Fix missing lower bounds check on index i

intel / QAT_Engine

Intel QuickAssist Technology( QAT) OpenSSL Engine (an OpenSSL Plug-In Engine) which provides cryptographic acceleration for both hardware and optimized software using Intel QuickAssist Technology enabled Intel platforms. https://developer.intel.com/quickassist

BSD 3-Clause "New" or "Revised" License

410 stars 128 forks source link

Fix missing lower bounds check on index i #328

Closed ColinIanKing closed 2 weeks ago

ColinIanKing commented 3 months ago

The signed int index i is currently being ranged checked on the upper bounds but not on a negative lower bounds. Add in the missing lower bounds range change to avoid any potentially negative array indexing.

Issue detected using Coverity Scan static analysis

venkatesh6911 commented 3 months ago

thank @ColinIanKing for raising the PR.. We will merge this change and it will be included in the upcoming qatengine release version 1.7.0.

venkatesh6911 commented 2 weeks ago

@ColinIanKing the code changes are included in v1.7.0. https://github.com/intel/QAT_Engine/commit/e7b004944975ec6f37b39e5e1d506b7d220390f7