wolfcrypt/src/integer.c: add sanity checks to mollify clang-tidy 20.0.0_pre20250104: in mp_grow(), error if the mp_int has a null .dp but nonzero .alloc; in s_mp_add() and s_mp_sub(), error if either operand has a null .dp but the constant of iteration (from .used) is positive. these fix 6 distinct clang-analyzer-core.NullDereferences, of undetermined accuracy (possibly benign).

2025-01-08 11:09:27 -06:00
parent 632d1c7ada
commit fd664fd597
1 changed files with 18 additions and 0 deletions
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@ -440,6 +440,10 @@ int mp_grow (mp_int * a, int size)
      a->dp[i] = 0;
    }
  }
+  else if ((a->alloc > 0) && (a->dp == NULL)) {
+      /* opportunistic sanity check on a->dp */
+      return MP_VAL;
+  }
  return MP_OKAY;
 }

@ -1758,6 +1762,13 @@ int s_mp_add (mp_int * a, mp_int * b, mp_int * c)
    /* destination */
    tmpc = c->dp;

+    /* sanity-check dp pointers from a and b. */
+    if ((min_ab > 0) &&
+        ((tmpa == NULL) || (tmpb == NULL)))
+    {
+        return MP_VAL;
+    }
+
    /* zero the carry */
    u = 0;
    for (i = 0; i < min_ab; i++) {
@ -1833,6 +1844,13 @@ int s_mp_sub (mp_int * a, mp_int * b, mp_int * c)
    tmpb = b->dp;
    tmpc = c->dp;

+    /* sanity-check dp pointers from a and b. */
+    if ((min_b > 0) &&
+        ((tmpa == NULL) || (tmpb == NULL)))
+    {
+        return MP_VAL;
+    }
+
    /* set carry to zero */
    u = 0;
    for (i = 0; i < min_b; i++) {