From e20e9bc3d46ccc1711db33474982604580a6db2f Mon Sep 17 00:00:00 2001 From: goldsimon Date: Tue, 13 Feb 2018 12:08:13 +0100 Subject: [PATCH] Try to fix issues reported by coverity --- src/api/sockets.c | 5 +++-- src/apps/httpd/httpd.c | 6 +++++- src/apps/httpd/makefsdata/makefsdata.c | 2 ++ src/core/ipv6/ip6.c | 12 ++---------- src/core/ipv6/ip6_addr.c | 8 +++----- src/core/mem.c | 10 ++++------ src/core/tcp_out.c | 4 +--- src/netif/ppp/ppp.c | 5 ++++- 8 files changed, 24 insertions(+), 28 deletions(-) diff --git a/src/api/sockets.c b/src/api/sockets.c index d8dc8327..167b5398 100644 --- a/src/api/sockets.c +++ b/src/api/sockets.c @@ -531,8 +531,9 @@ free_socket(struct lwip_sock *sock, int is_tcp) #if LWIP_NETCONN_FULLDUPLEX LWIP_ASSERT("sock->fd_used > 0", sock->fd_used > 0); - if (--sock->fd_used > 0) { - sock->fd_free_pending = LWIP_SOCK_FD_FREE_FREE | is_tcp ? LWIP_SOCK_FD_FREE_TCP : 0; + sock->fd_used--; + if (sock->fd_used > 0) { + sock->fd_free_pending = LWIP_SOCK_FD_FREE_FREE | (is_tcp ? LWIP_SOCK_FD_FREE_TCP : 0); SYS_ARCH_UNPROTECT(lev); return; } diff --git a/src/apps/httpd/httpd.c b/src/apps/httpd/httpd.c index 2317ca10..e5465cd0 100644 --- a/src/apps/httpd/httpd.c +++ b/src/apps/httpd/httpd.c @@ -1728,7 +1728,11 @@ http_post_rxpbuf(struct http_state *hs, struct pbuf *p) /* prevent connection being closed if httpd_post_data_recved() is called nested */ hs->unrecved_bytes++; #endif - err = httpd_post_receive_data(hs, p); + if (p != NULL) { + err = httpd_post_receive_data(hs, p); + } else { + err = ERR_OK; + } #if LWIP_HTTPD_SUPPORT_POST && LWIP_HTTPD_POST_MANUAL_WND hs->unrecved_bytes--; #endif diff --git a/src/apps/httpd/makefsdata/makefsdata.c b/src/apps/httpd/makefsdata/makefsdata.c index 0af3bbc2..d36520de 100644 --- a/src/apps/httpd/makefsdata/makefsdata.c +++ b/src/apps/httpd/makefsdata/makefsdata.c @@ -763,6 +763,7 @@ static int checkSsiByFilelist(const char* filename_listfile) fclose(f); if ((readcount > fsize) || !readcount) { printf("failed to read data from ssi file\n"); + free(buf); return 0; } @@ -780,6 +781,7 @@ static int checkSsiByFilelist(const char* filename_listfile) lines = (char**)malloc(sizeof(char*) * num_lines); if (!lines) { printf("failed to allocate ssi line buffer\n"); + free(buf); return 0; } memset(lines, 0, sizeof(char*) * num_lines); diff --git a/src/core/ipv6/ip6.c b/src/core/ipv6/ip6.c index 993a65fb..3f572ef9 100644 --- a/src/core/ipv6/ip6.c +++ b/src/core/ipv6/ip6.c @@ -1038,14 +1038,6 @@ netif_found: } options_done: - if (hlen_tot >= 0x8000) { - /* s16_t overflow */ - LWIP_DEBUGF(IP6_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("ip6_input: header length overflow: %"U16_F"\n", hlen_tot)); - pbuf_free(p); - IP6_STATS_INC(ip6.proterr); - IP6_STATS_INC(ip6.drop); - goto options_done; - } /* send to upper layers */ LWIP_DEBUGF(IP6_DEBUG, ("ip6_input: \n")); @@ -1056,7 +1048,7 @@ options_done: #if LWIP_RAW /* p points to IPv6 header again for raw_input. */ - pbuf_header_force(p, (s16_t)hlen_tot); + pbuf_add_header_force(p, hlen_tot); /* raw input did not eat the packet? */ raw_status = raw_input(p, inp); if (raw_status != RAW_INPUT_EATEN) @@ -1097,7 +1089,7 @@ options_done: { #if LWIP_ICMP6 /* p points to IPv6 header again for raw_input. */ - pbuf_header_force(p, (s16_t)hlen_tot); + pbuf_add_header_force(p, hlen_tot); /* send ICMP parameter problem unless it was a multicast or ICMPv6 */ if ((!ip6_addr_ismulticast(ip6_current_dest_addr())) && (IP6H_NEXTH(ip6hdr) != IP6_NEXTH_ICMP6)) { diff --git a/src/core/ipv6/ip6_addr.c b/src/core/ipv6/ip6_addr.c index 3846b2f5..7ff83d9d 100644 --- a/src/core/ipv6/ip6_addr.c +++ b/src/core/ipv6/ip6_addr.c @@ -139,21 +139,19 @@ ip6addr_aton(const char *cp, ip6_addr_t *addr) else { addr->addr[addr_index] = current_block_value << 16; } - } - /* convert to network byte order. */ - if (addr) { + /* convert to network byte order. */ for (addr_index = 0; addr_index < 4; addr_index++) { addr->addr[addr_index] = lwip_htonl(addr->addr[addr_index]); } + + ip6_addr_clear_zone(addr); } if (current_block_index != 7) { return 0; } - ip6_addr_clear_zone(addr); - return 1; } diff --git a/src/core/mem.c b/src/core/mem.c index 5f53bcec..a0b0d78f 100644 --- a/src/core/mem.c +++ b/src/core/mem.c @@ -104,9 +104,8 @@ mem_overflow_check_raw(void *p, size_t size, const char *descr1, const char *des m = (u8_t *)p + size; for (k = 0; k < MEM_SANITY_REGION_AFTER_ALIGNED; k++) { if (m[k] != 0xcd) { - char errstr[128] = "detected mem overflow in "; - strcat(errstr, descr1); - strcat(errstr, descr2); + char errstr[128]; + snprintf(errstr, sizeof(errstr), "detected mem overflow in %s%s", descr1, descr2); LWIP_ASSERT(errstr, 0); } } @@ -116,9 +115,8 @@ mem_overflow_check_raw(void *p, size_t size, const char *descr1, const char *des m = (u8_t *)p - MEM_SANITY_REGION_BEFORE_ALIGNED; for (k = 0; k < MEM_SANITY_REGION_BEFORE_ALIGNED; k++) { if (m[k] != 0xcd) { - char errstr[128] = "detected mem underflow in "; - strcat(errstr, descr1); - strcat(errstr, descr2); + char errstr[128]; + snprintf(errstr, sizeof(errstr), "detected mem underflow in %s%s", descr1, descr2); LWIP_ASSERT(errstr, 0); } } diff --git a/src/core/tcp_out.c b/src/core/tcp_out.c index 1ee7b9c8..88a2427c 100644 --- a/src/core/tcp_out.c +++ b/src/core/tcp_out.c @@ -965,9 +965,7 @@ tcp_split_unsent_seg(struct tcp_pcb *pcb, u16_t split) memerr: TCP_STATS_INC(tcp.memerr); - if (seg != NULL) { - tcp_segs_free(seg); - } + LWIP_ASSERT("seg == NULL", seg == NULL); if (p != NULL) { pbuf_free(p); } diff --git a/src/netif/ppp/ppp.c b/src/netif/ppp/ppp.c index 5a1fb7b5..b9eccc8f 100644 --- a/src/netif/ppp/ppp.c +++ b/src/netif/ppp/ppp.c @@ -964,7 +964,10 @@ void ppp_input(ppp_pcb *pcb, struct pbuf *pb) { #endif /* PPP_PROTOCOLNAME */ ppp_warn("Unsupported protocol 0x%x received", protocol); #endif /* PPP_DEBUG */ - pbuf_add_header(pb, sizeof(protocol)); + if (pbuf_add_header(pb, sizeof(protocol))) { + PPPDEBUG(LOG_WARNING, ("ppp_input[%d]: Dropping (pbuf_add_header failed)\n", pcb->netif->num)); + goto drop; + } lcp_sprotrej(pcb, (u8_t*)pb->payload, pb->len); } break;