wolfcrypt/src/integer.c: add sanity checks to mollify clang-tidy 20.0…

….0_pre20250104: in mp_grow(), error if the mp_int has a null .dp but nonzero .alloc; in s_mp_add() and s_mp_sub(), error if either operand has a null .dp but the constant of iteration (from .used) is positive. these fix 6 distinct clang-analyzer-core.NullDereferences, of undetermined accuracy (possibly benign).
wolfSSL · Jan 8, 2025 · fd664fd · fd664fd
1 parent 632d1c7
commit fd664fd
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
@@ -440,6 +440,10 @@ int mp_grow (mp_int * a, int size)
       a->dp[i] = 0;
     }
   }
+  else if ((a->alloc > 0) && (a->dp == NULL)) {
+      /* opportunistic sanity check on a->dp */
+      return MP_VAL;
+  }
   return MP_OKAY;
 }
 
@@ -1758,6 +1762,13 @@ int s_mp_add (mp_int * a, mp_int * b, mp_int * c)
     /* destination */
     tmpc = c->dp;
 
+    /* sanity-check dp pointers from a and b. */
+    if ((min_ab > 0) &&
+        ((tmpa == NULL) || (tmpb == NULL)))
+    {
+        return MP_VAL;
+    }
+
     /* zero the carry */
     u = 0;
     for (i = 0; i < min_ab; i++) {
@@ -1833,6 +1844,13 @@ int s_mp_sub (mp_int * a, mp_int * b, mp_int * c)
     tmpb = b->dp;
     tmpc = c->dp;
 
+    /* sanity-check dp pointers from a and b. */
+    if ((min_b > 0) &&
+        ((tmpa == NULL) || (tmpb == NULL)))
+    {
+        return MP_VAL;
+    }
+
     /* set carry to zero */
     u = 0;
     for (i = 0; i < min_b; i++) {