From 3269496e11eb08a4847d8c11f4a6a8b421cf5ad6 Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Wed, 23 Mar 2016 19:16:44 +0100
Subject: Avoid false out of bounds reports.

* cipher/md.c: add explicit type cast from char [1] to char *.
--

Fixes four UBSan error reports while running tests which look like:

cipher/md.c:671:42: runtime error: index 400 out of bounds for type
'char [1]'
    #0 0x7f83c43fe90e in md_final cipher/md.c:671:42
    #1 0x7f83c43fceb7 in _gcry_md_ctl cipher/md.c:781:7
    #2 0x7f83c44046fa in _gcry_md_read cipher/md.c:868:3

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
---
 cipher/md.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/cipher/md.c b/cipher/md.c
index 5b4f0c13..0414dcb0 100644
--- a/cipher/md.c
+++ b/cipher/md.c
@@ -550,7 +550,8 @@ _gcry_md_reset (gcry_md_hd_t a)
   if (a->ctx->flags.hmac)
     for (r = a->ctx->list; r; r = r->next)
       {
-        memcpy (r->context.c, r->context.c + r->spec->contextsize,
+        memcpy ((char *)r->context.c,
+                (char *)r->context.c + r->spec->contextsize,
                 r->spec->contextsize);
       }
   else
@@ -667,7 +668,8 @@ md_final (gcry_md_hd_t a)
         }
 
       memcpy (hash, p, dlen);
-      memcpy (r->context.c, r->context.c + r->spec->contextsize * 2,
+      memcpy ((char *)r->context.c,
+              (char *)r->context.c + r->spec->contextsize * 2,
               r->spec->contextsize);
       (*r->spec->write) (&r->context.c, hash, dlen);
       (*r->spec->final) (&r->context.c);
@@ -745,7 +747,7 @@ prepare_macpads (gcry_md_hd_t a, const unsigned char *key, size_t keylen)
       for (; i < macpad_Bsize; i++ )
         _gcry_md_putc (a, 0x36);
       (*r->spec->write) (&r->context.c, a->buf, a->bufpos);
-      memcpy (r->context.c + r->spec->contextsize, r->context.c,
+      memcpy ((char*)r->context.c + r->spec->contextsize, r->context.c,
               r->spec->contextsize);
 
       (*r->spec->init) (&r->context.c,
@@ -756,7 +758,7 @@ prepare_macpads (gcry_md_hd_t a, const unsigned char *key, size_t keylen)
       for (; i < macpad_Bsize; i++ )
         _gcry_md_putc (a, 0x5c);
       (*r->spec->write) (&r->context.c, a->buf, a->bufpos);
-      memcpy (r->context.c + r->spec->contextsize*2, r->context.c,
+      memcpy ((char *)r->context.c + r->spec->contextsize*2, r->context.c,
               r->spec->contextsize);
 
       xfree (key_allocated);
-- 
cgit v1.2.1