From 66b5e31cac49179e36b42e135d5427068e080172 Mon Sep 17 00:00:00 2001
From: xtqqczze <45661989+xtqqczze@users.noreply.github.com>
Date: Fri, 3 Oct 2025 22:49:27 +0100
Subject: [PATCH] Avoid passing null pointer from empty span to
 `CreateSymmetricKey`

---
 .../Cryptography/SP800108HmacCounterKdfImplementationCng.cs  | 5 +++--
 .../Cryptography/SP800108HmacCounterKdfImplementationCng.cs  | 3 ++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/libraries/Microsoft.Bcl.Cryptography/src/System/Security/Cryptography/SP800108HmacCounterKdfImplementationCng.cs b/src/libraries/Microsoft.Bcl.Cryptography/src/System/Security/Cryptography/SP800108HmacCounterKdfImplementationCng.cs
index 6bbd2f7f1b7fde..064ca636fe6172 100644
--- a/src/libraries/Microsoft.Bcl.Cryptography/src/System/Security/Cryptography/SP800108HmacCounterKdfImplementationCng.cs
+++ b/src/libraries/Microsoft.Bcl.Cryptography/src/System/Security/Cryptography/SP800108HmacCounterKdfImplementationCng.cs
@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System.Diagnostics;
+using System.Runtime.InteropServices;
 
 namespace System.Security.Cryptography
 {
@@ -44,7 +45,7 @@ internal unsafe SP800108HmacCounterKdfImplementationCng(ReadOnlySpan<byte> key,
 
             try
             {
-                fixed (byte* pSymmetricKeyMaterial = symmetricKeyMaterial)
+                fixed (byte* pSymmetricKeyMaterial = &MemoryMarshal.GetReference(symmetricKeyMaterial))
                 {
                     _keyHandle = CreateSymmetricKey(pSymmetricKeyMaterial, symmetricKeyMaterialLength);
                 }
@@ -88,7 +89,7 @@ internal unsafe SP800108HmacCounterKdfImplementationCng(byte[] key, HashAlgorith
 
             try
             {
-                fixed (byte* pSymmetricKeyMaterial = symmetricKeyMaterial)
+                fixed (byte* pSymmetricKeyMaterial = &MemoryMarshal.GetReference(symmetricKeyMaterial))
                 {
                     _keyHandle = CreateSymmetricKey(pSymmetricKeyMaterial, symmetricKeyMaterialLength);
                 }
diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/SP800108HmacCounterKdfImplementationCng.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/SP800108HmacCounterKdfImplementationCng.cs
index 84c624120eea42..da57a08db4ebff 100644
--- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/SP800108HmacCounterKdfImplementationCng.cs
+++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/SP800108HmacCounterKdfImplementationCng.cs
@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System.Diagnostics;
+using System.Runtime.InteropServices;
 
 namespace System.Security.Cryptography
 {
@@ -37,7 +38,7 @@ internal unsafe SP800108HmacCounterKdfImplementationCng(ReadOnlySpan<byte> key,
 
             try
             {
-                fixed (byte* pSymmetricKeyMaterial = symmetricKeyMaterial)
+                fixed (byte* pSymmetricKeyMaterial = &MemoryMarshal.GetReference(symmetricKeyMaterial))
                 {
                     _keyHandle = CreateSymmetricKey(pSymmetricKeyMaterial, symmetricKeyMaterialLength);
                 }