From 837de435ba0a94d62b78427ac5c7e48b1b631781 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Mon, 16 Nov 2020 09:29:13 +1000
Subject: [PATCH] TFM div: fix initial value of size in q so clamping doesn't
 OOB read

---
 wolfcrypt/src/tfm.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index 9b1a35151..bab71e13c 100644
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -679,7 +679,8 @@ int fp_div(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
 #endif
 
   fp_init(q);
-  q->used = a->used + 2;
+  /* qb + d = a, and b is an integer > 0, therefore q <= a */
+  q->used = a->used;
 
   fp_init(t1);
   fp_init(t2);