Fixed coverity issues

(1013568,1013567,1013566,1013563,1013562,1013560,1013560,1013559,1013557,1013556,1013553,1013549)

- Fixed memory leak problem
- Fixed a bug that allocates memory for wrong structure.
- Fixed potential problems that may be handled as negative integer.

Change-Id: Ia124c20b9ddac8ae4cd70e30a783cd5b8c7175af
Signed-off-by: saerome.kim <saerome.kim@samsung.com>

diff --git a/include/zigbee.h b/include/zigbee.h
index 94fbece172f4f352e98cc845975f162c679f0e45..d2ff95737008f946b61672ca72b0fc3ab70d6c75 100644 (file)
--- a/include/zigbee.h
+++ b/include/zigbee.h
@@ -2009,6 +2009,7 @@ int zb_read_attr_status_record_create(zb_zcl_read_attr_status_record_h *handle);
  * @retval #ZIGBEE_ERROR_NONE Successful
  * @retval #ZIGBEE_ERROR_INVALID_PARAMETER Invalid parameter
  * @retval #ZIGBEE_ERROR_NOT_SUPPORTED Not supported
+ * @retval #ZIGBEE_ERROR_NO_DATA No data
  *
  * @see zb_read_attr_status_record_create()
  * @see zb_read_attr_status_record_destroy()
@@ -3168,6 +3169,7 @@ int zb_report_config_record_create(zb_zcl_reporting_config_record_h *handle);
  * @retval #ZIGBEE_ERROR_NONE Successful
  * @retval #ZIGBEE_ERROR_INVALID_PARAMETER Invalid parameter
  * @retval #ZIGBEE_ERROR_NOT_SUPPORTED Not supported
+ * @retval #ZIGBEE_ERROR_NO_DATA No data
  *
  * @see zb_zcl_global_read_report_config_cb()
  * @see zb_report_config_record_create()

diff --git a/src/zbl-zcl.c b/src/zbl-zcl.c
index ca513a43cb04d8e5cb2220275ed20b53aeb225ae..6322a984d9b2c4955bfbbed5c16db728bab170d4 100644 (file)
--- a/src/zbl-zcl.c
+++ b/src/zbl-zcl.c
@@ -47,6 +47,7 @@ API int zb_read_attr_status_record_create(
 API int zb_read_attr_status_record_clone(zb_zcl_read_attr_status_record_h src,
        zb_zcl_read_attr_status_record_h *dst)
 {
+       int len = -1;
        struct read_attribute_status_record_s *srcs = src;
        struct read_attribute_status_record_s *desc = NULL;
 
@@ -59,8 +60,16 @@ API int zb_read_attr_status_record_clone(zb_zcl_read_attr_status_record_h src,
 
        memcpy(desc, src, sizeof(struct read_attribute_status_record_s));
        desc->value = calloc(1, zb_zcl_get_data_size(srcs->type));
-       RETVM_IF(NULL == desc->value, ZIGBEE_ERROR_OUT_OF_MEMORY, "calloc() Fail(%d)", errno);
-       memcpy(desc->value, srcs->value, zb_zcl_get_data_size(srcs->type));
+       if (NULL == desc->value) {
+               free(desc);
+               desc = NULL;
+               ERR("calloc() Fail(%d)", errno);
+               return ZIGBEE_ERROR_OUT_OF_MEMORY;
+       }
+
+       len = zb_zcl_get_data_size(srcs->type);
+       RETV_IF(0 >= len, ZIGBEE_ERROR_NO_DATA);
+       memcpy(desc->value, srcs->value, len);
        *dst = desc;
 
        return ZIGBEE_ERROR_NONE;
@@ -227,7 +236,7 @@ API int zb_read_attr_status_record_set_value(
                h->value = calloc(count + ZB_ZCL_OCTET_SIZE + ZB_GUARD_CHAR, sizeof(char));
                RETV_IF(NULL == h->value, ZIGBEE_ERROR_OUT_OF_MEMORY);
 
-               h->value[0] = count;
+               h->value[0] = (unsigned char)count;
                memcpy(h->value + ZB_ZCL_OCTET_SIZE, value + ZB_ZCL_OCTET_SIZE, count);
 
        } else if (ZB_ZCL_LONG_OCTET_STRING == type || ZB_ZCL_LONG_CHARACTER_STRING == type) {
@@ -235,8 +244,8 @@ API int zb_read_attr_status_record_set_value(
                h->value = calloc(count + ZB_ZCL_LONG_OCTET_SIZE + ZB_GUARD_CHAR, sizeof(char));
                RETV_IF(NULL == h->value, ZIGBEE_ERROR_OUT_OF_MEMORY);
 
-               h->value[0] = count & 0xff;
-               h->value[1] = (count >> 8) & 0xff ;
+               h->value[0] = (unsigned char)count & 0xff;
+               h->value[1] = (unsigned char)(count >> 8) & 0xff ;
                memcpy(h->value + ZB_ZCL_LONG_OCTET_SIZE, value, len);
 
        } else {
@@ -358,6 +367,7 @@ API int zb_write_attr_record_create(zb_zcl_write_attr_record_h *handle)
 API int zb_write_attr_record_clone(zb_zcl_write_attr_record_h src,
        zb_zcl_write_attr_record_h *dst)
 {
+       int len = -1;
        struct write_attribute_record_s *srcs = src;
        struct write_attribute_record_s *desc = NULL;
 
@@ -371,9 +381,18 @@ API int zb_write_attr_record_clone(zb_zcl_write_attr_record_h src,
        memcpy(desc, src, sizeof(struct write_attribute_record_s));
 
        desc->value = calloc(1, zb_zcl_get_data_size(srcs->type));
-       RETVM_IF(NULL == desc->value, ZIGBEE_ERROR_OUT_OF_MEMORY, "calloc() Fail(%d)", errno);
+       if (NULL == desc->value) {
+               free(desc);
+               desc = NULL;
 
-       memcpy(desc->value, srcs->value, zb_zcl_get_data_size(srcs->type));
+               ERR("calloc() Fail(%d)", errno);
+               return ZIGBEE_ERROR_OUT_OF_MEMORY;
+       }
+
+       len = zb_zcl_get_data_size(srcs->type);
+       RETV_IF(0 >= len, ZIGBEE_ERROR_NO_DATA);
+
+       memcpy(desc->value, srcs->value, len);
        *dst = desc;
 
        return ZIGBEE_ERROR_NONE;
@@ -581,6 +600,7 @@ API int zb_report_config_record_create(zb_zcl_reporting_config_record_h *handle)
 API int zb_report_config_record_clone(zb_zcl_reporting_config_record_h src,
        zb_zcl_reporting_config_record_h *dst)
 {
+       int len = -1;
        struct reporting_configuration_record_s *srcs = src;
        struct reporting_configuration_record_s *desc = NULL;
 
@@ -594,9 +614,17 @@ API int zb_report_config_record_clone(zb_zcl_reporting_config_record_h src,
        memcpy(desc, src, sizeof(struct reporting_configuration_record_s));
 
        desc->change = calloc(1, zb_zcl_get_data_size(srcs->type));
-       RETVM_IF(NULL == desc->change, ZIGBEE_ERROR_OUT_OF_MEMORY, "calloc() Fail(%d)", errno);
+       if (NULL == desc->change) {
+               free(desc);
+               desc = NULL;
+               ERR("calloc() Fail(%d)", errno);
+               return ZIGBEE_ERROR_OUT_OF_MEMORY;
+       }
+
+       len = zb_zcl_get_data_size(srcs->type);
+       RETV_IF(0 >= len, ZIGBEE_ERROR_NO_DATA);
 
-       memcpy(desc->change, srcs->change, zb_zcl_get_data_size(srcs->type));
+       memcpy(desc->change, srcs->change, len);
        *dst = desc;
 
        return ZIGBEE_ERROR_NONE;
@@ -1065,7 +1093,12 @@ API int zb_attr_report_clone(zb_zcl_attr_report_h src, zb_zcl_attr_report_h *dst
        memcpy(desc, srcs, sizeof(struct attribute_report_s));
 
        desc->value = calloc(1, zb_zcl_get_data_size(srcs->type));
-       RETVM_IF(NULL == desc->value, ZIGBEE_ERROR_OUT_OF_MEMORY, "calloc() Fail(%d)", errno);
+       if (NULL == desc->value) {
+               free(desc);
+               desc = NULL;
+               ERR("calloc() Fail(%d)", errno);
+               return ZIGBEE_ERROR_OUT_OF_MEMORY;
+       }
 
        memcpy(desc->value, srcs->value, zb_zcl_get_data_size(srcs->type));
        *dst = desc;

diff --git a/src/zbl-zdo.c b/src/zbl-zdo.c
index e66e8a6f4525f9526db615c40a3258d99fb7b800..73cb5ea1dfa0b55020a6c57594b827eb677a4849 100644 (file)
--- a/src/zbl-zdo.c
+++ b/src/zbl-zdo.c
@@ -123,7 +123,7 @@ API int zb_foreach_end_dev_info(zb_end_dev_info_h *list,
 
 API int zb_end_dev_info_create(zb_end_dev_info_h *handle)
 {
-       struct zb_zdo_node_descriptor_s* h = NULL;
+       struct zb_end_device_info_s* h = NULL;
 
        CHECK_ZIGBEE_PRIVILEGE();
        CHECK_FEATURE_SUPPORTED(ZIGBEE_FEATURE);

diff --git a/test/main.c b/test/main.c
index ab28b6a00ecf6028e5ed74ae3addabe04ca96948..56205125f542797ded52da5a63bcf94169e347e4 100644 (file)
--- a/test/main.c
+++ b/test/main.c
@@ -1005,14 +1005,14 @@ static int run_choose_end_device_list(MManager *mm, struct menu_data *menu)
                        );
                msgn("      ");
 
-               if (NULL == ep_list)
-                       continue;
-
-               for (j = 0; j < num_of_ep; j++)
-                       msgn("%04x ", ep_list[j]);
-               msg("\n");
+               if (ep_list) {
+                       for (j = 0; j < num_of_ep; j++)
+                               msgn("%04x ", ep_list[j]);
+                       msg("\n");
 
-               free(ep_list);
+                       free(ep_list);
+                       ep_list = NULL;
+               }
        }
 
        return ret;