Commit 5cbbced70d for openssl.org
commit 5cbbced70dd7dd37b6b11dc6e5b7ca78d4d2e436
Author: Weizhi Ao <2362422778@qq.com>
Date: Thu Dec 11 21:06:23 2025 +0800
Fix silent failure in ASYNC_start_job when size is 0
When ASYNC_start_job is called with args != NULL but size == 0,
OPENSSL_malloc(0) is called. Depending on the libc implementation,
malloc(0) may return NULL, causing a silent failure.
This patch modifies the logic to skip allocation if size is 0.
CLA: trivial
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Saša NedvÄ›dický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29377)
diff --git a/crypto/async/async.c b/crypto/async/async.c
index ff55ef77ba..4585390342 100644
--- a/crypto/async/async.c
+++ b/crypto/async/async.c
@@ -255,7 +255,8 @@ int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret,
if ((ctx->currjob = async_get_pool_job()) == NULL)
return ASYNC_NO_JOBS;
- if (args != NULL) {
+ /* Check for size > 0 to avoid malloc(0) */
+ if (args != NULL && size > 0) {
ctx->currjob->funcargs = OPENSSL_malloc(size);
if (ctx->currjob->funcargs == NULL) {
async_release_job(ctx->currjob);