ESIGN: use .data() to preserve bounds for Fortify/Clang; add defensive assert

Fortify/Clang emits false positive in InvertibleESIGNFunction::GenerateRandom
because pointer arithmetic on SecByteBlock after implicit conversion to byte*
loses destination object's size info.

- Change seed + 4 to seed.data() + 4 to preserve bounds for static analyzers
- Add CRYPTOPP_ASSERT to document invariant (compiles to no-op in release)
- No behavior change: buffer is resized, then seedParam.size() bytes copied at offset +4

The .data() method avoids analyzer losing track of object size after pointer arithmetic.
Assert documents intended invariant and helps static analysis tools.

Author: Coralesoft

esign.cpp

@@ -115,7 +115,11 @@ void InvertibleESIGNFunction::GenerateRandom(RandomNumberGenerator &rng, const N
 			throw InvalidArgument("InvertibleESIGNFunction::GenerateRandom: buffer overflow");
 
 		seed.resize(seedParam.size() + 4);
-		std::memcpy(seed + 4, seedParam.begin(), seedParam.size());
+		// Defensive assertion for static analyzers; compiles to no-op in release builds
+		CRYPTOPP_ASSERT(seed.size() >= seedParam.size() + 4);
+
+		// Use .data() so Fortify/Clang retain destination object bounds
+		std::memcpy(seed.data() + 4, seedParam.begin(), seedParam.size());
 
 		PutWord(false, BIG_ENDIAN_ORDER, seed, (word32)0);
 		m_p.GenerateRandom(rng, CombinedNameValuePairs(primeParam, MakeParameters("Seed", ConstByteArrayParameter(seed))));