libctf, serialize: functions with no args have a NULL dtd_vlen

Every place that accesses a function's dtd_vlen accesses it only if the
number of args is nonzero, except the serializer, which always tries to
memcpy it.  The number of bytes it memcpys in this case is zero, but it
is still undefined behaviour to copy zero bytes from a null pointer.
So check for this case explicitly.

libctf/ChangeLog
2021-03-25  Nick Alcock  <nick.alcock@oracle.com>

	PR libctf/27628
	* ctf-serialize.c (ctf_emit_type_sect): Allow for a NULL vlen in
	CTF_K_FUNCTION types.

2 files changed, 9 insertions, 1 deletions

diff --git a/libctf/ChangeLog b/libctf/ChangeLog
index 909c4fc87b..a9e76ecd7c 100644
--- a/libctf/ChangeLog
+++ b/libctf/ChangeLog
@@ -1,5 +1,11 @@
 2021-03-25  Nick Alcock  <nick.alcock@oracle.com>
 
+	PR libctf/27628
+	* ctf-serialize.c (ctf_emit_type_sect): Allow for a NULL vlen in
+	CTF_K_FUNCTION types.
+
+2021-03-25  Nick Alcock  <nick.alcock@oracle.com>
+
 	* ctf-dump.c (ctf_dump_format_type): Don't emit size or alignment
 	on error.
 
diff --git a/libctf/ctf-serialize.c b/libctf/ctf-serialize.c
index 0811b7b6ef..9f50280176 100644
--- a/libctf/ctf-serialize.c
+++ b/libctf/ctf-serialize.c
@@ -849,7 +849,9 @@ ctf_emit_type_sect (ctf_dict_t *fp, unsigned char **tptr)
 	  break;
 
 	case CTF_K_FUNCTION:
-	  memcpy (t, dtd->dtd_vlen, sizeof (uint32_t) * (vlen + (vlen & 1)));
+	  /* Functions with no args also have no vlen.  */
+	  if (dtd->dtd_vlen)
+	    memcpy (t, dtd->dtd_vlen, sizeof (uint32_t) * (vlen + (vlen & 1)));
 	  t += sizeof (uint32_t) * (vlen + (vlen & 1));
 	  break;