sha256.cpp buffer overrun warning

Question

sha256.cpp buffer overrun warning

zyluo opened this issue a year ago · comments

https://github.com/stbrumme/hash-library/blob/master/sha256.cpp#L293 is reporting a buffer overrun warning.
Suggested changed in bold.

// process full blocks
while (numBytes >= BlockSize)
{
processBlock(current);
current += BlockSize;
m_numBytes += BlockSize;
numBytes -= BlockSize;
}

// keep remaining bytes in buffer
//while (numBytes > 0)
while (numBytes > 0 && m_bufferSize < BlockSize)
{
m_buffer[m_bufferSize++] = *current++;
numBytes--;
}
}

Nayuki · Answer 1 · Fri May 05 2023 10:37:45 GMT+0800 (China Standard Time)

I have trouble thinking of a scenario that causes buffer overflow here. What initial values of m_BufferSize and numBytes will be needed to trigger overflow?

Sammy Nah · Answer 2 · Fri May 05 2023 10:52:17 GMT+0800 (China Standard Time)

Theoretically there won't be a buffer overflow here based on context but it's just that Visual Studio is complaining that there is a possibility.