fix: guard memcpy against null _ptr in Poco::Buffer::setCapacity

fm4v · claude · fm4v · commit 9bd11e036694 · 2026-03-19T14:23:52.000+01:00
When a Buffer is default-constructed (_ptr = nullptr, _used = 0),
calling setCapacity with newCapacity &gt; 0 and preserveContent = true
computes newSz = 0 and then calls memcpy(dst, nullptr, 0).

Passing a null pointer to memcpy is undefined behaviour even when size
is 0 (the nonnull attribute on argument 2 applies regardless of size).
UBSan correctly flags this and with abort_on_error=1 the ClickHouse
server process aborts during Poco::CompressedLogFile construction
before binding port 9000, causing integration tests to time out.

Fix: skip the memcpy when newSz == 0.

Co-Authored-By: Claude Sonnet 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/base/poco/Foundation/include/Poco/Buffer.h b/base/poco/Foundation/include/Poco/Buffer.h
@@ -155,7 +155,8 @@ class Buffer
                 if (preserveContent)
                 {
                     std::size_t newSz = _used < newCapacity ? _used : newCapacity;
-                    std::memcpy(ptr, _ptr, newSz * sizeof(T));
+                    if (newSz > 0)
+                        std::memcpy(ptr, _ptr, newSz * sizeof(T));
                 }
             }
             delete[] _ptr;

Original file line number	Diff line number	Diff line change
`@@ -155,7 +155,8 @@ class Buffer`
`155`	`155`	`if (preserveContent)`
`156`	`156`	`{`
`157`	`157`	`std::size_t newSz = _used < newCapacity ? _used : newCapacity;`
`158`		`- std::memcpy(ptr, _ptr, newSz * sizeof(T));`
	`158`	`+ if (newSz > 0)`
	`159`	`+ std::memcpy(ptr, _ptr, newSz * sizeof(T));`
`159`	`160`	`}`
`160`	`161`	`}`
`161`	`162`	`delete[] _ptr;`