From b164e704505fc16cf0e6c0f471dd02010b8e6e2c Mon Sep 17 00:00:00 2001
From: Dan Minor <dminor@webrtc.org>
Date: Thu, 28 May 2020 09:21:42 -0400
Subject: [PATCH] Check that data_ is non-null before memcpy in
 EnsureCapacityWithHeadroom

Since we've passed IsConsistent(), if data_ is null, size_ must be
zero, so we might attempt to copy zero bytes from a nullptr.  This does
not seem to cause problems in practice, but is still undefined
behaviour. This was caught on an UBsan test run in Firefox.

Bug: webrtc:11613
Change-Id: Iad795bf19ed69b56e066958a54a7e3a434b996cf
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/176280
Commit-Queue: Dan Minor <dminor@webrtc.org>
Reviewed-by: Karl Wiberg <kwiberg@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#31386}
---
 rtc_base/buffer.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/rtc_base/buffer.h b/rtc_base/buffer.h
index 3048b9179f..d1639e2f71 100644
--- a/rtc_base/buffer.h
+++ b/rtc_base/buffer.h
@@ -370,7 +370,9 @@ class BufferT {
                        : capacity;
 
     std::unique_ptr<T[]> new_data(new T[new_capacity]);
-    std::memcpy(new_data.get(), data_.get(), size_ * sizeof(T));
+    if (data_ != nullptr) {
+      std::memcpy(new_data.get(), data_.get(), size_ * sizeof(T));
+    }
     MaybeZeroCompleteBuffer();
     data_ = std::move(new_data);
     capacity_ = new_capacity;