From de34ec0f0cdb18898069b528b884e07abac2bd6a Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Mon, 16 Oct 2017 11:24:41 -0700
Subject: [PATCH] Fix scan-build report of possible use of unitialized
 output[i].

---
 wolfcrypt/src/asn.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 8942d91f6..36ff9fbee 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -6391,7 +6391,7 @@ WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output)
     int i = 0;
     int snSzInt = (int)snSz;
 
-    if (sn == NULL || output == NULL)
+    if (sn == NULL || output == NULL || snSzInt < 0)
         return BAD_FUNC_ARG;
 
     /* remove leading zeros */
@@ -6405,8 +6405,10 @@ WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output)
     i += SetLength(snSzInt, &output[i]);
     XMEMCPY(&output[i], sn, snSzInt);
 
-    /* ensure positive (MSB not set) */
-    output[i] &= ~0x80;
+    if (snSzInt > 0) {
+        /* ensure positive (MSB not set) */
+        output[i] &= ~0x80;
+    }
 
     /* compute final length */
     i += snSzInt;