Hello,

At https://github.com/jedisct1/libsodium/blob/master/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c#L188, memcpy could be called with dst being NULL, if escrypt_r is itself called with its buf argument set to NULL.

Static analysis tools are nice, but that argument is never expected to be NULL.

Not only it wouldn't make any sense to use the crypto_pwhash_*() functions that way, but all their arguments are tagged __attribute__ ((nonnull)), so the compiler is going to scream if you ever do that.

Also, the first thing these functions do is to zero the output buffer, so a bus error would happen way before the memcpy().

Fair enough, thanks for the explanation.