On Tue, 6 Jan 2026 at 16:14, Heiko Schocher <[email protected]> wrote: > > Coverity scan reported: > > CID 449815: Memory - illegal accesses (OVERRUN) > Overrunning array of 64 bytes at byte offset 64 by dereferencing pointer > "sctx->buffer + partial". [Note: The source code implementation of the > function has been overridden by a builtin model.] > > In line: 252 > memset(sctx->buffer + partial, 0, SM3_BLOCK_SIZE - partial); > > The respective line should be: > > memset(sctx->buffer + partial, 0, SM3_BLOCK_SIZE - partial - 1); > > as partial gets incremented by one before. > > Signed-off-by: Heiko Schocher <[email protected]> > ---
Acked-by: Ilias Apalodimas <[email protected]> > > lib/sm3.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/sm3.c b/lib/sm3.c > index 2a4e825481d..05880099703 100644 > --- a/lib/sm3.c > +++ b/lib/sm3.c > @@ -249,7 +249,7 @@ void sm3_final(struct sm3_context *sctx, uint8_t > output[SM3_DIGEST_SIZE]) > > sctx->buffer[partial++] = 0x80; > if (partial > bit_offset) { > - memset(sctx->buffer + partial, 0, SM3_BLOCK_SIZE - partial); > + memset(sctx->buffer + partial, 0, SM3_BLOCK_SIZE - partial - > 1); > partial = 0; > > sm3_block(sctx, sctx->buffer, 1, W); > -- > 2.20.1 >
