Fixes for problems found by Coverity in the nuttx repository:

net/socket/recvfrom.c: Check fromlen integrity before using it. net/socket/net_sockets.c: Always check for valid psock before using. net/tcp/tcp_send_unbuffered.c: Avoid using psock beforing checking its integrity. sched/timer/timer_create.c: Fix watchdog resource leak if cannot allocate a new timer.
2017-09-25 07:17:09 -06:00 · 2017-09-25 07:17:09 -06:00 · 24767a0c66
parent dfa0574e7b
commit 24767a0c66
4 changed files with 6 additions and 7 deletions
--- a/net/socket/net_sockets.c
+++ b/net/socket/net_sockets.c
@ -205,9 +205,7 @@ int sockfd_allocate(int minsd)

 void sock_release(FAR struct socket *psock)
 {
-#ifdef CONFIG_DEBUG_FEATURES
-  if (psock)
-#endif
+  if (psock != NULL)
    {
      /* Take the list semaphore so that there will be no accesses
       * to this socket structure.
@ -221,7 +219,7 @@ void sock_release(FAR struct socket *psock)
           */

          _net_semtake(list);
-          if (psock && psock->s_crefs > 1)
+          if (psock->s_crefs > 1)
            {
              psock->s_crefs--;
            }
--- a/net/socket/recvfrom.c
+++ b/net/socket/recvfrom.c
@ -128,7 +128,7 @@ ssize_t psock_recvfrom(FAR struct socket *psock, FAR void *buf, size_t len,
    }
 #endif

-  if (from != NULL && fromlen <= 0)
+  if (from != NULL && fromlen != NULL && *fromlen <= 0)
    {
      errcode = EINVAL;
      goto errout;
--- a/net/tcp/tcp_send_unbuffered.c
+++ b/net/tcp/tcp_send_unbuffered.c
@ -712,7 +712,7 @@ static inline void send_txnotify(FAR struct socket *psock,
 ssize_t psock_tcp_send(FAR struct socket *psock,
                       FAR const void *buf, size_t len)
 {
-  FAR struct tcp_conn_s *conn = (FAR struct tcp_conn_s *)psock->s_conn;
+  FAR struct tcp_conn_s *conn;
  struct send_s state;
  int errcode;
  int ret = OK;
--- a/sched/timer/timer_create.c
+++ b/sched/timer/timer_create.c
@ -1,7 +1,7 @@
 /****************************************************************************
 * sched/timer/timer_create.c
 *
- *   Copyright (C) 2007-2009, 2011, 2014-2016 Gregory Nutt. All rights reserved.
+ *   Copyright (C) 2007-2009, 2011, 2014-2017 Gregory Nutt. All rights reserved.
 *   Author: Gregory Nutt <gnutt@nuttx.org>
 *
 * Redistribution and use in source and binary forms, with or without
@ -193,6 +193,7 @@ int timer_create(clockid_t clockid, FAR struct sigevent *evp,
  ret = timer_allocate();
  if (!ret)
    {
+      wd_delete(wdog);
      set_errno(EAGAIN);
      return ERROR;
    }