From 07fe0b297bc7b9c4e344eedd8244a73edda95c77 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun, 17 May 2026 22:49:44 -0700
Subject: [PATCH] Fix undefined behavior in maybe_resize_hash_table

Problem discovered with GCC 16.1.1 -fsanitize=undefined.
* src/fns.c (maybe_resize_hash_table): Avoid undefined
behavior when h->key_and_value or h->hash are null pointers,
in which case we call memcpy (destination, NULL, 0)
which has undefined behavior in C89 through C23.
---
 src/fns.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/fns.c b/src/fns.c
index 1158f100ea0..a2312ffa1b9 100644
--- a/src/fns.c
+++ b/src/fns.c
@@ -4975,13 +4975,15 @@ maybe_resize_hash_table (struct Lisp_Hash_Table *h)
 
       Lisp_Object *key_and_value
 	= hash_table_alloc_bytes (2 * new_size * sizeof *key_and_value);
-      memcpy (key_and_value, h->key_and_value,
-	      2 * old_size * sizeof *key_and_value);
+      if (old_size)
+	memcpy (key_and_value, h->key_and_value,
+		2 * old_size * sizeof *key_and_value);
       for (ptrdiff_t i = 2 * old_size; i < 2 * new_size; i++)
         key_and_value[i] = HASH_UNUSED_ENTRY_KEY;
 
       hash_hash_t *hash = hash_table_alloc_bytes (new_size * sizeof *hash);
-      memcpy (hash, h->hash, old_size * sizeof *hash);
+      if (old_size)
+	memcpy (hash, h->hash, old_size * sizeof *hash);
 
       ptrdiff_t old_index_size = hash_table_index_size (h);
       ptrdiff_t index_bits = compute_hash_index_bits (new_size);