From 74442605fa2d9925e6ea095666c567aea7268265 Mon Sep 17 00:00:00 2001
From: Anthony Hu <anthony@wolfssl.com>
Date: Wed, 8 Dec 2021 15:58:46 -0500
Subject: [PATCH] Pass in pointer to a local size_t var, not word32 var to
 prevent stack corruption.

---
 wolfcrypt/src/falcon.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/falcon.c b/wolfcrypt/src/falcon.c
index 3bb2f5847..00dbe7705 100644
--- a/wolfcrypt/src/falcon.c
+++ b/wolfcrypt/src/falcon.c
@@ -62,6 +62,7 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen,
 {
     int ret = 0;
     OQS_SIG *oqssig = NULL;
+    size_t localOutLen = 0;
 
     /* sanity check on arguments */
     if ((in == NULL) || (out == NULL) || (outLen == NULL) || (key == NULL)) {
@@ -95,14 +96,19 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen,
             *outLen = FALCON_LEVEL5_SIG_SIZE;
             ret = BUFFER_E;
         }
+        localOutLen = *outLen;
     }
 
     if ((ret == 0) &&
-        (OQS_SIG_sign(oqssig, out, (size_t *)outLen, in, inLen, key->k)
+        (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k)
          == OQS_ERROR)) {
         ret = BAD_FUNC_ARG;
     }
 
+    if (ret == 0) {
+        *outLen = (word32)localOutLen;
+    }
+
     if (oqssig != NULL) {
         OQS_SIG_free(oqssig);
     }