From: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
Subject: [PATCH] LibreSSL: check for NULL data pointer in bio_mem_read_ptr()
To: tech@openbsd.org
Cc: nakayamakenjiro@gmail.com
Date: Sat, 12 Apr 2025 12:15:42 +0900

When bm->buf->data is NULL, calling bio_mem_read_ptr() triggers a runtime
error under UndefinedBehaviorSanitizer:

    $ ./tests/bio_dump
    /dev/portable/crypto/bio/bss_mem.c:87:10: runtime error: applying zero offset to null pointer
    SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /dev/portable/crypto/bio/bss_mem.c:87:10 in

This patch adds an explicit NULL check to avoid applying an offset
to a NULL pointer, which is undefined behavior. The function now
safely returns NULL if the buffer is uninitialized.

Signed-off-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
---
 src/lib/libcrypto/bio/bss_mem.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git src/lib/libcrypto/bio/bss_mem.c src/lib/libcrypto/bio/bss_mem.c
index 6d0d54db8..6001038b6 100644
--- src/lib/libcrypto/bio/bss_mem.c
+++ src/lib/libcrypto/bio/bss_mem.c
@@ -84,6 +84,8 @@ bio_mem_pending(struct bio_mem *bm)
 static uint8_t *
 bio_mem_read_ptr(struct bio_mem *bm)
 {
+	if (bm->buf->data == NULL)
+		return NULL;
 	return &bm->buf->data[bm->read_offset];
 }
 
-- 
2.39.5 (Apple Git-154)