journal: fix against (theoretical) undefined behavior

While all the libc implementations I know return NULL when memchr's size
parameter is 0, without accessing any memory, passing NULL to memchr is
still invalid:

C11 7.24.1p2: Where an argument declared as "size_t n" specifies the length
of the array for a function, n can have the value zero on a call to that
function. Unless explicitly stated otherwise in the description of a
particular function in this subclause, pointer arguments on such a call
shall still have valid values, as described in 7.1.4. On such a call, a
function that locates a character finds no occurrence, a function that
compares two character sequences returns zero, and a function that copies
characters copies zero characters.

see http://llvm.org/bugs/show_bug.cgi?id=18247

diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index 48fdb6163aec5a1989dd4186d2d33483db56455f..9e89cb96992250c748d5dd3f990e2213d8d1ac09 100644 (file)
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -1010,7 +1010,10 @@ static int journal_file_append_data(
         if (r < 0)
                 return r;
 
-        eq = memchr(data, '=', size);
+        if (!data)
+                eq = NULL;
+        else
+                eq = memchr(data, '=', size);
         if (eq && eq > data) {
                 uint64_t fp;
                 Object *fo;