Fortify warning: memcpy bound exceeds object size in esign.cpp when building with clang22

[scc-tw]

Hello maintainers,

When building Crypto++ with clang22 (flags: -DNDEBUG -g2 -O3 -fPIC -fno-devirtualize -pthread -pipe), I observed a fortify/stringop-overflow warning from memcpy at compilation of esign.cpp. I would appreciate your advice or triage for this warning.

---

Warning excerpt:

In file included from /usr/include/string.h:548,
                 from /usr/include/c++/14/cstring:43,
                 from stdcpp.h:63,
                 from cryptlib.h:106,
                 from esign.h:10,
                 from esign.cpp:11:
In function 'void* memcpy(void*, const void*, size_t)',
    inlined from 'virtual void CryptoPP::InvertibleESIGNFunction::GenerateRandom(CryptoPP::RandomNumberGenerator&, const CryptoPP::NameValuePairs&)' at esign.cpp:115:14:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:29:33: warning: 'void* __builtin_memcpy(void*, const void*, long unsigned int)' specified bound 18446744073709551612 exceeds maximum object size 9223372036854775807 [-Wstringop-overflow=]
   29 |   return __builtin___memcpy_chk (__dest, __src, __len,
      |          ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~
   30 |                                  __glibc_objsize0 (__dest));
      |                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:29:33: warning: 'void* __builtin_memcpy(void*, const void*, long unsigned int)' specified bound 18446744073709551612 exceeds maximum object size 9223372036854775807 [-Wstringop-overflow=]

---

Context & Source:

• Source file: esign.cpp @ commit 843d74c7
• Potentially relevant code:

if (param.GetValue("Seed", seedParam))
{
    seed.resize(seedParam.size() + 4);
    std::memcpy(seed + 4, seedParam.begin(), seedParam.size());
    // ...
}

(see full file: esign.cpp)

• Pipeline reproduction: cryptobench-cpp build log here
• Compilation flags used: clang22 -DNDEBUG -g2 -O3 -fPIC -fno-devirtualize -pthread -pipe

---

Notes:

• I have not investigated the root cause.
• I am not proposing a patch at this time; this is a tracking/triage report.

Steps to reproduce:

1. Build Crypto++ with clang22 and the flags listed above.
2. Observe the warning in the compilation output for esign.cpp.

Many thanks for your attention!

[Coralesoft]

Hi,

This looks like a static analysis false positive: Fortify/Clang complain about a potential overflow on this line in InvertibleESIGNFunction::GenerateRandom:

std::memcpy(seed + 4, seedParam.begin(), seedParam.size());

In my fork cryptopp-modern (a maintained fork of Crypto++ 8.9.0, using the same CryptoPP namespace), I addressed it by switching to .data() and adding a simple bounds assert:

seed.resize(seedParam.size() + 4);
CRYPTOPP_ASSERT(seed.size() >= seedParam.size() + 4);
std::memcpy(seed.data() + 4, seedParam.begin(), seedParam.size());

This doesn’t change behaviour; it just makes the bounds relationship more explicit to Fortify/Clang, and the false-positive memcpy overflow warning goes away.

You can see the change here:

• Repo: https://github.com/Coralesoft/cryptopp-modern
• Commit: https://github.com/Coralesoft/cryptopp-modern/commit/79ecd1f0