Closed cchr-ledger closed 8 months ago
Static analysis tools are nice, but that argument is never expected to be NULL
.
Not only it wouldn't make any sense to use the crypto_pwhash_*()
functions that way, but all their arguments are tagged __attribute__ ((nonnull))
, so the compiler is going to scream if you ever do that.
Also, the first thing these functions do is to zero the output buffer, so a bus error would happen way before the memcpy().
Fair enough, thanks for the explanation.
Hello,
At https://github.com/jedisct1/libsodium/blob/master/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c#L188,
memcpy
could be called withdst
beingNULL
, ifescrypt_r
is itself called with itsbuf
argument set toNULL
.