heif{load,save}: guard against NULL strings (libvips#3608)

kleisauke · web-flow · commit 7784143caac3 · 2023-08-14T14:04:37.000+02:00
Ensures that a `NULL` string is never passed to `vsnprintf`, avoiding the occurrence of undefined behavior (UB). Resolves: libvips#3588.
diff --git a/ChangeLog b/ChangeLog
@@ -1,6 +1,7 @@
 TBD 8.14.4
 
 - fix null-pointer dereference during svgload [kleisauke]
+- heif{load,save}: guard against NULL strings [kleisauke]
 
 20/7/23 8.14.3
 
diff --git a/libvips/foreign/heifload.c b/libvips/foreign/heifload.c
@@ -213,8 +213,9 @@ void
 vips__heif_error( struct heif_error *error )
 {
 	if( error->code ) 
-		vips_error( "heif", "%s (%d.%d)", error->message, error->code,
-			error->subcode );
+		vips_error( "heif", "%s (%d.%d)",
+			error->message ? error->message : "(null)",
+			error->code, error->subcode );
 }
 
 typedef struct _VipsForeignLoadHeifClass {
diff --git a/libvips/foreign/heifsave.c b/libvips/foreign/heifsave.c
@@ -426,9 +426,11 @@ vips_foreign_save_heif_write( struct heif_context *ctx,
 
 	struct heif_error error;
 
-	error.code = 0;
-	if( vips_target_write( heif->target, data, length ) )
-		error.code = -1;
+	error.code = heif_error_Ok;
+	if( vips_target_write( heif->target, data, length ) ) {
+		error.code = heif_error_Encoding_error;
+		error.subcode = heif_suberror_Cannot_write_output_data;
+	}
 
 	return( error );
 }

Original file line number	Diff line number	Diff line change
`@@ -213,8 +213,9 @@ void`
`213`	`213`	`vips__heif_error( struct heif_error *error )`
`214`	`214`	`{`
`215`	`215`	`if( error->code )`
`216`		`- vips_error( "heif", "%s (%d.%d)", error->message, error->code,`
`217`		`- error->subcode );`
	`216`	`+ vips_error( "heif", "%s (%d.%d)",`
	`217`	`+ error->message ? error->message : "(null)",`
	`218`	`+ error->code, error->subcode );`
`218`	`219`	`}`
`219`	`220`
`220`	`221`	`typedef struct _VipsForeignLoadHeifClass {`