[PATCH] Avoid undefined behavior for hashes using XOF

Ian Goldberg ian at cypherpunks.ca
Thu Mar 24 18:16:17 CET 2016

On Thu, Mar 24, 2016 at 03:34:17PM +0100, Werner Koch wrote:
> On Thu, 24 Mar 2016 13:01, peter at lekensteyn.nl said:
> > I think that md_digest_length() is still more suitable here, the message
> > is not "avoid memcpy on a NULL source", but "avoid a memcpy if there is
> > nothing to copy". The former might hide hypothetical errors where the
> The memcpy specs in C99 say
>        [#2] The memcpy function copies n characters from the object
>        pointed  to  by  s2  into  the  object pointed to by s1.  If
>        copying  takes  place  between  objects  that  overlap,  the
>        behavior is undefined.
> Thus it doesn't mention a NULL pointer.  However, a NULL pointer might
> be assumed to trigger the overlapped case and than it would be UB.

The triggering clause in the spec is actually a couple of paragraphs
earlier, in 7.21.1[2]:

    Where an argument declared as size_t n specifies the length of the
    array for a function, n can have the value zero on a call to that
    function. Unless explicitly stated otherwise in the description of a
    particular function in this subclause, pointer arguments on such a
    call shall still have valid values, as described in 7.1.4.

That is, NULL (an "invalid value", according to 7.1.4) cannot be passed
to memcopy, memmove, etc., *even if* the number of bytes to be copied is
0.  This has always seemed ridiculous to me, but there it is.

   - Ian

More information about the Gcrypt-devel mailing list