You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Getting error CID 239935: (#1 of 1): Out-of-bounds write (OVERRUN) , overrun-local: Overrunning array md->buf of 128 bytes at byte offset 128 using index i + md->curlen (which evaluates to 128). ' in sha512.c file while running Coverity scan tool.
Find the below code with comments(in bold) from Coverity tool.
int sha512_update (sha512_context * md, const unsigned char *in, size_t inlen)
172{
173 size_t n;
174 size_t i;
175 int err; 1. Condition md == NULL, taking false branch.
176 if (md == NULL) return 1; 2. Condition in == NULL, taking false branch.
177 if (in == NULL) return 1; 3. Condition md->curlen > 128UL / sizeof (md->buf) /, taking false branch.
4. cond_at_most: Checking md->curlen > 128UL implies that md->curlen may be up to 128 on the false branch.
178 if (md->curlen > sizeof(md->buf)) {
179 return 1;
180 } 5. Condition inlen > 0, taking true branch.
181 while (inlen > 0) { 6. Condition md->curlen == 0, taking false branch.
7. cond_between: Checking md->curlen == 0UL implies that md->curlen is between 1 and 128 (inclusive) on the false branch.
182 if (md->curlen == 0 && inlen >= 128) {
183 if ((err = sha512_compress (md, (unsigned char *)in)) != 0) {
184 return err;
185 }
186 md->length += 128 * 8;
187 in += 128;
188 inlen -= 128;
189 } else { 8. Condition inlen < 128 - md->curlen, taking true branch.
190 n = MIN(inlen, (128 - md->curlen));
191 9. assignment: Assigning: i = 0UL.
10. Condition i < n, taking true branch.
192 for (i = 0; i < n; i++) {
CID 239935: (#1 of 1): Out-of-bounds write (OVERRUN) 11. overrun-local: Overrunning array md->buf of 128 bytes at byte offset 128 using index i + md->curlen (which evaluates to 128).
193 md->buf[i + md->curlen] = in[i];
194 }
195
196
197 md->curlen += n;
198 in += n;
199 inlen -= n;
200 if (md->curlen == 128) {
201 if ((err = sha512_compress (md, md->buf)) != 0) {
202 return err;
203 }
204 md->length += 8*128;
205 md->curlen = 0;
206 }
207 }
208 }
209 return 0;
210}
211
The text was updated successfully, but these errors were encountered:
Getting error CID 239935: (#1 of 1): Out-of-bounds write (OVERRUN) , overrun-local: Overrunning array md->buf of 128 bytes at byte offset 128 using index i + md->curlen (which evaluates to 128). ' in sha512.c file while running Coverity scan tool.
Find the below code with comments(in bold) from Coverity tool.
int sha512_update (sha512_context * md, const unsigned char *in, size_t inlen)
172{
173 size_t n;
174 size_t i;
175 int err;
1. Condition md == NULL, taking false branch.
176 if (md == NULL) return 1;
2. Condition in == NULL, taking false branch.
177 if (in == NULL) return 1;
3. Condition md->curlen > 128UL / sizeof (md->buf) /, taking false branch.
4. cond_at_most: Checking md->curlen > 128UL implies that md->curlen may be up to 128 on the false branch.
178 if (md->curlen > sizeof(md->buf)) {
179 return 1;
180 }
5. Condition inlen > 0, taking true branch.
181 while (inlen > 0) {
6. Condition md->curlen == 0, taking false branch.
7. cond_between: Checking md->curlen == 0UL implies that md->curlen is between 1 and 128 (inclusive) on the false branch.
182 if (md->curlen == 0 && inlen >= 128) {
183 if ((err = sha512_compress (md, (unsigned char *)in)) != 0) {
184 return err;
185 }
186 md->length += 128 * 8;
187 in += 128;
188 inlen -= 128;
189 } else {
8. Condition inlen < 128 - md->curlen, taking true branch.
190 n = MIN(inlen, (128 - md->curlen));
191
9. assignment: Assigning: i = 0UL.
10. Condition i < n, taking true branch.
192 for (i = 0; i < n; i++) {
CID 239935: (#1 of 1): Out-of-bounds write (OVERRUN)
11. overrun-local: Overrunning array md->buf of 128 bytes at byte offset 128 using index i + md->curlen (which evaluates to 128).
193 md->buf[i + md->curlen] = in[i];
194 }
195
196
197 md->curlen += n;
198 in += n;
199 inlen -= n;
200 if (md->curlen == 128) {
201 if ((err = sha512_compress (md, md->buf)) != 0) {
202 return err;
203 }
204 md->length += 8*128;
205 md->curlen = 0;
206 }
207 }
208 }
209 return 0;
210}
211
The text was updated successfully, but these errors were encountered: