Merge pull request #9388 from lealem47/scan_build

Various fixes for nightly tests
2026-01-26 22:02:22 +01:00 · 2025-11-07 09:30:08 +10:00
parent 3416a0f70e 15ecc2e4da
commit f376c8d910
8 changed files with 25 additions and 10 deletions
--- a/IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h
@@ -18,6 +18,9 @@ extern "C" {
 #undef  SINGLE_THREADED
 #define SINGLE_THREADED

+#undef WOLFSSL_NO_SOCK
+#define WOLFSSL_NO_SOCK
+
 #undef  WOLFSSL_SMALL_STACK
 //#define WOLFSSL_SMALL_STACK

--- a/configure.ac
+++ b/configure.ac
@@ -139,7 +139,7 @@ AC_ARG_ENABLE([linuxkm-defaults],
    )


-AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h ctype.h])
+AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h ctype.h sys/random.h])
 AC_CHECK_LIB([network],[socket])
 AC_C_BIGENDIAN
 AC_C___ATOMIC
@@ -150,7 +150,7 @@ AC_CHECK_HEADER(assert.h, [AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSL_HAVE_ASSERT_H"],[
 # they're declared by the expected headers, and if not, supersede the
 # unusable positive from AC_CHECK_FUNCS().
 AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r gmtime_s inet_ntoa memset socket strftime atexit isascii getpid getrandom])
-AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r, gmtime_s, inet_ntoa, memset, socket, strftime, atexit, isascii, getpid], [], [
+AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r, gmtime_s, inet_ntoa, memset, socket, strftime, atexit, isascii, getpid, getrandom], [], [
 if test "$(eval echo \$"$(eval 'echo ac_cv_func_${as_decl_name}')")" = "yes"
 then
    AC_MSG_NOTICE([    note: earlier check for $(eval 'echo ${as_decl_name}') superseded.])
@@ -186,6 +186,9 @@ fi
 #ifdef HAVE_CTYPE_H
    #include <ctype.h>
 #endif
+#ifdef HAVE_SYS_RANDOM_H
+    #include <sys/random.h>
+#endif
 ]])

 AC_PROG_INSTALL
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -2950,7 +2950,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #endif /* HAVE_RPK */
                break;
            case 268:
+#ifndef NO_CERTS
                fileFormat = WOLFSSL_FILETYPE_ASN1;
+#endif
                break;
            case 269:
 #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -10558,6 +10558,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
        case TLS_ASYNC_DO:
        {
            sig = input + args->idx;
+            (void)sig;
        #ifdef WOLFSSL_DUAL_ALG_CERTS
            if (ssl->sigSpec != NULL &&
                *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
--- a/tests/api.c
+++ b/tests/api.c
@@ -20118,7 +20118,7 @@ static int test_wolfSSL_PKCS7_certs(void)
        while (EXPECT_SUCCESS() && (sk_X509_INFO_num(info_sk) > 0)) {
            X509_INFO* info = NULL;
            ExpectNotNull(info = sk_X509_INFO_shift(info_sk));
-            if (info != NULL) {
+            if (EXPECT_SUCCESS() && info != NULL) {
                ExpectIntGT(sk_X509_push(sk, info->x509), 0);
                info->x509 = NULL;
            }
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -4207,8 +4207,9 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
        #ifdef FORCE_FAILURE_GETRANDOM
            /* don't fallback to /dev/urandom */
            return ret;
-        #else
-            /* reset error and fallback to using /dev/urandom */
+        #elif !defined(NO_FILESYSTEM)
+            /* reset error and fallback to using /dev/urandom if filesystem
+             * support is compiled in */
            ret = 0;
        #endif
        }
@@ -4255,6 +4256,8 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
        }
        close(os->fd);
 #else
+        (void)output;
+        (void)sz;
        ret = NOT_COMPILED_IN;
 #endif /* NO_FILESYSTEM */

--- a/wolfcrypt/src/sp_int.c
+++ b/wolfcrypt/src/sp_int.c
@@ -8561,10 +8561,11 @@ int sp_rshb(const sp_int* a, int n, sp_int* r)
        }
        else {
            /* Move the bits down starting at least significant digit. */
-            for (j = 0; i < a->used - 1; i++, j++)
-                r->dp[j] = (a->dp[i] >> n) | (a->dp[i+1] << (SP_WORD_SIZE - n));
+            for (j = 0; j < (sp_size_t)(a->used - 1 - i); j++)
+                r->dp[j] = (a->dp[j+i] >> n) |
+                    (a->dp[j+i+1] << (SP_WORD_SIZE - n));
            /* Most significant digit has no higher digit to pull from. */
-            r->dp[j] = a->dp[i] >> n;
+            r->dp[j] = a->dp[j+i] >> n;
            /* Set the count of used digits. */
            r->used = (sp_size_t)(j + (r->dp[j] > 0));
        }
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -3064,11 +3064,13 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
        printf("Math: %s\n", wc_GetMathInfo());
 #endif

+        if (ret == 0) {
 #ifdef HAVE_STACK_SIZE
-        StackSizeCheck(&args, wolfcrypt_test);
+            StackSizeCheck(&args, wolfcrypt_test);
 #else
-        wolfcrypt_test(&args);
+            wolfcrypt_test(&args);
 #endif
+        }

        if ((ret = wolfCrypt_Cleanup()) != 0) {
            printf("wolfCrypt_Cleanup failed %d\n", (int)ret);