Skip to content
Commit a1673e15 authored by Benjamin Kaduk's avatar Benjamin Kaduk Committed by Rich Salz
Browse files

Avoid negative array index in BIO_debug_callback()

BIO_snprintf() can return -1 on truncation (and overflow as of commit
9cb17730

).  Though neither can
realistically occur while printing a pointer and short fixed string into
a buffer of length 256, the analysis to confirm that this the case goes
somewhat far up the call chain, and not all static analyzers can
successfully follow the chain of logic.

It's easy enough to clamp the returned length to be nonnegative before
continuing, which appeases the static analyzer and does not harm the
subsequent code.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 80e8fdbe
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment