Avoid creating an illegal pointer.

Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1230

diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
index 9c28c02951f855b99b9b6379fefbe0ed34c9eb09..43174f7165270cd82a105a075d9711542205eb3b 100644 (file)
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -115,21 +115,21 @@ static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg,
         memcpy(p, b, blen);
     else {
         /* Begin at the end of the encoding */
-        n = b + blen - 1;
-        p += blen - 1;
+        n = b + blen;
+        p += blen;
         i = blen;
         /* Copy zeros to destination as long as source is zero */
-        while (!*n && i > 1) {
-            *(p--) = 0;
+        while (!n[-1] && i > 1) {
+            *(--p) = 0;
             n--;
             i--;
         }
         /* Complement and increment next octet */
-        *(p--) = ((*(n--)) ^ 0xff) + 1;
+        *(--p) = ((*(--n)) ^ 0xff) + 1;
         i--;
         /* Complement any octets left */
         for (; i > 0; i--)
-            *(p--) = *(n--) ^ 0xff;
+            *(--p) = *(--n) ^ 0xff;
     }
 
     *pp += ret;