From ee29324fd5fb2f6206a3570c9f716743dd3ce901 Mon Sep 17 00:00:00 2001
From: yuangongji <yuangongji@foxmail.com>
Date: Mon, 29 Jun 2020 15:32:57 +0800
Subject: [PATCH 1/2] check null pointer before using memcpy()

---
 include/msgpack/v1/sbuffer.hpp               | 8 ++++++--
 include/msgpack/v2/create_object_visitor.hpp | 9 +++++++--
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/include/msgpack/v1/sbuffer.hpp b/include/msgpack/v1/sbuffer.hpp
index 387bdce2..350fc379 100644
--- a/include/msgpack/v1/sbuffer.hpp
+++ b/include/msgpack/v1/sbuffer.hpp
@@ -14,6 +14,7 @@
 
 #include <stdexcept>
 #include <cstring>
+#include <cassert>
 
 namespace msgpack {
 
@@ -68,11 +69,14 @@ public:
 
     void write(const char* buf, size_t len)
     {
+        assert(buf || len == 0);
         if(m_alloc - m_size < len) {
             expand_buffer(len);
         }
-        std::memcpy(m_data + m_size, buf, len);
-        m_size += len;
+        if(buf) {
+            std::memcpy(m_data + m_size, buf, len);
+            m_size += len;
+        }
     }
 
     char* data()
diff --git a/include/msgpack/v2/create_object_visitor.hpp b/include/msgpack/v2/create_object_visitor.hpp
index 3cd8fcea..c2ac9cf2 100644
--- a/include/msgpack/v2/create_object_visitor.hpp
+++ b/include/msgpack/v2/create_object_visitor.hpp
@@ -10,6 +10,8 @@
 #ifndef MSGPACK_V2_CREATE_OBJECT_VISITOR_HPP
 #define MSGPACK_V2_CREATE_OBJECT_VISITOR_HPP
 
+#include <cassert>
+
 #include "msgpack/unpack_decl.hpp"
 #include "msgpack/unpack_exception.hpp"
 #include "msgpack/v2/create_object_visitor_decl.hpp"
@@ -106,6 +108,7 @@ public:
         return true;
     }
     bool visit_str(const char* v, uint32_t size) {
+        assert(v || size == 0);
         if (size > m_limit.str()) throw msgpack::str_size_overflow("str size overflow");
         msgpack::object* obj = m_stack.back();
         obj->type = msgpack::type::STR;
@@ -115,8 +118,10 @@ public:
         }
         else {
             char* tmp = static_cast<char*>(zone().allocate_align(size, MSGPACK_ZONE_ALIGNOF(char)));
-            std::memcpy(tmp, v, size);
-            obj->via.str.ptr = tmp;
+            if (v) {
+                std::memcpy(tmp, v, size);
+                obj->via.str.ptr = tmp;
+            }
         }
         obj->via.str.size = size;
         return true;

From b0860a5f37ca4d2a183b9d5928de18f047ca8cc1 Mon Sep 17 00:00:00 2001
From: Takatoshi Kondo <redboltz@gmail.com>
Date: Thu, 2 Jul 2020 13:34:00 +0900
Subject: [PATCH 2/2] Fixed ptr size operation.

---
 include/msgpack/v2/create_object_visitor.hpp | 39 +++++++++++++++-----
 1 file changed, 29 insertions(+), 10 deletions(-)

diff --git a/include/msgpack/v2/create_object_visitor.hpp b/include/msgpack/v2/create_object_visitor.hpp
index c2ac9cf2..17cb56de 100644
--- a/include/msgpack/v2/create_object_visitor.hpp
+++ b/include/msgpack/v2/create_object_visitor.hpp
@@ -114,16 +114,21 @@ public:
         obj->type = msgpack::type::STR;
         if (m_func && m_func(obj->type, size, m_user_data)) {
             obj->via.str.ptr = v;
+            obj->via.str.size = size;
             set_referenced(true);
         }
         else {
-            char* tmp = static_cast<char*>(zone().allocate_align(size, MSGPACK_ZONE_ALIGNOF(char)));
             if (v) {
+                char* tmp = static_cast<char*>(zone().allocate_align(size, MSGPACK_ZONE_ALIGNOF(char)));
                 std::memcpy(tmp, v, size);
                 obj->via.str.ptr = tmp;
+                obj->via.str.size = size;
+            }
+            else {
+                obj->via.str.ptr = MSGPACK_NULLPTR;
+                obj->via.str.size = 0;
             }
         }
-        obj->via.str.size = size;
         return true;
     }
     bool visit_bin(const char* v, uint32_t size) {
@@ -132,14 +137,21 @@ public:
         obj->type = msgpack::type::BIN;
         if (m_func && m_func(obj->type, size, m_user_data)) {
             obj->via.bin.ptr = v;
+            obj->via.bin.size = size;
             set_referenced(true);
         }
         else {
-            char* tmp = static_cast<char*>(zone().allocate_align(size, MSGPACK_ZONE_ALIGNOF(char)));
-            std::memcpy(tmp, v, size);
-            obj->via.bin.ptr = tmp;
+            if (v) {
+                char* tmp = static_cast<char*>(zone().allocate_align(size, MSGPACK_ZONE_ALIGNOF(char)));
+                std::memcpy(tmp, v, size);
+                obj->via.bin.ptr = tmp;
+                obj->via.bin.size = size;
+            }
+            else {
+                obj->via.bin.ptr = MSGPACK_NULLPTR;
+                obj->via.bin.size = 0;
+            }
         }
-        obj->via.bin.size = size;
         return true;
     }
     bool visit_ext(const char* v, uint32_t size) {
@@ -148,14 +160,21 @@ public:
         obj->type = msgpack::type::EXT;
         if (m_func && m_func(obj->type, size, m_user_data)) {
             obj->via.ext.ptr = v;
+            obj->via.ext.size = static_cast<uint32_t>(size - 1);
             set_referenced(true);
         }
         else {
-            char* tmp = static_cast<char*>(zone().allocate_align(size, MSGPACK_ZONE_ALIGNOF(char)));
-            std::memcpy(tmp, v, size);
-            obj->via.ext.ptr = tmp;
+            if (v) {
+                char* tmp = static_cast<char*>(zone().allocate_align(size, MSGPACK_ZONE_ALIGNOF(char)));
+                std::memcpy(tmp, v, size);
+                obj->via.ext.ptr = tmp;
+                obj->via.ext.size = static_cast<uint32_t>(size - 1);
+            }
+            else {
+                obj->via.ext.ptr = MSGPACK_NULLPTR;
+                obj->via.ext.size = 0;
+            }
         }
-        obj->via.ext.size = static_cast<uint32_t>(size - 1);
         return true;
     }
     bool start_array(uint32_t num_elements) {