From dc9887c0199f5b7579e7b82dd7910008e419816f Mon Sep 17 00:00:00 2001
From: Kurt Roeckx <kurt@roeckx.be>
Date: Tue, 24 May 2016 21:32:01 +0200
Subject: Avoid creating an illegal pointer

Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1122
---
 crypto/asn1/a_int.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'crypto/asn1')

diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
index d06d4178dd..9c28c02951 100644
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -201,18 +201,18 @@ static size_t c2i_ibuf(unsigned char *b, int *pneg,
     /* Must be negative: calculate twos complement */
     if (b) {
         const unsigned char *from = p + plen - 1 + pad;
-        unsigned char *to = b + plen - 1;
+        unsigned char *to = b + plen;
         i = plen;
         while (*from == 0 && i) {
-            *to-- = 0;
+            *--to = 0;
             i--;
             from--;
         }
-        *to-- = (*from-- ^ 0xff) + 1;
+        *--to = (*from-- ^ 0xff) + 1;
         OPENSSL_assert(i != 0);
         i--;
         for (; i > 0; i--)
-            *to-- = *from-- ^ 0xff;
+            *--to = *from-- ^ 0xff;
     }
     return plen;
 }
-- 
cgit v1.2.3