# HG changeset patch
# Parent  e0761e817deb20ccd8e6612f11ed79eb4caee3be
Issue #27570: Avoid zero-length memcpy() calls with null source pointers

diff -r e0761e817deb Lib/test/test_array.py
--- a/Lib/test/test_array.py	Tue Jul 19 02:50:51 2016 +0000
+++ b/Lib/test/test_array.py	Wed Aug 03 05:21:45 2016 +0000
@@ -36,14 +36,24 @@
 if have_long_long:
     typecodes += 'qQ'
 
-class BadConstructorTest(unittest.TestCase):
+class MiscTest(unittest.TestCase):
 
-    def test_constructor(self):
+    def test_bad_constructor(self):
         self.assertRaises(TypeError, array.array)
         self.assertRaises(TypeError, array.array, spam=42)
         self.assertRaises(TypeError, array.array, 'xx')
         self.assertRaises(ValueError, array.array, 'x')
 
+    def test_empty(self):
+        # Exercise code for handling zero-length arrays
+        a = array.array('B')
+        a[:] = a
+        self.assertEqual(len(a), 0)
+        self.assertEqual(len(a + a), 0)
+        self.assertEqual(len(a * 3), 0)
+        a += a
+        self.assertEqual(len(a), 0)
+
 
 # Machine format codes.
 #
diff -r e0761e817deb Misc/NEWS
--- a/Misc/NEWS	Tue Jul 19 02:50:51 2016 +0000
+++ b/Misc/NEWS	Wed Aug 03 05:21:45 2016 +0000
@@ -10,6 +10,9 @@
 Core and Builtins
 -----------------
 
+- Issue #27570: Avoid zero-length memcpy() etc calls with null source
+  pointers.
+
 - Issue #27507: Add integer overflow check in bytearray.extend().  Patch by
   Xiang Zhang.
 
diff -r e0761e817deb Modules/_ctypes/_ctypes.c
--- a/Modules/_ctypes/_ctypes.c	Tue Jul 19 02:50:51 2016 +0000
+++ b/Modules/_ctypes/_ctypes.c	Wed Aug 03 05:21:45 2016 +0000
@@ -1381,8 +1381,10 @@
         goto error;
     }
     stgdict->shape[0] = length;
-    memmove(&stgdict->shape[1], itemdict->shape,
-        sizeof(Py_ssize_t) * (stgdict->ndim - 1));
+    if (stgdict->ndim > 1) {
+        memmove(&stgdict->shape[1], itemdict->shape,
+            sizeof(Py_ssize_t) * (stgdict->ndim - 1));
+    }
 
     itemsize = itemdict->size;
     if (length * itemsize < 0) {
diff -r e0761e817deb Modules/_ctypes/stgdict.c
--- a/Modules/_ctypes/stgdict.c	Tue Jul 19 02:50:51 2016 +0000
+++ b/Modules/_ctypes/stgdict.c	Wed Aug 03 05:21:45 2016 +0000
@@ -391,9 +391,11 @@
         }
         memset(stgdict->ffi_type_pointer.elements, 0,
                sizeof(ffi_type *) * (basedict->length + len + 1));
-        memcpy(stgdict->ffi_type_pointer.elements,
-               basedict->ffi_type_pointer.elements,
-               sizeof(ffi_type *) * (basedict->length));
+        if (basedict->length > 0) {
+            memcpy(stgdict->ffi_type_pointer.elements,
+                   basedict->ffi_type_pointer.elements,
+                   sizeof(ffi_type *) * (basedict->length));
+        }
         ffi_ofs = basedict->length;
     } else {
         offset = 0;
diff -r e0761e817deb Modules/arraymodule.c
--- a/Modules/arraymodule.c	Tue Jul 19 02:50:51 2016 +0000
+++ b/Modules/arraymodule.c	Wed Aug 03 05:21:45 2016 +0000
@@ -745,8 +745,10 @@
     np = (arrayobject *) newarrayobject(&Arraytype, ihigh - ilow, a->ob_descr);
     if (np == NULL)
         return NULL;
-    memcpy(np->ob_item, a->ob_item + ilow * a->ob_descr->itemsize,
-           (ihigh-ilow) * a->ob_descr->itemsize);
+    if (ihigh > ilow) {
+        memcpy(np->ob_item, a->ob_item + ilow * a->ob_descr->itemsize,
+               (ihigh-ilow) * a->ob_descr->itemsize);
+    }
     return (PyObject *)np;
 }
 
@@ -804,9 +806,13 @@
     if (np == NULL) {
         return NULL;
     }
-    memcpy(np->ob_item, a->ob_item, Py_SIZE(a)*a->ob_descr->itemsize);
-    memcpy(np->ob_item + Py_SIZE(a)*a->ob_descr->itemsize,
-           b->ob_item, Py_SIZE(b)*b->ob_descr->itemsize);
+    if (Py_SIZE(a) > 0) {
+        memcpy(np->ob_item, a->ob_item, Py_SIZE(a)*a->ob_descr->itemsize);
+    }
+    if (Py_SIZE(b) > 0) {
+        memcpy(np->ob_item + Py_SIZE(a)*a->ob_descr->itemsize,
+               b->ob_item, Py_SIZE(b)*b->ob_descr->itemsize);
+    }
     return (PyObject *)np;
 #undef b
 }
@@ -826,7 +832,7 @@
     np = (arrayobject *) newarrayobject(&Arraytype, size, a->ob_descr);
     if (np == NULL)
         return NULL;
-    if (n == 0)
+    if (size == 0)
         return (PyObject *)np;
     oldbytes = Py_SIZE(a) * a->ob_descr->itemsize;
     newbytes = oldbytes * n;
@@ -985,8 +991,10 @@
     size = oldsize + Py_SIZE(b);
     if (array_resize(self, size) == -1)
         return -1;
-    memcpy(self->ob_item + oldsize * self->ob_descr->itemsize,
-        b->ob_item, bbsize * b->ob_descr->itemsize);
+    if (bbsize > 0) {
+        memcpy(self->ob_item + oldsize * self->ob_descr->itemsize,
+            b->ob_item, bbsize * b->ob_descr->itemsize);
+    }
 
     return 0;
 #undef b
diff -r e0761e817deb Modules/hashtable.c
--- a/Modules/hashtable.c	Tue Jul 19 02:50:51 2016 +0000
+++ b/Modules/hashtable.c	Wed Aug 03 05:21:45 2016 +0000
@@ -71,8 +71,10 @@
 #define ENTRY_WRITE_PDATA(TABLE, ENTRY, DATA_SIZE, PDATA) \
     do { \
         assert((DATA_SIZE) == (TABLE)->data_size); \
-        Py_MEMCPY((void *)_Py_HASHTABLE_ENTRY_PDATA((TABLE), (ENTRY)), \
-                  (PDATA), (DATA_SIZE)); \
+        if ((DATA_SIZE) > 0) { \
+            Py_MEMCPY((void *)_Py_HASHTABLE_ENTRY_PDATA((TABLE), (ENTRY)), \
+                      (PDATA), (DATA_SIZE)); \
+        } \
     } while (0)
 
 /* Forward declaration */
diff -r e0761e817deb Objects/listobject.c
--- a/Objects/listobject.c	Tue Jul 19 02:50:51 2016 +0000
+++ b/Objects/listobject.c	Wed Aug 03 05:21:45 2016 +0000
@@ -648,7 +648,9 @@
             goto Error;
         }
     }
-    memcpy(recycle, &item[ilow], s);
+    if (s > 0) {
+        memcpy(recycle, &item[ilow], s);
+    }
 
     if (d < 0) { /* Delete -d items */
         Py_ssize_t tail;