From 03396ce2b13d6629de3597888e32ff3fe59af45b Mon Sep 17 00:00:00 2001
From: henrylhtsang <henrylhtsang@meta.com>
Date: Mon, 19 Jan 2026 13:05:01 -0800
Subject: [PATCH 1/2] fix(string): avoid undefined behavior when memcpy source
 is null

Add size check before calling std::memcpy to avoid undefined behavior
when the source pointer is null with size 0. The C standard states that
passing null to memcpy is undefined behavior even with size 0.

Fixes UBSan warning: null pointer passed as argument 2, which is
declared to never be null.
---
 include/tvm/ffi/string.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/include/tvm/ffi/string.h b/include/tvm/ffi/string.h
index 9c1057a9..b2188452 100644
--- a/include/tvm/ffi/string.h
+++ b/include/tvm/ffi/string.h
@@ -754,7 +754,9 @@ class String {
   }
   void InitData(const char* data, size_t size) {
     char* dest_data = InitSpaceForSize(size);
-    std::memcpy(dest_data, data, size);
+    if (size > 0) {
+      std::memcpy(dest_data, data, size);
+    }
     dest_data[size] = '\0';
   }
   /*!

From 2550deb0e4d915f2c0ef99def1d3ab600d4ee48c Mon Sep 17 00:00:00 2001
From: henrylhtsang <henrylhtsang@meta.com>
Date: Mon, 19 Jan 2026 13:05:42 -0800
Subject: [PATCH 2/2] fix(object): use offsetof instead of null pointer
 arithmetic

Replace null pointer member access with the standard offsetof macro
from <cstddef> to compute object offset. This avoids undefined behavior
caught by UBSan (member access within null pointer).

The offsetof macro is portable across GCC, Clang, and MSVC:
- GCC/Clang: internally uses __builtin_offsetof
- MSVC: uses its own internal mechanism

Fixes UBSan warning: member access within null pointer of type 'Object'.
---
 include/tvm/ffi/object.h | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/include/tvm/ffi/object.h b/include/tvm/ffi/object.h
index 1f0fe4c1..28fd401d 100644
--- a/include/tvm/ffi/object.h
+++ b/include/tvm/ffi/object.h
@@ -26,6 +26,7 @@
 #include <tvm/ffi/base_details.h>
 #include <tvm/ffi/c_api.h>
 
+#include <cstddef>
 #include <optional>
 #include <string>
 #include <type_traits>
@@ -1094,8 +1095,8 @@ struct ObjectUnsafe {
 
   template <typename Class>
   TVM_FFI_INLINE static int64_t GetObjectOffsetToSubclass() {
-    return (reinterpret_cast<int64_t>(&(static_cast<Class*>(nullptr)->header_)) -
-            reinterpret_cast<int64_t>(&(static_cast<Object*>(nullptr)->header_)));
+    return static_cast<int64_t>(offsetof(Class, header_)) -
+           static_cast<int64_t>(offsetof(Object, header_));
   }
 
   template <typename T>