From e4e0c3ec7f2f65476b211e15eab71a297eb57074 Mon Sep 17 00:00:00 2001
From: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Tue, 24 Feb 2026 01:05:19 +0000
Subject: [PATCH] Add MISRA suppressions for malloc and free with justification

---
 MISRA.md             |  8 ++++++++
 source/core_pkcs11.c | 12 ++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/MISRA.md b/MISRA.md
index dd62c42a..1809a31b 100644
--- a/MISRA.md
+++ b/MISRA.md
@@ -44,3 +44,11 @@ _Ref 11.5.1_
 
 - MISRA C-2012 Rule 11.5 Allow casts from `void *`. Fields such as publish
     payloads are passed as `void *` and must be cast to the correct data type before use.
+
+#### Rule 21.3
+
+_Ref 21.3.1_
+
+- MISRA C:2012 Rule 21.3: MISRA warns against the use of dynamic memory allocation as it might lead to
+    undefined behavior if not used properly. Proper care is taken in the code to not use free'd pointers
+    and to check the validity of malloc'd memory before it is dereferenced or used.
diff --git a/source/core_pkcs11.c b/source/core_pkcs11.c
index 299d8bb7..1f1eab00 100644
--- a/source/core_pkcs11.c
+++ b/source/core_pkcs11.c
@@ -83,7 +83,9 @@ CK_RV xGetSlotList( CK_SLOT_ID ** ppxSlotId,
         {
             /* MISRA Ref 11.5.1 [Void pointer assignment] */
             /* More details at: https://github.com/FreeRTOS/corePKCS11/blob/main/MISRA.md#rule-115 */
+            /* More details at: https://github.com/FreeRTOS/corePKCS11/blob/main/MISRA.md#rule-213 */
             /* coverity[misra_c_2012_rule_11_5_violation] */
+            /* coverity[misra_c_2012_rule_21_3_violation] */
             pxSlotId = pkcs11configPKCS11_MALLOC( sizeof( CK_SLOT_ID ) * ( *pxSlotCount ) );
 
             if( pxSlotId == NULL )
@@ -108,6 +110,8 @@ CK_RV xGetSlotList( CK_SLOT_ID ** ppxSlotId,
 
     if( ( xResult != CKR_OK ) && ( pxSlotId != NULL ) )
     {
+        /* More details at: https://github.com/FreeRTOS/corePKCS11/blob/main/MISRA.md#rule-213 */
+        /* coverity[misra_c_2012_rule_21_3_violation] */
         pkcs11configPKCS11_FREE( pxSlotId );
         *ppxSlotId = NULL;
     }
@@ -189,7 +193,9 @@ CK_RV xInitializePkcs11Token( void )
         /* Check if the token requires further initialization. */
         /* MISRA Ref 11.5.1 [Void pointer assignment] */
         /* More details at: https://github.com/FreeRTOS/corePKCS11/blob/main/MISRA.md#rule-115 */
+        /* More details at: https://github.com/FreeRTOS/corePKCS11/blob/main/MISRA.md#rule-213 */
         /* coverity[misra_c_2012_rule_11_5_violation] */
+        /* coverity[misra_c_2012_rule_21_3_violation] */
         pxTokenInfo = pkcs11configPKCS11_MALLOC( sizeof( CK_TOKEN_INFO ) );
 
         if( pxTokenInfo != NULL )
@@ -222,11 +228,15 @@ CK_RV xInitializePkcs11Token( void )
 
     if( pxTokenInfo != NULL )
     {
+        /* More details at: https://github.com/FreeRTOS/corePKCS11/blob/main/MISRA.md#rule-213 */
+        /* coverity[misra_c_2012_rule_21_3_violation] */
         pkcs11configPKCS11_FREE( pxTokenInfo );
     }
 
     if( pxSlotId != NULL )
     {
+        /* More details at: https://github.com/FreeRTOS/corePKCS11/blob/main/MISRA.md#rule-213 */
+        /* coverity[misra_c_2012_rule_21_3_violation] */
         pkcs11configPKCS11_FREE( pxSlotId );
     }
 
@@ -295,6 +305,8 @@ CK_RV xInitializePkcs11Session( CK_SESSION_HANDLE * pxSession )
         }
 
         /* Free the memory allocated by xGetSlotList. */
+        /* More details at: https://github.com/FreeRTOS/corePKCS11/blob/main/MISRA.md#rule-213 */
+        /* coverity[misra_c_2012_rule_21_3_violation] */
         pkcs11configPKCS11_FREE( pxSlotId );
     }