From: Weizhi Ao <2362422778@qq.com>
Date: Thu, 11 Dec 2025 13:06:23 +0000 (+0800)
Subject: Fix silent failure in ASYNC_start_job when size is 0
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5cbbced70dd7dd37b6b11dc6e5b7ca78d4d2e436;p=thirdparty%2Fopenssl.git

Fix silent failure in ASYNC_start_job when size is 0

When ASYNC_start_job is called with args != NULL but size == 0,
OPENSSL_malloc(0) is called. Depending on the libc implementation,
malloc(0) may return NULL, causing a silent failure.

This patch modifies the logic to skip allocation if size is 0.

CLA: trivial

Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29377)
---

diff --git a/crypto/async/async.c b/crypto/async/async.c
index ff55ef77bac..45853903428 100644
--- a/crypto/async/async.c
+++ b/crypto/async/async.c
@@ -255,7 +255,8 @@ int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret,
         if ((ctx->currjob = async_get_pool_job()) == NULL)
             return ASYNC_NO_JOBS;
 
-        if (args != NULL) {
+        /* Check for size > 0 to avoid malloc(0) */
+        if (args != NULL && size > 0) {
             ctx->currjob->funcargs = OPENSSL_malloc(size);
             if (ctx->currjob->funcargs == NULL) {
                 async_release_job(ctx->currjob);