mbedtls_mpi_sub_abs: Skip memcpy when redundant (#6701).
In some contexts, the output pointer may equal the first input
pointer, in which case copying is not only superfluous but results in
"Source and destination overlap in memcpy" errors from Valgrind (as I
observed in the context of ecp_double_jac) and a diagnostic message
from TrustInSoft Analyzer (as Pascal Cuoq reported in the context of
other ECP functions called by cert-app with a suitable certificate).
Signed-off-by: Aaron M. Ucko <ucko@ncbi.nlm.nih.gov>
diff --git a/ChangeLog.d/conditionalize-mbedtls_mpi_sub_abs-memcpy.txt b/ChangeLog.d/conditionalize-mbedtls_mpi_sub_abs-memcpy.txt
new file mode 100644
index 0000000..564f9ac
--- /dev/null
+++ b/ChangeLog.d/conditionalize-mbedtls_mpi_sub_abs-memcpy.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix mbedtls_mpi_sub_abs() to account for the possibility that the output
+ pointer could equal the first input pointer and if so to skip a memcpy()
+ call that would be redundant. Reported by Pascal Cuoq using TrustInSoft
+ Analyzer in #6701; observed independently by Aaron Ucko under Valgrind.
diff --git a/library/bignum.c b/library/bignum.c
index 9bc1c2d..41b3a26 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1009,7 +1009,7 @@
/* Set the high limbs of X to match A. Don't touch the lower limbs
* because X might be aliased to B, and we must not overwrite the
* significant digits of B. */
- if (A->n > n) {
+ if (A->n > n && A != X) {
memcpy(X->p + n, A->p + n, (A->n - n) * ciL);
}
if (X->n > A->n) {