Merge bitcoin#644: Avoid optimizing out a verify_check

sipa · sipa · commit e95f8ab098c5 · 2019-08-06T15:30:19.000-07:00
94ae7cb Moved a dereference so the null check will be before the dereferencing (Elichai Turkel) Pull request description: Before that even on debug the compiler could've assumed `a` isn't null and optimized `VERIFY_CHECK(a != NULL);` out. This put the dereference after the check Resolves bitcoin#643 ACKs for commit 94ae7c: sipa: ACK 94ae7cb Tree-SHA512: 8b986f202ede5bde1f14a8ecf25e339d64ee6cd5cb391c5f18b4ff58f946c3845902d1230bc80d110a0a33b37025d281bd4532afbdf03b1c9ca321097374eb8e
diff --git a/src/ecmult_impl.h b/src/ecmult_impl.h
@@ -395,7 +395,7 @@ static void secp256k1_ecmult_context_clear(secp256k1_ecmult_context *ctx) {
  *    than the number of bits in the (absolute value) of the input.
  */
 static int secp256k1_ecmult_wnaf(int *wnaf, int len, const secp256k1_scalar *a, int w) {
-    secp256k1_scalar s = *a;
+    secp256k1_scalar s;
     int last_set_bit = -1;
     int bit = 0;
     int sign = 1;
@@ -408,6 +408,7 @@ static int secp256k1_ecmult_wnaf(int *wnaf, int len, const secp256k1_scalar *a,
 
     memset(wnaf, 0, len * sizeof(wnaf[0]));
 
+    s = *a;
     if (secp256k1_scalar_get_bits(&s, 255, 1)) {
         secp256k1_scalar_negate(&s, &s);
         sign = -1;
