On Tue, 17 Aug 2021, Nigel Croxon wrote:
> To meet requirements of Common Criteria certification vulnerablility
> assessment. Static code analysis has been run and found the following
> error. Overlapping_buffer: The source buffer potentially overlaps
> with the destination buffer, which results in undefined
> behavior for "memcpy".
>
> The change is to use memmove instead of memcpy.
>
> Signed-off-by: Nigel Croxon <ncroxon@xxxxxxxxxx>
Reviewed-by: NeilBrown <neilb@xxxxxxx>
Thanks,
NeilBrown
> ---
> sha1.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/sha1.c b/sha1.c
> index 11be7045..89b32f46 100644
> --- a/sha1.c
> +++ b/sha1.c
> @@ -258,7 +258,7 @@ sha1_process_bytes (const void *buffer, size_t len, struct sha1_ctx *ctx)
> {
> sha1_process_block (ctx->buffer, 64, ctx);
> left_over -= 64;
> - memcpy (ctx->buffer, &ctx->buffer[16], left_over);
> + memmove (ctx->buffer, &ctx->buffer[16], left_over);
> }
> ctx->buflen = left_over;
> }
> --
> 2.29.2
>
>
