diff options
author | Demi Marie Obenour <demi@invisiblethingslab.com> | 2021-06-17 14:11:54 -0400 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2021-06-21 11:47:19 +0300 |
commit | 072588ca7908ef894be4161066c9384edaadd748 (patch) | |
tree | 8fc52f9fbbfac58c5e7b090c9d67e379133db37f /rpmio/rpmpgp.c | |
parent | a44f02631adce0c17435d007df847cdcaee816a7 (diff) | |
download | rpm-072588ca7908ef894be4161066c9384edaadd748.tar.gz |
Reduce undefined pointer arithmetic
This is mostly for the benefit of fuzzers and other automated tools, and
for compilers other than GCC. On modern versions of GCC with
-fno-strict-overflow, this is harmless.
Diffstat (limited to 'rpmio/rpmpgp.c')
-rw-r--r-- | rpmio/rpmpgp.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c index 6b5d307e7..7fac8ec19 100644 --- a/rpmio/rpmpgp.c +++ b/rpmio/rpmpgp.c @@ -552,9 +552,9 @@ static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype, int i; pgpDigAlg sigalg = pgpSignatureNew(pubkey_algo); - for (i = 0; i < sigalg->mpis && p + 2 <= pend; i++) { + for (i = 0; i < sigalg->mpis && pend - p >= 2; i++) { int mpil = pgpMpiLen(p); - if (p + mpil > pend) + if (pend - p < mpil) break; if (sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT) { if (sigalg->setmpi(sigalg, i, p)) |