II_BUILDER_TERM_INPLACE_SIZE\ - (sizeof(grn_ii_builder_term) - (uintptr_t)&((grn_ii_builder_term *)0)->dummy) + (sizeof(grn_ii_builder_term) - offsetof(grn_ii_builder_term, dummy)) typedef struct { grn_id rid; /* Last record ID */