Hi gawiz,
Our mp_int structure is laid out as seen below. You can view this structure in <wolfssl_root>/wolfssl/wolfcrypt/integer.h
/* the infamous mp_int structure */
typedef struct {
int used, alloc, sign;
mp_digit *dp;
} mp_int;
The Visual Studio compiler is complaining that the mp_digit pointer (dp) is potentially not initialized. By assigning 0x0 to this pointer at the time of declaration you can silence this warning. I would add a comment to note this is only to silence an MSVS static analysis warning.
I did the following in integer.c:
static int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
{
mp_int q;
q.dp = NULL;
... rest of the function here ...
}
Evaluating this thoroughly we have proven it can never be "uninitialized" by the time the assignment takes place. This is a false positive from MSVS.
Proof follows:
if c IS NOT NULL the mp_init_size will initialize q and malloc q.dp
The first time q is used if c IS NULL (outside the first if block) is in the for loop.
The value of c can not change between if block and for loop.
the value of c can not change within the for loop
before q is used in the for loop (the line MSVS complains about) c is again evaluated
if c IS NULL q will not be used / cannot be used "uninitialized"
we can conclude the following:
q is used iff c != NULL.
if c != NULL q is initialized in the if block (line 4096 below)
c cannot become NULL between if block and for loop,
therefore q.dp can never be used uninitialized.
4096 if (c != NULL) {
4097 if ((res = mp_init_size(&q, a->used)) != MP_OKAY) {
4098 return res;
4099 }
4100
4101 q.used = a->used;
4102 q.sign = a->sign;
4103 }
4104
4105 w = 0;
4106 for (ix = a->used - 1; ix >= 0; ix--) {
4107 w = (w << ((mp_word)DIGIT_BIT)) | ((mp_word)a->dp[ix]);
4108
4109 if (w >= b) {
4110 t = (mp_digit)(w / b);
4111 w -= ((mp_word)t) * ((mp_word)b);
4112 } else {
4113 t = 0;
4114 }
4115 if (c != NULL)
4116 q.dp[ix] = (mp_digit)t;
4117 }
Best regards,
Kaleb