From 09acd025b533ca21020e81b8560c0e2770956d72 Mon Sep 17 00:00:00 2001 From: Christopher Wellons Date: Wed, 11 Feb 2026 21:47:40 -0500 Subject: [PATCH 1/2] Do not pass null pointers to memmove Passing null pointers to memmove() is undefined before C2y, even for a zero count. --- src/tokenizer.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/tokenizer.c b/src/tokenizer.c index b1df34f..10c57a6 100644 --- a/src/tokenizer.c +++ b/src/tokenizer.c @@ -96,7 +96,9 @@ static size_t _refill_tokenizer(kdl_tokenizer* self) self->document.len = 0; } // Move whatever data is left unparsed to the top of the buffer - memmove(self->buffer, self->document.data, self->document.len); + if (self->document.len > 0) { + memmove(self->buffer, self->document.data, self->document.len); + } self->document.data = self->buffer; size_t len_available = self->buffer_size - self->document.len; if (len_available < MIN_BUFFER_SIZE) { From 9c3fa4136c20d9e1e04940897794c0df93d3738c Mon Sep 17 00:00:00 2001 From: Christopher Wellons Date: Wed, 11 Feb 2026 22:04:57 -0500 Subject: [PATCH 2/2] Do not cast floating point infinity to int Casting an out-of-range float to an integer is undefined. In practice it casts to INT_MIN, which then overflowed the abs() in the condition. --- src/emitter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/emitter.c b/src/emitter.c index 7b11fdc..fed51a2 100644 --- a/src/emitter.c +++ b/src/emitter.c @@ -101,7 +101,7 @@ static kdl_owned_string _float_to_string(double f, kdl_float_printing_options co bool negative = f < 0.0; f = fabs(f); - int exponent = (int)floor(log10(f)); + int exponent = f != 0.0 ? (int)floor(log10(f)) : 0; double exp_factor = 1.0; if (abs(exponent) < opts->min_exponent) { // don't use scientific notation