Try to fix issues reported by coverity

src/api/sockets.c

@@ -531,8 +531,9 @@ free_socket(struct lwip_sock *sock, int is_tcp)
 
 #if LWIP_NETCONN_FULLDUPLEX
   LWIP_ASSERT("sock->fd_used > 0", sock->fd_used > 0);
-  if (--sock->fd_used > 0) {
-    sock->fd_free_pending = LWIP_SOCK_FD_FREE_FREE | is_tcp ? LWIP_SOCK_FD_FREE_TCP : 0;
+  sock->fd_used--;
+  if (sock->fd_used > 0) {
+    sock->fd_free_pending = LWIP_SOCK_FD_FREE_FREE | (is_tcp ? LWIP_SOCK_FD_FREE_TCP : 0);
     SYS_ARCH_UNPROTECT(lev);
     return;
   }

src/apps/httpd/httpd.c

@@ -1728,7 +1728,11 @@ http_post_rxpbuf(struct http_state *hs, struct pbuf *p)
   /* prevent connection being closed if httpd_post_data_recved() is called nested */
   hs->unrecved_bytes++;
 #endif
-  err = httpd_post_receive_data(hs, p);
+  if (p != NULL) {
+    err = httpd_post_receive_data(hs, p);
+  } else {
+    err = ERR_OK;
+  }
 #if LWIP_HTTPD_SUPPORT_POST && LWIP_HTTPD_POST_MANUAL_WND
   hs->unrecved_bytes--;
 #endif

src/apps/httpd/makefsdata/makefsdata.c

@@ -763,6 +763,7 @@ static int checkSsiByFilelist(const char* filename_listfile)
     fclose(f);
     if ((readcount > fsize) || !readcount) {
       printf("failed to read data from ssi file\n");
+      free(buf);
       return 0;
     }
 
@@ -780,6 +781,7 @@ static int checkSsiByFilelist(const char* filename_listfile)
     lines = (char**)malloc(sizeof(char*) * num_lines);
     if (!lines) {
       printf("failed to allocate ssi line buffer\n");
+      free(buf);
       return 0;
     }
     memset(lines, 0, sizeof(char*) * num_lines);

src/core/ipv6/ip6.c

@@ -1038,14 +1038,6 @@ netif_found:
   }
 
 options_done:
-  if (hlen_tot >= 0x8000) {
-    /* s16_t overflow */
-    LWIP_DEBUGF(IP6_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("ip6_input: header length overflow: %"U16_F"\n", hlen_tot));
-    pbuf_free(p);
-    IP6_STATS_INC(ip6.proterr);
-    IP6_STATS_INC(ip6.drop);
-    goto options_done;
-  }
 
   /* send to upper layers */
   LWIP_DEBUGF(IP6_DEBUG, ("ip6_input: \n"));
@@ -1056,7 +1048,7 @@ options_done:
   
 #if LWIP_RAW
   /* p points to IPv6 header again for raw_input. */
-  pbuf_header_force(p, (s16_t)hlen_tot);
+  pbuf_add_header_force(p, hlen_tot);
   /* raw input did not eat the packet? */
   raw_status = raw_input(p, inp);
   if (raw_status != RAW_INPUT_EATEN)
@@ -1097,7 +1089,7 @@ options_done:
         {
 #if LWIP_ICMP6
         /* p points to IPv6 header again for raw_input. */
-        pbuf_header_force(p, (s16_t)hlen_tot);
+        pbuf_add_header_force(p, hlen_tot);
         /* send ICMP parameter problem unless it was a multicast or ICMPv6 */
         if ((!ip6_addr_ismulticast(ip6_current_dest_addr())) &&
             (IP6H_NEXTH(ip6hdr) != IP6_NEXTH_ICMP6)) {

src/core/ipv6/ip6_addr.c

@@ -139,21 +139,19 @@ ip6addr_aton(const char *cp, ip6_addr_t *addr)
     else {
       addr->addr[addr_index] = current_block_value << 16;
     }
-  }
 
-  /* convert to network byte order. */
-  if (addr) {
+    /* convert to network byte order. */
     for (addr_index = 0; addr_index < 4; addr_index++) {
       addr->addr[addr_index] = lwip_htonl(addr->addr[addr_index]);
     }
+
+    ip6_addr_clear_zone(addr);
   }
 
   if (current_block_index != 7) {
     return 0;
   }
 
-  ip6_addr_clear_zone(addr);
-
   return 1;
 }
 

src/core/mem.c

@@ -104,9 +104,8 @@ mem_overflow_check_raw(void *p, size_t size, const char *descr1, const char *des
   m = (u8_t *)p + size;
   for (k = 0; k < MEM_SANITY_REGION_AFTER_ALIGNED; k++) {
     if (m[k] != 0xcd) {
-      char errstr[128] = "detected mem overflow in ";
-      strcat(errstr, descr1);
-      strcat(errstr, descr2);
+      char errstr[128];
+      snprintf(errstr, sizeof(errstr), "detected mem overflow in %s%s", descr1, descr2);
       LWIP_ASSERT(errstr, 0);
     }
   }
@@ -116,9 +115,8 @@ mem_overflow_check_raw(void *p, size_t size, const char *descr1, const char *des
   m = (u8_t *)p - MEM_SANITY_REGION_BEFORE_ALIGNED;
   for (k = 0; k < MEM_SANITY_REGION_BEFORE_ALIGNED; k++) {
     if (m[k] != 0xcd) {
-      char errstr[128] = "detected mem underflow in ";
-      strcat(errstr, descr1);
-      strcat(errstr, descr2);
+      char errstr[128];
+      snprintf(errstr, sizeof(errstr), "detected mem underflow in %s%s", descr1, descr2);
       LWIP_ASSERT(errstr, 0);
     }
   }

src/core/tcp_out.c

@@ -965,9 +965,7 @@ tcp_split_unsent_seg(struct tcp_pcb *pcb, u16_t split)
 memerr:
   TCP_STATS_INC(tcp.memerr);
 
-  if (seg != NULL) {
-    tcp_segs_free(seg);
-  }
+  LWIP_ASSERT("seg == NULL", seg == NULL);
   if (p != NULL) {
     pbuf_free(p);
   }

src/netif/ppp/ppp.c

@@ -964,7 +964,10 @@ void ppp_input(ppp_pcb *pcb, struct pbuf *pb) {
 #endif /* PPP_PROTOCOLNAME */
         ppp_warn("Unsupported protocol 0x%x received", protocol);
 #endif /* PPP_DEBUG */
-        pbuf_add_header(pb, sizeof(protocol));
+        if (pbuf_add_header(pb, sizeof(protocol))) {
+          PPPDEBUG(LOG_WARNING, ("ppp_input[%d]: Dropping (pbuf_add_header failed)\n", pcb->netif->num));
+          goto drop;
+        }
         lcp_sprotrej(pcb, (u8_t*)pb->payload, pb->len);
       }
       break;