From ee52968043048e706b317855ce92bc9e9c8320c9 Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Tue, 27 Feb 2024 11:35:21 -0800 Subject: [PATCH] crypto: fix uninitialized variable coverity warning For some encrypt operations DPP passes no AD iovecs (both are NULL/0). But since the iovec itself is on the stack 'ad' is a valid pointer from within aes_siv_encrypt. This causes memcpy to be called which coverity complains about. Since the copy length is zero it was effectively a no-op, but check num_ad to prevent the call. --- src/crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/crypto.c b/src/crypto.c index 3128b2a5..7235e3c2 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -331,7 +331,7 @@ bool aes_siv_encrypt(const void *key, size_t key_len, const void *in, struct iovec iov[num_ad + 1]; uint8_t v[16]; - if (ad) + if (ad && num_ad) memcpy(iov, ad, sizeof(struct iovec) * num_ad); iov[num_ad].iov_base = (void *)in;