libibverbs: Skip zero-length memcpy in fill_attr_in()

fill_attr_in() unconditionally calls memcpy() when len <= sizeof(u64),
even if len is zero. In commit d9af497 ("verbs: Add ibv_cmd_alloc/free
commands for DMA handle"), the call

	fill_attr_in_enum(cmdb, UVERBS_ATTR_ALLOC_DMAH_TPH_MEM_TYPE,
			  attr->tph_mem_type, NULL, 0);

started passing a NULL data pointer together with len == 0, which leads
to memcpy() being invoked with a NULL source address. While nothing is
actually copied, some compilers and sanitizers treat this as undefined
behavior and emit errors.

Avoid this by skipping memcpy() when len is zero. Zero-length attributes
have no payload, so this does not change behaviour.

fill_attr_in() was originally introduced in commit c344635 ("verbs: Add
basic infrastructure support for the kabi ioctl").

Fixes: d9af497 ("verbs: Add ibv_cmd_alloc/free commands for DMA handle")
Signed-off-by: Yijing Zeng <zengyijing19900106@gmail.com>

Author: zengyijing

libibverbs/cmd_ioctl.h

@@ -280,10 +280,12 @@ fill_attr_in(struct ibv_command_buffer *cmd, uint16_t attr_id, const void *data,
 		cmd->buffer_error = 1;
 
 	attr->len = len;
-	if (len <= sizeof(uint64_t))
-		memcpy(&attr->data, data, len);
-	else
+	if (len <= sizeof(uint64_t)) {
+		if (len > 0)
+			memcpy(&attr->data, data, len);
+	} else {
 		attr->data = ioctl_ptr_to_u64(data);
+	}
 
 	return attr;
 }