Don't pass NULL,0 to qsort.
qsort shares the same C language bug as mem*. Two of our calls may see
zero-length lists. This trips UBSan.
Change-Id: Id292dd277129881001eb57b1b2db78438cf4642e
Reviewed-on: https://boringssl-review.googlesource.com/c/34447
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c
index 93b9d1b..ec557c0 100644
--- a/crypto/stack/stack.c
+++ b/crypto/stack/stack.c
@@ -358,8 +358,6 @@
}
void sk_sort(_STACK *sk) {
- int (*comp_func)(const void *,const void *);
-
if (sk == NULL || sk->comp == NULL || sk->sorted) {
return;
}
@@ -370,8 +368,11 @@
// e.g., CFI does not notice. Unfortunately, |qsort| is missing a void*
// parameter in its callback and |qsort_s| / |qsort_r| are a mess of
// incompatibility.
- comp_func = (int (*)(const void *, const void *))(sk->comp);
- qsort(sk->data, sk->num, sizeof(void *), comp_func);
+ if (sk->num >= 2) {
+ int (*comp_func)(const void *, const void *) =
+ (int (*)(const void *, const void *))(sk->comp);
+ qsort(sk->data, sk->num, sizeof(void *), comp_func);
+ }
sk->sorted = 1;
}
diff --git a/ssl/ssl_privkey.cc b/ssl/ssl_privkey.cc
index 16888b9..d45670a 100644
--- a/ssl/ssl_privkey.cc
+++ b/ssl/ssl_privkey.cc
@@ -553,6 +553,10 @@
}
static bool sigalgs_unique(Span<const uint16_t> in_sigalgs) {
+ if (in_sigalgs.size() < 2) {
+ return true;
+ }
+
Array<uint16_t> sigalgs;
if (!sigalgs.CopyFrom(in_sigalgs)) {
return false;