Hi Ian,
One of the static analyzers we use is throwing up an error report for
one of the libiberty source files:
Error: BUFFER_SIZE (CWE-474):
libiberty/sha1.c:261: overlapping_buffer: The source buffer "&ctx->buffer[16]"
potentially overlaps with the destination buffer "ctx->buffer", which results
in undefined behavior for "memcpy".
libiberty/sha1.c:261: remediation: Use memmove instead of "memcpy".
# 259| sha1_process_block (ctx->buffer, 64, ctx);
# 260| left_over -= 64;
# 261|-> memcpy (ctx->buffer, &ctx->buffer[16], left_over);
# 262| }
# 263| ctx->buflen = left_over;
Looking at the source code I am not sure if the problem can actually
be triggered in reality, but there seems to be no harm in being
cautious, so I would like to ask for permission to apply the following
patch:
diff --git a/libiberty/sha1.c b/libiberty/sha1.c
index e3d7f86e351..7d15d48d11d 100644
--- a/libiberty/sha1.c
+++ b/libiberty/sha1.c
@@ -258,7 +258,7 @@ sha1_process_bytes (const void *buffer, size_t len, struct
sha1_ctx *ctx)
{
sha1_process_block (ctx->buffer, 64, ctx);
left_over -= 64;
- memcpy (ctx->buffer, &ctx->buffer[16], left_over);
+ memmove (ctx->buffer, &ctx->buffer[16], left_over);
}
ctx->buflen = left_over;
}
Cheers
Nick
