Avoid computing out-of-bounds pointer.

real-or-random · real-or-random · commit 9be7b0f08340 · 2021-06-16T10:33:41.000+02:00
This is a pedantic case of UB.
diff --git a/src/ecdsa_impl.h b/src/ecdsa_impl.h
@@ -112,7 +112,7 @@ static int secp256k1_der_parse_integer(secp256k1_scalar *r, const unsigned char
     if (secp256k1_der_read_len(&rlen, sig, sigend) == 0) {
         return 0;
     }
-    if (rlen == 0 || *sig + rlen > sigend) {
+    if (rlen == 0 || rlen > (size_t)(sigend - *sig)) {
         /* Exceeds bounds or not at least length 1 (X.690-0207 8.3.1).  */
         return 0;
     }

Original file line number	Diff line number	Diff line change
`@@ -112,7 +112,7 @@ static int secp256k1_der_parse_integer(secp256k1_scalar *r, const unsigned char`
`112`	`112`	`if (secp256k1_der_read_len(&rlen, sig, sigend) == 0) {`
`113`	`113`	`return 0;`
`114`	`114`	`}`
`115`		`- if (rlen == 0 \|\| *sig + rlen > sigend) {`
	`115`	`+ if (rlen == 0 \|\| rlen > (size_t)(sigend - *sig)) {`
`116`	`116`	`/* Exceeds bounds or not at least length 1 (X.690-0207 8.3.1). */`
`117`	`117`	`return 0;`
`118`	`118`	`}`