With gcc 12 we ge the following warning:
In file included from tools/lib/rsa/rsa-verify.c:1:
lib/rsa/rsa-verify.c:275:11: warning: ‘*db’ may be used uninitialized
275 | db[0] &= 0xff >> leftmost_bits;
Check the value of db_len to ensure this cannot happen.
Signed-off-by: Simon Glass <s...@chromium.org>
---
lib/rsa/rsa-verify.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 1d95cfbdee0..81c39251e59 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -234,6 +234,11 @@ int padding_pss_verify(struct image_sign_info *info,
uint8_t leftmost_mask;
struct checksum_algo *checksum = info->checksum;
+ if (db_len <= 0) {
+ ret = -EINVAL;
+ goto out;
+ }
+
/* first, allocate everything */
db_mask = malloc(db_len);
db = malloc(db_len);
--
2.37.3.998.g577e59143f-goog
