From: Kurt Roeckx <kurt@roeckx.be>
Date: Thu, 26 May 2016 16:40:32 +0000 (+0200)
Subject: Avoid calling memcpy with lenght of 0
X-Git-Tag: OpenSSL_1_1_0-pre6~673
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=369e93398b68b8a328e6c1d766222b2d281ef016;p=oweals%2Fopenssl.git

Avoid calling memcpy with lenght of 0

We can call memcpy() with a pointer 1 past the last allocated byte and length
of 0 and you can argue that that's undefined behaviour.

Reported by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1132
---

diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
index 2f0d8f8c2d..33be907f9d 100644
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -66,10 +66,11 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 
     *(p++) = (unsigned char)bits;
     d = a->data;
-    memcpy(p, d, len);
-    p += len;
-    if (len > 0)
+    if (len > 0) {
+        memcpy(p, d, len);
+        p += len;
         p[-1] &= (0xff << bits);
+    }
     *pp = p;
     return (ret);
 }