On 8/17/21 9:14 AM, Nigel Croxon wrote: > To meet requirements of Common Criteria certification vulnerablility > assessment. Static code analysis has been run and found the following > error. Overlapping_buffer: The source buffer potentially overlaps > with the destination buffer, which results in undefined > behavior for "memcpy". > > The change is to use memmove instead of memcpy. > > Signed-off-by: Nigel Croxon <ncroxon@xxxxxxxxxx> > --- > sha1.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/sha1.c b/sha1.c > index 11be7045..89b32f46 100644 > --- a/sha1.c > +++ b/sha1.c > @@ -258,7 +258,7 @@ sha1_process_bytes (const void *buffer, size_t len, struct sha1_ctx *ctx) > { > sha1_process_block (ctx->buffer, 64, ctx); > left_over -= 64; > - memcpy (ctx->buffer, &ctx->buffer[16], left_over); > + memmove (ctx->buffer, &ctx->buffer[16], left_over); > } > ctx->buflen = left_over; > } > Applied! Thanks, Jes