From 089fde5c5925d4765d3e38364b33634b408f458a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20Verschelde?= <rverschelde@gmail.com>
Date: Mon, 7 Jun 2021 18:31:50 +0200
Subject: [PATCH] FileAccess: Don't err in `store_buffer` with buffer of size 0

The error check was added for `FileAccessUnix` but it's not an error when both
`p_src` and `p_length` are zero.

Added correct error checks to all implementations to prevent the actual
erroneous case: `p_src` is nullptr but `p_length > 0` (risk of null pointer
indexing).

Fixes #33564.

(cherry picked from commit 01d5c463be103a29662d2123cd37ae2f21b077a6)
---
 core/io/file_access_encrypted.cpp       | 1 +
 core/io/file_access_memory.cpp          | 2 +-
 core/os/file_access.cpp                 | 2 +-
 drivers/unix/file_access_unix.cpp       | 2 +-
 drivers/windows/file_access_windows.cpp | 1 +
 5 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/core/io/file_access_encrypted.cpp b/core/io/file_access_encrypted.cpp
index 4597354ee56..107a54bec1e 100644
--- a/core/io/file_access_encrypted.cpp
+++ b/core/io/file_access_encrypted.cpp
@@ -258,6 +258,7 @@ Error FileAccessEncrypted::get_error() const {
 void FileAccessEncrypted::store_buffer(const uint8_t *p_src, int p_length) {
 
 	ERR_FAIL_COND_MSG(!writing, "File has not been opened in write mode.");
+	ERR_FAIL_COND(!p_src && p_length > 0);
 
 	if (pos < data.size()) {
 
diff --git a/core/io/file_access_memory.cpp b/core/io/file_access_memory.cpp
index 231d58f6228..b7d49bfa2f5 100644
--- a/core/io/file_access_memory.cpp
+++ b/core/io/file_access_memory.cpp
@@ -184,7 +184,7 @@ void FileAccessMemory::store_8(uint8_t p_byte) {
 }
 
 void FileAccessMemory::store_buffer(const uint8_t *p_src, int p_length) {
-
+	ERR_FAIL_COND(!p_src && p_length > 0);
 	int left = length - pos;
 	int write = MIN(p_length, left);
 	if (write < p_length) {
diff --git a/core/os/file_access.cpp b/core/os/file_access.cpp
index 12c809a8c9b..43ceb2f3534 100644
--- a/core/os/file_access.cpp
+++ b/core/os/file_access.cpp
@@ -591,7 +591,7 @@ void FileAccess::store_csv_line(const Vector<String> &p_values, const String &p_
 }
 
 void FileAccess::store_buffer(const uint8_t *p_src, int p_length) {
-
+	ERR_FAIL_COND(!p_src && p_length > 0);
 	for (int i = 0; i < p_length; i++)
 		store_8(p_src[i]);
 }
diff --git a/drivers/unix/file_access_unix.cpp b/drivers/unix/file_access_unix.cpp
index aac1b5a7da1..d96cb802918 100644
--- a/drivers/unix/file_access_unix.cpp
+++ b/drivers/unix/file_access_unix.cpp
@@ -276,7 +276,7 @@ void FileAccessUnix::store_8(uint8_t p_dest) {
 void FileAccessUnix::store_buffer(const uint8_t *p_src, int p_length) {
 
 	ERR_FAIL_COND_MSG(!f, "File must be opened before use.");
-	ERR_FAIL_COND(!p_src);
+	ERR_FAIL_COND(!p_src && p_length > 0);
 	ERR_FAIL_COND((int)fwrite(p_src, 1, p_length, f) != p_length);
 }
 
diff --git a/drivers/windows/file_access_windows.cpp b/drivers/windows/file_access_windows.cpp
index 164e6046b5a..9c0a403fb31 100644
--- a/drivers/windows/file_access_windows.cpp
+++ b/drivers/windows/file_access_windows.cpp
@@ -302,6 +302,7 @@ void FileAccessWindows::store_8(uint8_t p_dest) {
 
 void FileAccessWindows::store_buffer(const uint8_t *p_src, int p_length) {
 	ERR_FAIL_COND(!f);
+	ERR_FAIL_COND(!p_src && p_length > 0);
 	if (flags == READ_WRITE || flags == WRITE_READ) {
 		if (prev_op == READ) {
 			if (last_error != ERR_FILE_EOF) {