From 63d038fa18ee78951905e8f3ad4c8f82ba653238 Mon Sep 17 00:00:00 2001 From: Jeffrey Walton Date: Thu, 22 Feb 2018 08:01:08 -0500 Subject: [PATCH] Update documentation The commit also adds an assert on memcpy_s pointers. GCC 8 claims the pointers are the same. We think it is a spurious finding. The assert never fired during test. --- misc.h | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/misc.h b/misc.h index 9bfa586e..f968e489 100644 --- a/misc.h +++ b/misc.h @@ -364,9 +364,9 @@ template /// \brief Bounds checking replacement for memcpy() /// \param dest pointer to the desination memory block -/// \param sizeInBytes the size of the desination memory block, in bytes +/// \param sizeInBytes size of the desination memory block, in bytes /// \param src pointer to the source memory block -/// \param count the size of the source memory block, in bytes +/// \param count the number of bytes to copy /// \throws InvalidArgument /// \details ISO/IEC TR-24772 provides bounds checking interfaces for potentially /// unsafe functions like memcpy(), strcpy() and memmove(). However, @@ -386,8 +386,11 @@ inline void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t cou // Pointers must be valid; otherwise undefined behavior CRYPTOPP_ASSERT(dest != NULLPTR); CRYPTOPP_ASSERT(src != NULLPTR); + // Restricted pointers. We want to check ranges, but it is not clear how to do it. + CRYPTOPP_ASSERT(src != dest); // Destination buffer must be large enough to satsify request CRYPTOPP_ASSERT(sizeInBytes >= count); + if (count > sizeInBytes) throw InvalidArgument("memcpy_s: buffer overflow"); @@ -406,9 +409,9 @@ inline void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t cou /// \brief Bounds checking replacement for memmove() /// \param dest pointer to the desination memory block -/// \param sizeInBytes the size of the desination memory block, in bytes +/// \param sizeInBytes size of the desination memory block, in bytes /// \param src pointer to the source memory block -/// \param count the size of the source memory block, in bytes +/// \param count the number of bytes to copy /// \throws InvalidArgument /// \details ISO/IEC TR-24772 provides bounds checking interfaces for potentially /// unsafe functions like memcpy(), strcpy() and memmove(). However, @@ -430,6 +433,7 @@ inline void memmove_s(void *dest, size_t sizeInBytes, const void *src, size_t co CRYPTOPP_ASSERT(dest != NULLPTR); CRYPTOPP_ASSERT(src != NULLPTR); // Destination buffer must be large enough to satsify request CRYPTOPP_ASSERT(sizeInBytes >= count); + if (count > sizeInBytes) throw InvalidArgument("memmove_s: buffer overflow");