From c22b89e935aa973733708398ea68c101aefe249c Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Fri, 13 Jan 2023 02:12:03 +1000
Subject: [PATCH] SP int: fail when buffer writing to is too small for number

---
 wolfcrypt/src/sp_int.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c
index b5199ed73..6cd5dd82c 100644
--- a/wolfcrypt/src/sp_int.c
+++ b/wolfcrypt/src/sp_int.c
@@ -16878,11 +16878,16 @@ int sp_to_unsigned_bin_len(const sp_int* a, byte* out, int outSz)
             /* Put each digit in. */
             for (i = 0; (j >= 0) && (i < a->used); i++) {
                 int b;
+                sp_int_digit d = a->dp[i];
                 /* Place each byte of a digit into the buffer. */
                 for (b = 0; b < SP_WORD_SIZE; b += 8) {
-                    out[j--] = (byte)(a->dp[i] >> b);
+                    out[j--] = (byte)d;
+                    d >>= 8;
                     /* Stop if the output buffer is filled. */
                     if (j < 0) {
+                        if ((i < a->used - 1) || (d > 0)) {
+                            err = BUFFER_E;
+                        }
                         break;
                     }
                 }