stefanberger · stefanberger · Feb 11, 2026 · Feb 11, 2026 · Feb 11, 2026 · Feb 11, 2026
diff --git a/src/tpm12/tpm_counter.c b/src/tpm12/tpm_counter.c
@@ -408,6 +408,11 @@ TPM_RESULT TPM_CounterValue_StorePublic(TPM_STORE_BUFFER *sbuffer,
     TPM_RESULT	rc = 0;
 
     printf(" TPM_CounterValue_StorePublic:\n");
+    if (rc == 0) {
+        if (tpm_counter_value == NULL) { // -fanalyzer
+            rc = TPM_FAIL;
+        }
+    }
     /* store tag */
     if (rc == 0) {	
 	rc = TPM_Sbuffer_Append16(sbuffer, TPM_TAG_COUNTER_VALUE); 

diff --git a/src/tpm12/tpm_cryptoh.c b/src/tpm12/tpm_cryptoh.c
@@ -2374,7 +2374,7 @@ TPM_RESULT TPM_CryptoTest(void)
     if (rc == 0) {
 	printf(" TPM_CryptoTest: Test 1 - SHA1 one part\n");
 	rc = TPM_SHA1(actual,
-		      sizeof(buffer1) - 1, buffer1,
+		      (uint32_t)sizeof(buffer1) - 1, buffer1,
 		      0, NULL);
     }
     if (rc == 0) {
@@ -2390,7 +2390,7 @@ TPM_RESULT TPM_CryptoTest(void)
 	printf(" TPM_CryptoTest: Test 2 - SHA1 two parts\n");
 	rc = TPM_SHA1(actual,
 		      16, buffer1,	/* first 16 */
-		      sizeof(buffer1) - 17, buffer1 + 16,	/* rest */
+		      (uint32_t)sizeof(buffer1) - 17, buffer1 + 16,	/* rest */
 		      0, NULL);
     }
     if (rc == 0) {

diff --git a/src/tpm12/tpm_migration.c b/src/tpm12/tpm_migration.c
@@ -2898,7 +2898,7 @@ TPM_RESULT TPM_Process_CMK_CreateBlob(tpm_state_t *tpm_state,
     TPM_AUTHHANDLE parentAuthHandle;	/* The authorization handle used for the parent key. */
     TPM_NONCE nonceOdd;			/* Nonce generated by system associated with
 					   parentAuthHandle */
-    TPM_BOOL continueAuthSession;	/* Continue use flag for parent session */
+    TPM_BOOL continueAuthSession = FALSE;/* Continue use flag for parent session */
     TPM_AUTHDATA parentAuth;		/* The authorization digest for inputs and
 					   parentHandle. HMAC key: parentKey.usageAuth. */
 

diff --git a/src/tpm12/tpm_nvram.c b/src/tpm12/tpm_nvram.c
@@ -2896,6 +2896,11 @@ TPM_RESULT TPM_Process_NVDefineSpace(tpm_state_t *tpm_state,
     if (returnCode == TPM_SUCCESS) {
 	returnCode = TPM_NVIndexEntries_GetFreeEntry(&d1_new, &(tpm_state->tpm_nv_index_entries));
     }    
+    if (returnCode == TPM_SUCCESS) {
+        if (d1_new == NULL) { // -fanalyzer
+            returnCode = TPM_FAIL;
+        }
+    }
     /* get pubInfo parameter */
     if (returnCode == TPM_SUCCESS) {
 	pubInfo = &(d1_new->pubInfo);	/* pubInfo is an input parameter */

diff --git a/src/tpm12/tpm_session.c b/src/tpm12/tpm_session.c
@@ -182,6 +182,11 @@ TPM_RESULT TPM_AuthSessionData_Store(TPM_STORE_BUFFER *sbuffer,
     TPM_RESULT		rc = 0;
 
     printf(" TPM_AuthSessionData_Store:\n");
+    if (rc == 0) {
+        if (tpm_auth_session_data == NULL) { // -fanalyzer
+            rc = TPM_FAIL;
+        }
+    }
     /* store handle */
     if (rc == 0) {
 	rc = TPM_Sbuffer_Append32(sbuffer, tpm_auth_session_data->handle);
@@ -3047,10 +3052,10 @@ TPM_RESULT TPM_Process_SaveContext(tpm_state_t *tpm_state,
     TPM_BOOL			transportEncrypt;	/* wrapped in encrypted transport session */
     TPM_STORE_BUFFER		b1_sbuffer;		/* serialization of b1 */
     TPM_STCLEAR_DATA		*v1StClearData = NULL;
-    TPM_KEY_HANDLE_ENTRY	*tpm_key_handle_entry;	/* key table entry for the handle */
+    TPM_KEY_HANDLE_ENTRY	*tpm_key_handle_entry = NULL;	/* key table entry for the handle */
     TPM_AUTH_SESSION_DATA	*tpm_auth_session_data = NULL; /* session table entry for the handle */
-    TPM_TRANSPORT_INTERNAL	*tpm_transport_internal; /* transport table entry for the handle */
-    TPM_DAA_SESSION_DATA	*tpm_daa_session_data;	/* daa session table entry for the handle */
+    TPM_TRANSPORT_INTERNAL	*tpm_transport_internal = NULL; /* transport table entry for the handle */
+    TPM_DAA_SESSION_DATA	*tpm_daa_session_data = NULL;	/* daa session table entry for the handle */
     TPM_NONCE			*n1ContextNonce = NULL;
     TPM_SYMMETRIC_KEY_TOKEN 	k1ContextKey = NULL;
     TPM_STORE_BUFFER		r1ContextSensitive; /* serialization of sensitive data clear text */
@@ -3180,6 +3185,11 @@ TPM_RESULT TPM_Process_SaveContext(tpm_state_t *tpm_state,
 	printf("TPM_Process_SaveContext: Locating nonce\n");
 	/* a. If resourceType is TPM_RT_KEY */
 	if (resourceType == TPM_RT_KEY) {
+	    if (returnCode == TPM_SUCCESS) {
+	        if (tpm_key_handle_entry == NULL) { // -fanalyzer
+	            returnCode = TPM_FAIL;
+	        }
+	    }
 	    if (returnCode == TPM_SUCCESS) {
 		/* i. If TPM_STCLEAR_DATA -> contextNonceKey is NULLS */
 		TPM_Nonce_IsZero(&isZero, tpm_state->tpm_stclear_data.contextNonceKey);

diff --git a/src/tpm2/Object.c b/src/tpm2/Object.c
@@ -226,7 +226,10 @@ TPMI_RH_HIERARCHY
 GetHierarchy(TPMI_DH_OBJECT handle  // IN :object handle
 )
 {
-    return HandleToObject(handle)->hierarchy;
+    OBJECT *object = HandleToObject(handle);	// libtpms changed begin: -fanalyzer
+
+    pAssert(object);
+    return object->hierarchy;			// libtpms changed end
 }
 
 //*** FindEmptyObjectSlot()

diff --git a/src/tpm2/RuntimeProfile.c b/src/tpm2/RuntimeProfile.c
@@ -418,6 +418,9 @@ GetStateFormatLevelFromJSON(const char   *json,
     if (retVal)
 	return retVal;
 
+    if (!str) /* str==NULL cannot happen without retVal having been set; -fanalyzer issue */
+        return TPM_RC_FAILURE;
+
     errno = 0;
     v = strtoul(str, NULL, 10);
     if (v > UINT_MAX || errno) {