From f53097e9f856281e7d8d89dc42716fb77b26e36e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Gustavsson?= <bjorn@erlang.org>
Date: Wed, 29 May 2019 16:16:37 +0200
Subject: Correct decoding of old funs (FUN_EXT)

If the environment is empty, don't access the free_vars pointer
and don't allocate a zero-size buffer. Better safe than sorry.
---
 lib/erl_interface/src/decode/decode_fun.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/erl_interface/src/decode/decode_fun.c b/lib/erl_interface/src/decode/decode_fun.c
index 70e76e956c..db71007505 100644
--- a/lib/erl_interface/src/decode/decode_fun.c
+++ b/lib/erl_interface/src/decode/decode_fun.c
@@ -77,10 +77,12 @@ int ei_decode_fun(const char *buf, int *index, erlang_fun *p)
 	}
 	if (p != NULL) {
 	    p->u.closure.n_free_vars = n;
-	    p->u.closure.free_var_len = ix - ix0;
-	    p->u.closure.free_vars = ei_malloc(ix - ix0);
-	    if (!(p->u.closure.free_vars)) return -1;
-	    memcpy(p->u.closure.free_vars, s + ix0, ix - ix0);
+            p->u.closure.free_var_len = ix - ix0;
+            if (p->u.closure.free_var_len > 0) {
+                p->u.closure.free_vars = ei_malloc(p->u.closure.free_var_len);
+                if (!(p->u.closure.free_vars)) return -1;
+                memcpy(p->u.closure.free_vars, s + ix0, p->u.closure.free_var_len);
+            }
 	}
 	s += ix;
 	*index += s-s0;
-- 
cgit v1.2.3