[gnutls-devel] libtasn1 | coding.c: fix undefined behavior with pointer arithmetics (!63)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sat May 9 18:52:54 CEST 2020




Alexander Us commented:


These look related to my change. I changed check for NULL to account for passed size. Clang-analyzer started to assume that condition before memcpy/memmove can be true if `der == NULL && max_len <= 0`:

```
if ((len_len + str_len) <= max_len)
  memcpy (der + len_len, str, str_len);
```

>From the code, len_len will always be greater than zero, however, it is hard to tell that str_len will be non-negative. I added explicit check for NULL in two suspicious places.

```
if (der && (len_len + str_len) <= max_len)
  memcpy (der + len_len, str, str_len);
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/63#note_339470214
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200509/6e28d7d6/attachment.html>


More information about the Gnutls-devel mailing list