try not to call memcpy with length 0 in hash calculations

memcpy is marked as nonnull for its input, but ignores the input anyhow
if the declared length is zero. Our SHA2 implementations do this as
well, it was "just" MD5 and SHA1 missing, so we add the length check
here as well as along the callstack as it is really pointless to do all
these method calls for "nothing".

Reported-By: gcc -fsanitize=undefined
(cherry picked from commit 644478e8db56f305601c3628a74e53de048b28c8)

1 files changed, 3 insertions, 3 deletions

diff --git a/apt-pkg/contrib/sha2.h b/apt-pkg/contrib/sha2.h
index 8b4bdd439..164840d3b 100644
--- a/apt-pkg/contrib/sha2.h
+++ b/apt-pkg/contrib/sha2.h
@@ -34,7 +34,7 @@ class SHA2SummationBase : public SummationImplementation
  protected:
    bool Done;
  public:
-   bool Add(const unsigned char *inbuf, unsigned long long len) APT_OVERRIDE = 0;
+   bool Add(const unsigned char *inbuf, unsigned long long len) APT_OVERRIDE APT_NONNULL(2) = 0;
 
    void Result();
 };
@@ -45,7 +45,7 @@ class SHA256Summation : public SHA2SummationBase
    unsigned char Sum[32];
 
    public:
-   bool Add(const unsigned char *inbuf, unsigned long long len) APT_OVERRIDE
+   bool Add(const unsigned char *inbuf, unsigned long long len) APT_OVERRIDE APT_NONNULL(2)
    {
       if (Done) 
          return false;
@@ -78,7 +78,7 @@ class SHA512Summation : public SHA2SummationBase
    unsigned char Sum[64];
 
    public:
-   bool Add(const unsigned char *inbuf, unsigned long long len) APT_OVERRIDE
+   bool Add(const unsigned char *inbuf, unsigned long long len) APT_OVERRIDE APT_NONNULL(2)
    {
       if (Done) 
          return false;