From: Ingo Franzki Date: Wed, 28 May 2025 06:55:49 +0000 (+0200) Subject: Silence -Wstringop-overflow warnings with gcc 14 on s390x X-Git-Tag: openssl-3.5.1~35 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=078a6dd3c14c77445123be538bb7ba1eb239a5a4;p=thirdparty%2Fopenssl.git Silence -Wstringop-overflow warnings with gcc 14 on s390x Compiling OpenSSL on s390x with gcc 14 (i.e. in Fedora 41) shows several -Wstringop-overflow warnings in providers/implementations/rands/drbg_ctr.c and test/params_api_test.c. Add explicit length checks to let the compiler know that it won't overrun the buffer. This also silences the warnings. Signed-off-by: Ingo Franzki Reviewed-by: Neil Horman Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/27710) (cherry picked from commit 9a788281d91f698d6a229d588b9cb36987549669) --- diff --git a/providers/implementations/rands/drbg_ctr.c b/providers/implementations/rands/drbg_ctr.c index b906da09918..a5c929a2cad 100644 --- a/providers/implementations/rands/drbg_ctr.c +++ b/providers/implementations/rands/drbg_ctr.c @@ -23,6 +23,7 @@ #include "crypto/evp.h" #include "crypto/evp/evp_local.h" #include "internal/provider.h" +#include "internal/common.h" static OSSL_FUNC_rand_newctx_fn drbg_ctr_new_wrapper; static OSSL_FUNC_rand_freectx_fn drbg_ctr_free; @@ -85,6 +86,8 @@ static void ctr_XOR(PROV_DRBG_CTR *ctr, const unsigned char *in, size_t inlen) * are XORing. So just process however much input we have. */ n = inlen < ctr->keylen ? inlen : ctr->keylen; + if (!ossl_assert(n <= sizeof(ctr->K))) + return; for (i = 0; i < n; i++) ctr->K[i] ^= in[i]; if (inlen <= ctr->keylen) diff --git a/test/params_api_test.c b/test/params_api_test.c index 715c2718bb3..84ccbf5a149 100644 --- a/test/params_api_test.c +++ b/test/params_api_test.c @@ -44,6 +44,8 @@ static void le_copy(unsigned char *out, size_t outlen, } else { if (outlen < inlen) in = (const char *)in + inlen - outlen; + if (!ossl_assert(outlen <= inlen)) + return; swap_copy(out, in, outlen); } }