[PATCH v1 1/2] lib: sm3: fix coverity error
Ilias Apalodimas
ilias.apalodimas at linaro.org
Thu Jan 15 08:24:29 CET 2026
On Tue, 6 Jan 2026 at 16:14, Heiko Schocher <hs at nabladev.com> wrote:
>
> Coverity scan reported:
>
> CID 449815: Memory - illegal accesses (OVERRUN)
> Overrunning array of 64 bytes at byte offset 64 by dereferencing pointer
> "sctx->buffer + partial". [Note: The source code implementation of the
> function has been overridden by a builtin model.]
>
> In line: 252
> memset(sctx->buffer + partial, 0, SM3_BLOCK_SIZE - partial);
>
> The respective line should be:
>
> memset(sctx->buffer + partial, 0, SM3_BLOCK_SIZE - partial - 1);
>
> as partial gets incremented by one before.
>
> Signed-off-by: Heiko Schocher <hs at nabladev.com>
> ---
Acked-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
>
> lib/sm3.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/sm3.c b/lib/sm3.c
> index 2a4e825481d..05880099703 100644
> --- a/lib/sm3.c
> +++ b/lib/sm3.c
> @@ -249,7 +249,7 @@ void sm3_final(struct sm3_context *sctx, uint8_t output[SM3_DIGEST_SIZE])
>
> sctx->buffer[partial++] = 0x80;
> if (partial > bit_offset) {
> - memset(sctx->buffer + partial, 0, SM3_BLOCK_SIZE - partial);
> + memset(sctx->buffer + partial, 0, SM3_BLOCK_SIZE - partial - 1);
> partial = 0;
>
> sm3_block(sctx, sctx->buffer, 1, W);
> --
> 2.20.1
>
More information about the U-Boot
mailing list