ofpbuf: Prevent undefined behavior in ofpbuf_clone.

The new_buffer data pointer is NULL when the size of the cloned
buffer is 0. This is fine as there is no need to allocate space.
However, the cloned buffer header/msg might be the same pointer
as data. This causes undefined behavior by adding 0 to NULL pointer.
Check if the data buffer is not NULL before attempting to apply the
header/msg offset.

This was caught by OVN system test:

lib/ofpbuf.c:203:56: runtime error: applying zero offset to null pointer
  0 0xa012fc in ofpbuf_clone_with_headroom /ovs/lib/ofpbuf.c:203:56
  1 0x635fd4 in put_remote_port_redirect_overlay /controller/physical.c:397:40
  2 0x635fd4 in consider_port_binding /controller/physical.c:1951:9
  3 0x62e046 in physical_run /controller/physical.c:2447:9
  4 0x601d98 in en_pflow_output_run /controller/ovn-controller.c:4690:5
  5 0x707769 in engine_recompute /lib/inc-proc-eng.c:415:5
  6 0x7060eb in engine_compute /lib/inc-proc-eng.c:454:17
  7 0x7060eb in engine_run_node /lib/inc-proc-eng.c:503:14
  8 0x7060eb in engine_run /lib/inc-proc-eng.c:528:9
  9 0x5f9f26 in main /controller/ovn-controller.c

Signed-off-by: Ales Musil <[email protected]>
Signed-off-by: Ilya Maximets <[email protected]>

lib/ofpbuf.c

@@ -197,12 +197,12 @@ ofpbuf_clone_with_headroom(const struct ofpbuf *b, size_t headroom)
     struct ofpbuf *new_buffer;
 
     new_buffer = ofpbuf_clone_data_with_headroom(b->data, b->size, headroom);
-    if (b->header) {
+    if (new_buffer->data && b->header) {
         ptrdiff_t header_offset = (char *) b->header - (char *) b->data;
 
         new_buffer->header = (char *) new_buffer->data + header_offset;
     }
-    if (b->msg) {
+    if (new_buffer->data && b->msg) {
         ptrdiff_t msg_offset = (char *) b->msg - (char *) b->data;
 
         new_buffer->msg = (char *) new_buffer->data + msg_offset;