From f6ffaacbbf7f5aca45139a612c5dd8db3f2094dc Mon Sep 17 00:00:00 2001 From: Michal Domonkos Date: Mon, 5 Aug 2024 14:40:57 +0200 Subject: [PATCH] Skip to hashed subpacket data directly Let OpenScanHub grok the bigger picture instead of producing a spurious overrun warning for v->hashlen when we're dereferencing p later. Casting the v pointer back to uint8_t is unnecessary when we could just use h directly but it's done this way in the if branch for pgp version 3 in this function as well as in pgpPrtKey() so copy that, just for the sake of consistency. Along the same lines (consistency), change the p pointer to a const pointer. No functional change. Resolves: RHEL-22607 --- rpmio/rpmpgp.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c index d0688ebe9..6f044eb1b 100644 --- a/rpmio/rpmpgp.c +++ b/rpmio/rpmpgp.c @@ -565,7 +565,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, pgpDigParams _digp) { uint8_t version = 0; - uint8_t * p; + const uint8_t * p; unsigned int plen; int rc = 1; @@ -618,10 +618,9 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, pgpPrtVal(" ", pgpSigTypeTbl, v->sigtype); pgpPrtNL(); - p = &v->hashlen[0]; if (pgpGet(v->hashlen, sizeof(v->hashlen), h + hlen, &plen)) return 1; - p += sizeof(v->hashlen); + p = ((uint8_t *)v) + sizeof(*v); if ((p + plen) > (h + hlen)) return 1; -- 2.46.0