On Tue, Mar 16, 2021, 4:48 AM Nick Clifton via Gcc-patches <
gcc-patches@gcc.gnu.org> wrote:
> Hi Ian,
>
> One of the static analyzers we use is throwing up an error report for
> one of the libiberty source files:
>
> Error: BUFFER_SIZE (CWE-474):
> libiberty/sha1.c:261: overlapping_buffer: The source buffer
> "&ctx->buffer[16]" potentially overlaps with the destination buffer
> "ctx->buffer", which results in undefined behavior for "memcpy".
> libiberty/sha1.c:261: remediation: Use memmove instead of "memcpy".
> # 259| sha1_process_block (ctx->buffer, 64, ctx);
> # 260| left_over -= 64;
> # 261|-> memcpy (ctx->buffer, &ctx->buffer[16], left_over);
> # 262| }
> # 263| ctx->buflen = left_over;
>
> Looking at the source code I am not sure if the problem can actually
> be triggered in reality, but there seems to be no harm in being
> cautious, so I would like to ask for permission to apply the following
> patch:
>
> diff --git a/libiberty/sha1.c b/libiberty/sha1.c
> index e3d7f86e351..7d15d48d11d 100644
> --- a/libiberty/sha1.c
> +++ b/libiberty/sha1.c
> @@ -258,7 +258,7 @@ sha1_process_bytes (const void *buffer, size_t len,
> struct sha1_ctx *ctx)
> {
> sha1_process_block (ctx->buffer, 64, ctx);
> left_over -= 64;
> - memcpy (ctx->buffer, &ctx->buffer[16], left_over);
> + memmove (ctx->buffer, &ctx->buffer[16], left_over);
> }
> ctx->buflen = left_over;
> }
That is ok.
Thanks.
Ian
>
>
