build: suppress GCC analyzer warnings

Signed-off-by: Daiki Ueno <ueno@gnu.org>

6 files changed, 26 insertions, 10 deletions

diff --git a/lib/auth/cert.c b/lib/auth/cert.c
index 228d98468a..f122049e14 100644
--- a/lib/auth/cert.c
+++ b/lib/auth/cert.c
@@ -1636,6 +1636,10 @@ _gnutls_select_server_cert(gnutls_session_t session, const gnutls_cipher_suite_e
 			if (session->internals.selected_cert_list_length == 0)
 				return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
 
+			if (unlikely(session->internals.selected_cert_list == NULL)) {
+				return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+			}
+
 			_gnutls_debug_log("Selected (%s) cert\n",
 					  gnutls_pk_get_name(session->internals.selected_cert_list[0].pubkey->params.algo));
 		}
diff --git a/lib/nettle/int/provable-prime.c b/lib/nettle/int/provable-prime.c
index 585cd031e0..3a626a2c81 100644
--- a/lib/nettle/int/provable-prime.c
+++ b/lib/nettle/int/provable-prime.c
@@ -1173,7 +1173,7 @@ st_provable_prime(mpz_t p,
 	if (iterations > 0) {
 		storage_length = iterations * DIGEST_SIZE;
 
-		storage = malloc(storage_length);
+		storage = gnutls_malloc(storage_length);
 		if (storage == NULL)
 			goto fail;
 
@@ -1307,7 +1307,7 @@ st_provable_prime(mpz_t p,
 	mpz_clear(t);
 	mpz_clear(tmp);
 	mpz_clear(c);
-	free(pseed);
-	free(storage);
+	gnutls_free(pseed);
+	gnutls_free(storage);
 	return ret;
 }
diff --git a/lib/pk.c b/lib/pk.c
index c5600a32a3..753cecd187 100644
--- a/lib/pk.c
+++ b/lib/pk.c
@@ -93,6 +93,7 @@ _gnutls_encode_ber_rs_raw(gnutls_datum_t * sig_value,
 	}
 
 	if (r->data[0] >= 0x80) {
+		assert(tmp);
 		tmp[0] = 0;
 		memcpy(&tmp[1], r->data, r->size);
 		result = asn1_write_value(sig, "r", tmp, 1+r->size);
@@ -108,6 +109,7 @@ _gnutls_encode_ber_rs_raw(gnutls_datum_t * sig_value,
 
 
 	if (s->data[0] >= 0x80) {
+		assert(tmp);
 		tmp[0] = 0;
 		memcpy(&tmp[1], s->data, s->size);
 		result = asn1_write_value(sig, "s", tmp, 1+s->size);
@@ -598,6 +600,10 @@ encode_ber_digest_info(const mac_entry_st * e,
 	uint8_t *tmp_output;
 	int tmp_output_size;
 
+	if (unlikely(e == NULL)) {
+		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+	}
+
 	/* prevent asn1_write_value() treating input as string */
 	if (digest->size == 0)
 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
diff --git a/lib/x509/pkcs7-crypt.c b/lib/x509/pkcs7-crypt.c
index 59eddcd2a4..6f528a9114 100644
--- a/lib/x509/pkcs7-crypt.c
+++ b/lib/x509/pkcs7-crypt.c
@@ -1211,6 +1211,10 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, asn1_node pkcs8_asn,
 	}
 
 	ce = cipher_to_entry(enc_params->cipher);
+	if (unlikely(ce == NULL)) {
+		ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_CIPHER_TYPE);
+		goto error;
+	}
 	block_size = _gnutls_cipher_get_block_size(ce);
 
 	if (ce->type == CIPHER_BLOCK) {
diff --git a/src/tests.c b/src/tests.c
index 85c4b66995..8526b69437 100644
--- a/src/tests.c
+++ b/src/tests.c
@@ -1613,7 +1613,9 @@ test_code_t test_chain_order(gnutls_session_t session)
 
 		gnutls_free(t.data);
 	}
-	*pos = 0;
+	if (pos) {
+		*pos = 0;
+	}
 
 	t.size = p_size;
 	t.data = (void*)p;
diff --git a/src/tpmtool.c b/src/tpmtool.c
index 171b7fd416..1b230c2ffa 100644
--- a/src/tpmtool.c
+++ b/src/tpmtool.c
@@ -263,15 +263,15 @@ static void tpm_generate(FILE * out, unsigned int key_type,
 	gnutls_datum_t privkey, pubkey;
 
 	if (!srk_well_known) {
-		srk_pass = getpass("Enter SRK password: ");
-		if (srk_pass != NULL)
-			srk_pass = strdup(srk_pass);
+		char *pass = getpass("Enter SRK password: ");
+		if (pass != NULL)
+			srk_pass = strdup(pass);
 	}
 
 	if (!(flags & GNUTLS_TPM_REGISTER_KEY)) {
-		key_pass = getpass("Enter key password: ");
-		if (key_pass != NULL)
-			key_pass = strdup(key_pass);
+		char *pass = getpass("Enter key password: ");
+		if (pass != NULL)
+			key_pass = strdup(pass);
 	}
 
 	ret =