From c4742b89b23d58958ee0d5ca324dac5948c94bf6 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 30 Jul 2020 14:24:25 -0400
Subject: Fix a bug in buf_move_all() when the input buffer is empty.

We found this in #40076, after we started using buf_move_all() in
more places.  Fixes bug #40076; bugfix on 0.3.3.1-alpha.  As far as
I know, the crash only affects master, but I think this warrants a
backport, "just in case".
---
 src/lib/container/buffers.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/lib')

diff --git a/src/lib/container/buffers.c b/src/lib/container/buffers.c
index 67887f2f30..fe4cf7c385 100644
--- a/src/lib/container/buffers.c
+++ b/src/lib/container/buffers.c
@@ -689,6 +689,8 @@ buf_move_all(buf_t *buf_out, buf_t *buf_in)
   tor_assert(buf_out);
   if (!buf_in)
     return;
+  if (buf_datalen(buf_in) == 0)
+    return;
   if (BUG(buf_out->datalen >= INT_MAX || buf_in->datalen >= INT_MAX))
     return;
   if (BUG(buf_out->datalen >= INT_MAX - buf_in->datalen))
-- 
cgit v1.2.3-54-g00ecf