From 9b430704d151efdf917eb388446bded760e86dd8 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 12 Oct 2018 19:15:34 +0200
Subject: [PATCH] Fix likely-harmless undefined behavior surrounding volatile

The code was making two unsequenced reads from volatile locations.
This is undefined behavior. It was probably harmless because we didn't
care in what order the reads happened and the reads were from ordinary
memory, but UB is UB and IAR8 complained.
---
 library/rsa.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/library/rsa.c b/library/rsa.c
index 69542f352..b401189d2 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1460,7 +1460,11 @@ static void mem_move_to_left( void *start,
          * `offset` passes shift the data one byte to the left and
          * zero out the last byte. */
         for( n = 0; n < total - 1; n++ )
-            buf[n] = if_int( no_op, buf[n], buf[n+1] );
+        {
+            unsigned char current = buf[n];
+            unsigned char next = buf[n+1];
+            buf[n] = if_int( no_op, current, next );
+        }
         buf[total-1] = if_int( no_op, buf[total-1], 0 );
     }
 }