[gnutls-devel] libtasn1 | coding.c: fix undefined behavior with pointer arithmetics (!63)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Sat May 9 18:52:54 CEST 2020
Alexander Us commented:
These look related to my change. I changed check for NULL to account for passed size. Clang-analyzer started to assume that condition before memcpy/memmove can be true if `der == NULL && max_len <= 0`:
```
if ((len_len + str_len) <= max_len)
memcpy (der + len_len, str, str_len);
```
>From the code, len_len will always be greater than zero, however, it is hard to tell that str_len will be non-negative. I added explicit check for NULL in two suspicious places.
```
if (der && (len_len + str_len) <= max_len)
memcpy (der + len_len, str, str_len);
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/63#note_339470214
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200509/6e28d7d6/attachment.html>
More information about the Gnutls-devel
mailing list