From a1f51b695f85e747ac26818f37d419c20ce8b0a6 Mon Sep 17 00:00:00 2001
From: Pieter Hintjens <ph@imatix.com>
Date: Sat, 6 Feb 2016 14:11:21 +0100
Subject: [PATCH] Problem: unclear rules for passing null arguments

Solution: be more explicit in the code, and in the zmq_recv man
page (which is the most unobvious case). Assert if length is not
zero and buffer is nonetheless null.
---
 doc/zmq_recv.txt      |  3 ++-
 src/sub.cpp           |  6 ++++--
 src/xsub.cpp          |  8 ++++++--
 src/zmq.cpp           | 22 +++++++++++++---------
 tests/test_timers.cpp |  4 ++--
 5 files changed, 27 insertions(+), 16 deletions(-)

diff --git a/doc/zmq_recv.txt b/doc/zmq_recv.txt
index 5ec328c8..5813e1d4 100644
--- a/doc/zmq_recv.txt
+++ b/doc/zmq_recv.txt
@@ -19,7 +19,8 @@ by the 'socket' argument and store it in the buffer referenced by the 'buf'
 argument. Any bytes exceeding the length specified by the 'len' argument shall
 be truncated. If there are no messages available on the specified 'socket'
 the _zmq_recv()_ function shall block until the request can be satisfied.
-The 'flags' argument is a combination of the flags defined below:
+The 'flags' argument is a combination of the flags defined below: The 'buf'
+argument may be null if len is zero.
 
 *ZMQ_DONTWAIT*::
 Specifies that the operation should be performed in non-blocking mode. If there
diff --git a/src/sub.cpp b/src/sub.cpp
index 90ef672d..3c9bb8cd 100644
--- a/src/sub.cpp
+++ b/src/sub.cpp
@@ -62,9 +62,11 @@ int zmq::sub_t::xsetsockopt (int option_, const void *optval_,
     else
     if (option_ == ZMQ_UNSUBSCRIBE)
         *data = 0;
-    if (optvallen_ > 0)
+    //  We explicitly allow a NULL subscription with size zero
+    if (optvallen_) {
+        assert (optval_);
         memcpy (data + 1, optval_, optvallen_);
-
+    }
     //  Pass it further on in the stack.
     int err = 0;
     rc = xsub_t::xsend (&msg);
diff --git a/src/xsub.cpp b/src/xsub.cpp
index 616e93bd..0a0493fc 100644
--- a/src/xsub.cpp
+++ b/src/xsub.cpp
@@ -226,14 +226,18 @@ void zmq::xsub_t::send_subscription (unsigned char *data_, size_t size_,
 {
     pipe_t *pipe = (pipe_t*) arg_;
 
-    //  Create the subsctription message.
+    //  Create the subscription message.
     msg_t msg;
     int rc = msg.init_size (size_ + 1);
     errno_assert (rc == 0);
     unsigned char *data = (unsigned char*) msg.data ();
     data [0] = 1;
-    if (size_ > 0)
+
+    //  We explicitly allow a NULL subscription with size zero
+    if (size_) {
+        assert (data_);
         memcpy (data + 1, data_, size_);
+    }
 
     //  Send it to the pipe.
     bool sent = pipe->write (&msg);
diff --git a/src/zmq.cpp b/src/zmq.cpp
index 60bb0fca..475b5d24 100644
--- a/src/zmq.cpp
+++ b/src/zmq.cpp
@@ -390,14 +390,16 @@ int zmq_send (void *s_, const void *buf_, size_t len_, int flags_)
         return -1;
     }
     zmq_msg_t msg;
-    int rc = zmq_msg_init_size (&msg, len_);
-    if (rc != 0)
+    if (zmq_msg_init_size (&msg, len_))
         return -1;
-    if (len_ > 0)
-        memcpy (zmq_msg_data (&msg), buf_, len_);
 
+    //  We explicitly allow a send from NULL, size zero
+    if (len_) {
+        assert (buf_);
+        memcpy (zmq_msg_data (&msg), buf_, len_);
+    }
     zmq::socket_base_t *s = (zmq::socket_base_t *) s_;
-    rc = s_sendmsg (s, &msg, flags_);
+    int rc = s_sendmsg (s, &msg, flags_);
     if (unlikely (rc < 0)) {
         int err = errno;
         int rc2 = zmq_msg_close (&msg);
@@ -517,12 +519,14 @@ int zmq_recv (void *s_, void *buf_, size_t len_, int flags_)
         return -1;
     }
 
-    //  At the moment an oversized message is silently truncated.
-    //  TODO: Build in a notification mechanism to report the overflows.
+    //  An oversized message is silently truncated.
     size_t to_copy = size_t (nbytes) < len_ ? size_t (nbytes) : len_;
-    if (to_copy > 0)
-        memcpy (buf_, zmq_msg_data (&msg), to_copy);
 
+    //  We explicitly allow a null buffer argument if len is zero
+    if (to_copy) {
+        assert (buf_);
+        memcpy (buf_, zmq_msg_data (&msg), to_copy);
+    }
     rc = zmq_msg_close (&msg);
     errno_assert (rc == 0);
 
diff --git a/tests/test_timers.cpp b/tests/test_timers.cpp
index 5125dbb6..f0d1becf 100644
--- a/tests/test_timers.cpp
+++ b/tests/test_timers.cpp
@@ -27,7 +27,7 @@
     along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-#include "macros.hpp"
+#include "testutil.hpp"
 
 #if defined ZMQ_HAVE_WINDOWS
 #include "windows.hpp"
@@ -50,7 +50,7 @@ void sleep_ (long timeout_)
 
 void handler (int timer_id, void* arg)
 {
-    LIBZMQ_UNUSED (timer_id);
+    (void) timer_id;               //  Stop 'unused' compiler warnings
     *((bool *)arg) = true;
 }