libibverbs: Avoid memcpy from NULL in fill_attr_in()

fill_attr_in() unconditionally calls memcpy() when len <= sizeof(u64),
regardless of whether the data pointer is NULL. In commit d9af497
("verbs: Add ibv_cmd_alloc/free commands for DMA handle"), the call

	fill_attr_in_enum(cmdb, UVERBS_ATTR_ALLOC_DMAH_TPH_MEM_TYPE,
			  attr->tph_mem_type, NULL, 0);

started passing a NULL data pointer together with len == 0, which leads
to memcpy() being invoked with a NULL source address. While nothing is
actually copied, some compilers and sanitizers treat this as undefined
behavior and emit errors.

Fix this by only inlining small attributes when len <= sizeof(u64) and
the data pointer is non-NULL. In all other cases, including zero-length
attributes with a NULL data pointer, the pointer is stored via
ioctl_ptr_to_u64() instead. This preserves the existing behavior for
valid callers while avoiding memcpy() from NULL.

fill_attr_in() was originally introduced in commit c344635 ("verbs:
Add basic infrastructure support for the kabi ioctl").

Fixes: d9af497 ("verbs: Add ibv_cmd_alloc/free commands for DMA handle")
Signed-off-by: Yijing Zeng <zengyijing19900106@gmail.com>

Author: zengyijing

libibverbs/cmd_ioctl.h

@@ -280,10 +280,11 @@ fill_attr_in(struct ibv_command_buffer *cmd, uint16_t attr_id, const void *data,
 		cmd->buffer_error = 1;
 
 	attr->len = len;
-	if (len <= sizeof(uint64_t))
+	if (len <= sizeof(uint64_t) && data) {
 		memcpy(&attr->data, data, len);
-	else
+	} else {
 		attr->data = ioctl_ptr_to_u64(data);
+	}
 
 	return attr;
 }