Add missing null check for ctx and input keys in the public API

elichai · elichai · commit adec5a16383f · 2021-07-04T12:47:46.000+03:00
diff --git a/include/secp256k1.h b/include/secp256k1.h
@@ -247,7 +247,7 @@ SECP256K1_API secp256k1_context* secp256k1_context_clone(
  */
 SECP256K1_API void secp256k1_context_destroy(
     secp256k1_context* ctx
-);
+) SECP256K1_ARG_NONNULL(1);
 
 /** Set a callback function to be called when an illegal argument is passed to
  *  an API call. It will only trigger for violations that are mentioned
diff --git a/include/secp256k1_preallocated.h b/include/secp256k1_preallocated.h
@@ -119,7 +119,7 @@ SECP256K1_API secp256k1_context* secp256k1_context_preallocated_clone(
  */
 SECP256K1_API void secp256k1_context_preallocated_destroy(
     secp256k1_context* ctx
-);
+) SECP256K1_ARG_NONNULL(1);
 
 #ifdef __cplusplus
 }
diff --git a/src/modules/recovery/main_impl.h b/src/modules/recovery/main_impl.h
@@ -40,7 +40,7 @@ int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context*
     int ret = 1;
     int overflow = 0;
 
-    (void)ctx;
+    VERIFY_CHECK(ctx != NULL);
     ARG_CHECK(sig != NULL);
     ARG_CHECK(input64 != NULL);
     ARG_CHECK(recid >= 0 && recid <= 3);
@@ -60,7 +60,7 @@ int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context*
 int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context* ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature* sig) {
     secp256k1_scalar r, s;
 
-    (void)ctx;
+    VERIFY_CHECK(ctx != NULL);
     ARG_CHECK(output64 != NULL);
     ARG_CHECK(sig != NULL);
     ARG_CHECK(recid != NULL);
@@ -75,7 +75,7 @@ int secp256k1_ecdsa_recoverable_signature_convert(const secp256k1_context* ctx,
     secp256k1_scalar r, s;
     int recid;
 
-    (void)ctx;
+    VERIFY_CHECK(ctx != NULL);
     ARG_CHECK(sig != NULL);
     ARG_CHECK(sigin != NULL);
 
diff --git a/src/secp256k1.c b/src/secp256k1.c
@@ -771,6 +771,7 @@ int secp256k1_ec_pubkey_combine(const secp256k1_context* ctx, secp256k1_pubkey *
     secp256k1_gej Qj;
     secp256k1_ge Q;
 
+    VERIFY_CHECK(ctx != NULL);
     ARG_CHECK(pubnonce != NULL);
     memset(pubnonce, 0, sizeof(*pubnonce));
     ARG_CHECK(n >= 1);
@@ -779,6 +780,7 @@ int secp256k1_ec_pubkey_combine(const secp256k1_context* ctx, secp256k1_pubkey *
     secp256k1_gej_set_infinity(&Qj);
 
     for (i = 0; i < n; i++) {
+        ARG_CHECK(pubnonces[i] != NULL);
         secp256k1_pubkey_load(ctx, &Q, pubnonces[i]);
         secp256k1_gej_add_ge(&Qj, &Qj, &Q);
     }

Original file line number	Diff line number	Diff line change
`@@ -119,7 +119,7 @@ SECP256K1_API secp256k1_context* secp256k1_context_preallocated_clone(`
`119`	`119`	`*/`
`120`	`120`	`SECP256K1_API void secp256k1_context_preallocated_destroy(`
`121`	`121`	`secp256k1_context* ctx`
`122`		`-);`
	`122`	`+) SECP256K1_ARG_NONNULL(1);`
`123`	`123`
`124`	`124`	`#ifdef __cplusplus`
`125`	`125`	`}`