From fd664fd597932d29583756c6dc1b1d45703cb21f Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Wed, 8 Jan 2025 11:09:27 -0600
Subject: [PATCH] wolfcrypt/src/integer.c: add sanity checks to mollify
 clang-tidy 20.0.0_pre20250104: in mp_grow(), error if the mp_int has a null
 .dp but nonzero .alloc; in s_mp_add() and s_mp_sub(), error if either operand
 has a null .dp but the constant of iteration (from .used) is positive.  these
 fix 6 distinct clang-analyzer-core.NullDereferences, of undetermined accuracy
 (possibly benign).

---
 wolfcrypt/src/integer.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index 3deeaeb82..e40afc721 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -440,6 +440,10 @@ int mp_grow (mp_int * a, int size)
       a->dp[i] = 0;
     }
   }
+  else if ((a->alloc > 0) && (a->dp == NULL)) {
+      /* opportunistic sanity check on a->dp */
+      return MP_VAL;
+  }
   return MP_OKAY;
 }
 
@@ -1758,6 +1762,13 @@ int s_mp_add (mp_int * a, mp_int * b, mp_int * c)
     /* destination */
     tmpc = c->dp;
 
+    /* sanity-check dp pointers from a and b. */
+    if ((min_ab > 0) &&
+        ((tmpa == NULL) || (tmpb == NULL)))
+    {
+        return MP_VAL;
+    }
+
     /* zero the carry */
     u = 0;
     for (i = 0; i < min_ab; i++) {
@@ -1833,6 +1844,13 @@ int s_mp_sub (mp_int * a, mp_int * b, mp_int * c)
     tmpb = b->dp;
     tmpc = c->dp;
 
+    /* sanity-check dp pointers from a and b. */
+    if ((min_b > 0) &&
+        ((tmpa == NULL) || (tmpb == NULL)))
+    {
+        return MP_VAL;
+    }
+
     /* set carry to zero */
     u = 0;
     for (i = 0; i < min_b; i++) {