[ubsan] Don't call memcpy with nullptr arguments

Not even when copying 0 bytes. Same for memmove and memcmp.

Bug: v8:3770
Change-Id: I3ed45a4572467ec7a9fc697ac28c004aa9b8b274
Reviewed-on: https://chromium-review.googlesource.com/c/1436217Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59101}

src/ast/ast-value-factory.cc

@@ -124,6 +124,7 @@ bool AstRawString::Compare(void* a, void* b) {
   DCHECK_EQ(lhs->Hash(), rhs->Hash());
 
   if (lhs->length() != rhs->length()) return false;
+  if (lhs->length() == 0) return true;
   const unsigned char* l = lhs->raw_data();
   const unsigned char* r = rhs->raw_data();
   size_t length = rhs->length();

src/compiler/bytecode-graph-builder.cc

@@ -3481,7 +3481,9 @@ Node* BytecodeGraphBuilder::MakeNode(const Operator* op, int value_input_count,
     if (has_control) ++input_count_with_deps;
     if (has_effect) ++input_count_with_deps;
     Node** buffer = EnsureInputBufferSize(input_count_with_deps);
-    memcpy(buffer, value_inputs, kSystemPointerSize * value_input_count);
+    if (value_input_count > 0) {
+      memcpy(buffer, value_inputs, kSystemPointerSize * value_input_count);
+    }
     Node** current_input = buffer + value_input_count;
     if (has_context) {
       *current_input++ = OperatorProperties::NeedsExactContext(op)

src/compiler/wasm-compiler.cc

@@ -1063,7 +1063,9 @@ Node* WasmGraphBuilder::Return(unsigned count, Node** vals) {
   }
 
   buf[0] = mcgraph()->Int32Constant(0);
-  memcpy(buf + 1, vals, sizeof(void*) * count);
+  if (count > 0) {
+    memcpy(buf + 1, vals, sizeof(void*) * count);
+  }
   buf[count + 1] = Effect();
   buf[count + 2] = Control();
   Node* ret =

src/parsing/scanner.cc

@@ -73,7 +73,9 @@ int Scanner::LiteralBuffer::NewCapacity(int min_capacity) {
 void Scanner::LiteralBuffer::ExpandBuffer() {
   int min_capacity = Max(kInitialCapacity, backing_store_.length());
   Vector<byte> new_store = Vector<byte>::New(NewCapacity(min_capacity));
-  MemCopy(new_store.start(), backing_store_.start(), position_);
+  if (position_ > 0) {
+    MemCopy(new_store.start(), backing_store_.start(), position_);
+  }
   backing_store_.Dispose();
   backing_store_ = new_store;
 }

src/value-serializer.cc

@@ -279,7 +279,7 @@ void ValueSerializer::WriteBigIntContents(BigInt bigint) {
 
 void ValueSerializer::WriteRawBytes(const void* source, size_t length) {
   uint8_t* dest;
-  if (ReserveRawBytes(length).To(&dest)) {
+  if (ReserveRawBytes(length).To(&dest) && length > 0) {
     memcpy(dest, source, length);
   }
 }
@@ -1697,7 +1697,9 @@ MaybeHandle<JSArrayBuffer> ValueDeserializer::ReadJSArrayBuffer(
                                           should_initialize)) {
     return MaybeHandle<JSArrayBuffer>();
   }
-  memcpy(array_buffer->backing_store(), position_, byte_length);
+  if (byte_length > 0) {
+    memcpy(array_buffer->backing_store(), position_, byte_length);
+  }
   position_ += byte_length;
   AddObjectWithID(id, array_buffer);
   return array_buffer;

src/wasm/graph-builder-interface.cc

@@ -794,10 +794,12 @@ class WasmGraphBuildingInterface {
     result->effect = from->effect;
 
     result->state = SsaEnv::kReached;
-    result->locals =
-        size > 0 ? reinterpret_cast<TFNode**>(decoder->zone()->New(size))
-                 : nullptr;
-    memcpy(result->locals, from->locals, size);
+    if (size > 0) {
+      result->locals = reinterpret_cast<TFNode**>(decoder->zone()->New(size));
+      memcpy(result->locals, from->locals, size);
+    } else {
+      result->locals = nullptr;
+    }
     result->instance_cache = from->instance_cache;
 
     return result;

src/wasm/local-decl-encoder.cc

@@ -16,7 +16,9 @@ void LocalDeclEncoder::Prepend(Zone* zone, const byte** start,
   size_t size = (*end - *start);
   byte* buffer = reinterpret_cast<byte*>(zone->New(Size() + size));
   size_t pos = Emit(buffer);
-  memcpy(buffer + pos, *start, size);
+  if (size > 0) {
+    memcpy(buffer + pos, *start, size);
+  }
   pos += size;
   *start = buffer;
   *end = buffer + pos;

src/wasm/wasm-code-manager.cc

@@ -411,8 +411,10 @@ void NativeModule::ReserveCodeTableForTesting(uint32_t max_functions) {
   DCHECK_LE(num_functions(), max_functions);
   WasmCode** new_table = new WasmCode*[max_functions];
   memset(new_table, 0, max_functions * sizeof(*new_table));
-  memcpy(new_table, code_table_.get(),
-         module_->num_declared_functions * sizeof(*new_table));
+  if (module_->num_declared_functions > 0) {
+    memcpy(new_table, code_table_.get(),
+           module_->num_declared_functions * sizeof(*new_table));
+  }
   code_table_.reset(new_table);
 
   // Re-allocate jump table.
@@ -520,12 +522,17 @@ WasmCode* NativeModule::AddAnonymousCode(Handle<Code> code, WasmCode::Kind kind,
   const size_t relocation_size =
       code->is_off_heap_trampoline() ? 0 : code->relocation_size();
   OwnedVector<byte> reloc_info = OwnedVector<byte>::New(relocation_size);
-  memcpy(reloc_info.start(), code->relocation_start(), relocation_size);
+  if (relocation_size > 0) {
+    memcpy(reloc_info.start(), code->relocation_start(), relocation_size);
+  }
   Handle<ByteArray> source_pos_table(code->SourcePositionTable(),
                                      code->GetIsolate());
   OwnedVector<byte> source_pos =
       OwnedVector<byte>::New(source_pos_table->length());
-  source_pos_table->copy_out(0, source_pos.start(), source_pos_table->length());
+  if (source_pos_table->length() > 0) {
+    source_pos_table->copy_out(0, source_pos.start(),
+                               source_pos_table->length());
+  }
   Vector<const byte> instructions(
       reinterpret_cast<byte*>(code->InstructionStart()),
       static_cast<size_t>(code->InstructionSize()));
@@ -586,8 +593,10 @@ WasmCode* NativeModule::AddCode(
     OwnedVector<const byte> source_pos_table, WasmCode::Kind kind,
     WasmCode::Tier tier) {
   OwnedVector<byte> reloc_info = OwnedVector<byte>::New(desc.reloc_size);
-  memcpy(reloc_info.start(), desc.buffer + desc.buffer_size - desc.reloc_size,
-         desc.reloc_size);
+  if (desc.reloc_size > 0) {
+    memcpy(reloc_info.start(), desc.buffer + desc.buffer_size - desc.reloc_size,
+           desc.reloc_size);
+  }
 
   WasmCode* ret = AddOwnedCode(
       index, {desc.buffer, static_cast<size_t>(desc.instr_size)}, stack_slots,

src/wasm/wasm-interpreter.cc

@@ -2727,7 +2727,9 @@ class ThreadImpl {
     for (WasmValue *val = vals, *end = vals + arity; val != end; ++val) {
       DCHECK_NE(kWasmStmt, val->type());
     }
-    memcpy(sp_, vals, arity * sizeof(*sp_));
+    if (arity > 0) {
+      memcpy(sp_, vals, arity * sizeof(*sp_));
+    }
     sp_ += arity;
   }
 
@@ -2738,7 +2740,9 @@ class ThreadImpl {
         base::bits::RoundUpToPowerOfTwo64((sp_ - stack_.get()) + size);
     size_t new_size = Max(size_t{8}, Max(2 * old_size, requested_size));
     std::unique_ptr<WasmValue[]> new_stack(new WasmValue[new_size]);
-    memcpy(new_stack.get(), stack_.get(), old_size * sizeof(*sp_));
+    if (old_size > 0) {
+      memcpy(new_stack.get(), stack_.get(), old_size * sizeof(*sp_));
+    }
     sp_ = new_stack.get() + (sp_ - stack_.get());
     stack_ = std::move(new_stack);
     stack_limit_ = stack_.get() + new_size;

src/zone/zone-list-inl.h

@@ -66,7 +66,9 @@ template <typename T>
 void ZoneList<T>::Resize(int new_capacity, ZoneAllocationPolicy alloc) {
   DCHECK_LE(length_, new_capacity);
   T* new_data = NewData(new_capacity, alloc);
-  MemCopy(new_data, data_, length_ * sizeof(T));
+  if (length_ > 0) {
+    MemCopy(new_data, data_, length_ * sizeof(T));
+  }
   ZoneList<T>::DeleteData(data_);
   data_ = new_data;
   capacity_ = new_capacity;

test/cctest/parsing/test-scanner-streams.cc

@@ -47,7 +47,9 @@ class ChunkSource : public v8::ScriptCompiler::ExternalSourceStream {
     DCHECK_LT(current_, chunks_.size());
     Chunk& next = chunks_[current_++];
     uint8_t* chunk = new uint8_t[next.len];
-    i::MemMove(chunk, next.ptr, next.len);
+    if (next.len > 0) {
+      i::MemMove(chunk, next.ptr, next.len);
+    }
     *src = chunk;
     return next.len;
   }

test/cctest/wasm/wasm-run-utils.cc

@@ -181,7 +181,9 @@ uint32_t TestingModuleBuilder::AddBytes(Vector<const byte> bytes) {
   uint32_t bytes_offset = old_size ? old_size : 1;
   size_t new_size = bytes_offset + bytes.size();
   OwnedVector<uint8_t> new_bytes = OwnedVector<uint8_t>::New(new_size);
-  memcpy(new_bytes.start(), old_bytes.start(), old_size);
+  if (old_size > 0) {
+    memcpy(new_bytes.start(), old_bytes.start(), old_size);
+  }
   memcpy(new_bytes.start() + bytes_offset, bytes.start(), bytes.length());
   native_module_->SetWireBytes(std::move(new_bytes));
   return bytes_offset;

test/unittests/wasm/function-body-decoder-unittest.cc

@@ -116,7 +116,9 @@ class FunctionBodyDecoderTest : public TestWithZone {
     // Prepend the local decls to the code.
     local_decls.Emit(buffer);
     // Emit the code.
-    memcpy(buffer + locals_size, code.start(), code.size());
+    if (code.size() > 0) {
+      memcpy(buffer + locals_size, code.start(), code.size());
+    }
     if (append_end == kAppendEnd) {
       // Append an extra end opcode.
       buffer[total_size - 1] = kExprEnd;

test/unittests/wasm/module-decoder-unittest.cc

@@ -173,7 +173,9 @@ class WasmModuleVerifyTest : public TestWithIsolateAndZone {
     size_t total = sizeof(header) + size;
     auto temp = new byte[total];
     memcpy(temp, header, sizeof(header));
-    memcpy(temp + sizeof(header), module_start, size);
+    if (size > 0) {
+      memcpy(temp + sizeof(header), module_start, size);
+    }
     ModuleResult result = DecodeWasmModule(
         enabled_features_, temp, temp + total, false, kWasmOrigin,
         isolate()->counters(), isolate()->allocator());