Don't set *pval to NULL in asn1_item_ex_combine_new.
While *pval is usually a pointer in rare circumstances it can be a long
value. One some platforms (e.g. WIN64) where
sizeof(long) < sizeof(ASN1_VALUE *) this will write past the field.
*pval is initialised correctly in the rest of ASN1_item_ex_new so setting it
to NULL is unecessary anyway.
Thanks to Julien Kauffmann for reporting this issue.
(Imported from upstream's f617b4969a9261b9d7d381670aefbe2cf766a2cb.)
Change-Id: I8cc777f7ab126dcef3a0278a82d3fc91faf4c231
Reviewed-on: https://boringssl-review.googlesource.com/4510
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
index cca8236..918aba7 100644
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@@ -100,8 +100,6 @@
else
asn1_cb = 0;
- if (!combine) *pval = NULL;
-
#ifdef CRYPTO_MDEBUG
if (it->sname)
CRYPTO_push_info(it->sname);
