diff --git a/CHANGES b/CHANGES
index bdb6dc8143..18d3f2e926 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+4869.	[bug]		Address some cases where NULL with zero length could
+			be passed to memmove which is undefined behaviour and
+			can lead to bad optimisation. [RT #46888]
+
 4867.	[cleanup]	Normalize rndc on/off commands (validation and
 			querylog) so they accept the same synonyms
 			for on/off (yes/no, true/false, enable/disable).
diff --git a/lib/dns/diff.c b/lib/dns/diff.c
index c4fa4e4cc2..b0f2eade80 100644
--- a/lib/dns/diff.c
+++ b/lib/dns/diff.c
@@ -89,11 +89,16 @@ dns_difftuple_create(isc_mem_t *mctx,
 
 	t->ttl = ttl;
 
-	memmove(datap, rdata->data, rdata->length);
 	dns_rdata_init(&t->rdata);
 	dns_rdata_clone(rdata, &t->rdata);
-	t->rdata.data = datap;
-	datap += rdata->length;
+	if (rdata->data != NULL) {
+		memmove(datap, rdata->data, rdata->length);
+		t->rdata.data = datap;
+		datap += rdata->length;
+	} else {
+		t->rdata.data = NULL;
+		INSIST(rdata->length == 0);
+	}
 
 	ISC_LINK_INIT(&t->rdata, link);
 	ISC_LINK_INIT(t, link);