From ca34ad524ec7a9f0e24bb5975b178a3e70268f0f Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Fri, 28 Jul 2023 11:24:26 +0200
Subject: [PATCH] lib: handle negative and zero size in nla_memcpy()
 
a negative count is a bug in the caller. Still, handle it better than
just crashing. Maybe we should assert, but it doesn't seem best to
assert against user input.
 
Also, if count is zero, don't call memcpy(). Calling memcpy() requires
that the source and destination pointers are valid, otherwise it's
undefined behavior. I think if the caller tells us to copy zero bytes,
we should never look at the destination pointer.
 
Conflict:NA
Reference:https://github.com/thom311/libnl/commit/ca34ad524ec7a9f0e24bb5975b178a3e70268f0f

---
 lib/attr.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/attr.c b/lib/attr.c
index 2b2d538..23619c7 100644
--- a/lib/attr.c
+++ b/lib/attr.c
@@ -357,10 +357,13 @@ int nla_memcpy(void *dest, const struct nlattr *src, int count)
 
 	if (!src)
 		return 0;
-	
+
 	minlen = min_t(int, count, nla_len(src));
-	memcpy(dest, nla_data(src), minlen);
 
+	if (minlen <= 0)
+		return 0;
+
+	memcpy(dest, nla_data(src), minlen);
 	return minlen;
 }
 
-- 
2.33.0