From 644478e8db56f305601c3628a74e53de048b28c8 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 31 Aug 2016 10:11:07 +0200 Subject: try not to call memcpy with length 0 in hash calculations memcpy is marked as nonnull for its input, but ignores the input anyhow if the declared length is zero. Our SHA2 implementations do this as well, it was "just" MD5 and SHA1 missing, so we add the length check here as well as along the callstack as it is really pointless to do all these method calls for "nothing". Reported-By: gcc -fsanitize=undefined --- apt-pkg/contrib/hashes.cc | 2 ++ 1 file changed, 2 insertions(+) (limited to 'apt-pkg/contrib/hashes.cc') diff --git a/apt-pkg/contrib/hashes.cc b/apt-pkg/contrib/hashes.cc index 755ad2035..662c2bf8b 100644 --- a/apt-pkg/contrib/hashes.cc +++ b/apt-pkg/contrib/hashes.cc @@ -312,6 +312,8 @@ public: // Hashes::Add* - Add the contents of data or FD /*{{{*/ bool Hashes::Add(const unsigned char * const Data, unsigned long long const Size) { + if (Size == 0) + return true; bool Res = true; APT_IGNORE_DEPRECATED_PUSH if ((d->CalcHashes & MD5SUM) == MD5SUM) -- cgit v1.2.3