From 644478e8db56f305601c3628a74e53de048b28c8 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 31 Aug 2016 10:11:07 +0200 Subject: try not to call memcpy with length 0 in hash calculations memcpy is marked as nonnull for its input, but ignores the input anyhow if the declared length is zero. Our SHA2 implementations do this as well, it was "just" MD5 and SHA1 missing, so we add the length check here as well as along the callstack as it is really pointless to do all these method calls for "nothing". Reported-By: gcc -fsanitize=undefined --- apt-pkg/contrib/md5.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'apt-pkg/contrib/md5.h') diff --git a/apt-pkg/contrib/md5.h b/apt-pkg/contrib/md5.h index a16ea4d2d..a286f092a 100644 --- a/apt-pkg/contrib/md5.h +++ b/apt-pkg/contrib/md5.h @@ -48,7 +48,7 @@ class MD5Summation : public SummationImplementation public: - bool Add(const unsigned char *inbuf, unsigned long long inlen) APT_OVERRIDE; + bool Add(const unsigned char *inbuf, unsigned long long inlen) APT_OVERRIDE APT_NONNULL(2); using SummationImplementation::Add; MD5SumValue Result(); -- cgit v1.2.3-70-g09d2