Hello,
I'm now using the OpenSSL source in my project, but the source analyzer
found a potential bug in mem.c:CRYPTO_realloc_clean. It said that
thememcpyshould check if the variableold_len > num to ensure that the new
memory space is bigger than the old.
I think this function is coded by contract that the caller must ensure the
new length is larger than the old length when he call therealloc.This reason is
not stable because it is just guessed with my experience.There is no document
about this function.
Would someone give me some proof whether there is a bug in this function ?
