Merge #15950: Do not construct out-of-bound pointers in SHA2 code

c01c065b9d Do not construct out-of-bound pointers in SHA512/SHA1/RIPEMD160 code (Pieter Wuille) Pull request description: This looks like an issue in the current SHA256/512 code, where a pointer outside of the area pointed to may be constructed (this is UB in theory, though in practice every supported platform treats pointers as integers). I discovered this while investigating #14580. Sadly, it does not fix it. ACKs for commit c01c06: practicalswift: utACK c01c065b9d Tree-SHA512: 47660e00f164f38c36a1ab46e52dd91cd33cfda6a6048d67541c2f8e73c050d4d9d81b5c149bfad281212d52f204f57bebf5b19879dc7a6a5f48aa823fbc2c02
2019-05-16 16:23:12 +02:00 · 2019-05-16 16:23:12 +02:00 · fd61b9fc22
commit fd61b9fc22
parent 47ec8318a6 c01c065b9d
3 changed files with 3 additions and 3 deletions
--- a/src/crypto/ripemd160.cpp
+++ b/src/crypto/ripemd160.cpp
@ -256,7 +256,7 @@ CRIPEMD160& CRIPEMD160::Write(const unsigned char* data, size_t len)
        ripemd160::Transform(s, buf);
        bufsize = 0;
    }
-    while (end >= data + 64) {
+    while (end - data >= 64) {
        // Process full chunks directly from the source.
        ripemd160::Transform(s, data);
        bytes += 64;
--- a/src/crypto/sha1.cpp
+++ b/src/crypto/sha1.cpp
@ -163,7 +163,7 @@ CSHA1& CSHA1::Write(const unsigned char* data, size_t len)
        sha1::Transform(s, buf);
        bufsize = 0;
    }
-    while (end >= data + 64) {
+    while (end - data >= 64) {
        // Process full chunks directly from the source.
        sha1::Transform(s, data);
        bytes += 64;
--- a/src/crypto/sha512.cpp
+++ b/src/crypto/sha512.cpp
@ -168,7 +168,7 @@ CSHA512& CSHA512::Write(const unsigned char* data, size_t len)
        sha512::Transform(s, buf);
        bufsize = 0;
    }
-    while (end >= data + 128) {
+    while (end - data >= 128) {
        // Process full chunks directly from the source.
        sha512::Transform(s, data);
        data += 128;