From 3f2acf94852d6ca3f53a35f9d86ae19204da73f8 Mon Sep 17 00:00:00 2001
From: Raphael Defosseux <raphael.defosseux@eurecom.fr>
Date: Fri, 5 Jul 2019 11:03:30 +0200
Subject: [PATCH] Fix Coverity Scan CID 342010 Fix a few cppcheck
 errors/warnings

Signed-off-by: Raphael Defosseux <raphael.defosseux@eurecom.fr>
---
 .../ENB_APP/CONTROL_MODULES/MAC/flexran_agent_mac.c  |  1 -
 openair2/LAYER2/RLC/AM_v9.3.0/rlc_am_status_report.c |  2 +-
 openair3/NAS/COMMON/API/NETWORK/nas_message.c        | 12 ++++++++----
 targets/ARCH/rfsimulator/stored_node.c               | 11 +++++++++--
 targets/RT/USER/lte-enb.c                            |  4 ++--
 5 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/openair2/ENB_APP/CONTROL_MODULES/MAC/flexran_agent_mac.c b/openair2/ENB_APP/CONTROL_MODULES/MAC/flexran_agent_mac.c
index 45ac61a9277..51ec781de31 100644
--- a/openair2/ENB_APP/CONTROL_MODULES/MAC/flexran_agent_mac.c
+++ b/openair2/ENB_APP/CONTROL_MODULES/MAC/flexran_agent_mac.c
@@ -826,7 +826,6 @@ int flexran_agent_mac_stats_reply(mid_t mod_id,
       }
     }
     free(ue_report);
-    ue_report = NULL;
   }
 
   return -1;
diff --git a/openair2/LAYER2/RLC/AM_v9.3.0/rlc_am_status_report.c b/openair2/LAYER2/RLC/AM_v9.3.0/rlc_am_status_report.c
index 5c68aecf613..ddff2cc3d1c 100644
--- a/openair2/LAYER2/RLC/AM_v9.3.0/rlc_am_status_report.c
+++ b/openair2/LAYER2/RLC/AM_v9.3.0/rlc_am_status_report.c
@@ -235,7 +235,7 @@ rlc_am_receive_process_control_pdu(
   rlc_sn_t        ack_sn    = RLC_AM_NEXT_SN(rlc_pP->vt_a);
   rlc_sn_t        sn_cursor = rlc_pP->vt_a;
   rlc_sn_t    vt_a_new  = rlc_pP->vt_a;
-  rlc_sn_t    sn_data_cnf;
+  rlc_sn_t    sn_data_cnf = (rlc_sn_t) 0;
   rlc_sn_t        nack_sn,prev_nack_sn;
   sdu_size_t    data_cnf_so_stop = 0x7FFF;
   unsigned int nack_index;
diff --git a/openair3/NAS/COMMON/API/NETWORK/nas_message.c b/openair3/NAS/COMMON/API/NETWORK/nas_message.c
index 4eea2c4d6bd..769eab52609 100644
--- a/openair3/NAS/COMMON/API/NETWORK/nas_message.c
+++ b/openair3/NAS/COMMON/API/NETWORK/nas_message.c
@@ -267,7 +267,7 @@ int nas_message_decrypt(
 {
   LOG_FUNC_IN;
 
-  emm_security_context_t *emm_security_context   = (emm_security_context_t*)security;
+  emm_security_context_t *emm_security_context   = NULL;
   int                     bytes                  = length;
 
   /* Decode the header */
@@ -277,7 +277,8 @@ int nas_message_decrypt(
     LOG_TRACE(DEBUG, "MESSAGE TOO SHORT");
     LOG_FUNC_RETURN (TLV_DECODE_BUFFER_TOO_SHORT);
   } else if (size > 1) {
-    if (emm_security_context) {
+    if (security) {
+      emm_security_context   = (emm_security_context_t*)security;
 #if defined(NAS_MME)
 
       if (emm_security_context->ul_count.seq_num > header->sequence_number) {
@@ -376,7 +377,7 @@ int nas_message_decode(
   void               *security)
 {
   LOG_FUNC_IN;
-  emm_security_context_t *emm_security_context   = (emm_security_context_t*)security;
+  emm_security_context_t *emm_security_context   = NULL;
   int bytes;
 
   /* Decode the header */
@@ -385,7 +386,8 @@ int nas_message_decode(
   if (size < 0) {
     LOG_FUNC_RETURN (TLV_DECODE_BUFFER_TOO_SHORT);
   } else if (size > 1) {
-    if (emm_security_context) {
+    if (security) {
+      emm_security_context   = (emm_security_context_t*)security;
 #if defined(NAS_MME)
 
       if (emm_security_context->ul_count.seq_num > msg->header.sequence_number) {
@@ -971,6 +973,8 @@ static int _nas_message_decrypt(
 #else
   direction = SECU_DIRECTION_DOWNLINK;
 #endif
+  if (emm_security_context == NULL)
+    LOG_FUNC_RETURN (0);
 
   switch (security_header_type) {
   case SECURITY_HEADER_TYPE_NOT_PROTECTED:
diff --git a/targets/ARCH/rfsimulator/stored_node.c b/targets/ARCH/rfsimulator/stored_node.c
index 888b5f6de0d..a23127d3b56 100644
--- a/targets/ARCH/rfsimulator/stored_node.c
+++ b/targets/ARCH/rfsimulator/stored_node.c
@@ -125,8 +125,15 @@ int main(int argc, char *argv[]) {
     fullwrite(serviceSock, &header, sizeof(header));
     int dataSize=sizeof(sample_t)*header.size*header.nbAnt;
 
-    if (dataSize>bufSize)
-      buff=realloc(buff,dataSize);
+    if (dataSize>bufSize) {
+      void * new_buff = realloc(buff, dataSize);
+      if (new_buff == NULL) {
+        free(buff);
+        AssertFatal(1, "Could not reallocate");
+      } else {
+        buff = new_buff;
+      }
+    }
 
     AssertFatal(read(fd,buff,dataSize) == dataSize, "");
     fullwrite(serviceSock, buff, dataSize);
diff --git a/targets/RT/USER/lte-enb.c b/targets/RT/USER/lte-enb.c
index 89a82604ca7..3105b7c8554 100644
--- a/targets/RT/USER/lte-enb.c
+++ b/targets/RT/USER/lte-enb.c
@@ -508,9 +508,9 @@ int wakeup_txfh(PHY_VARS_eNB *eNB, L1_rxtx_proc_t *proc,int frame_tx,int subfram
     if (((fp->frame_type == TDD) && (subframe_select(fp,proc->subframe_tx)==SF_UL))||
         (eNB->RU_list[ru_id]->state == RU_SYNC)||
         (eNB->RU_list[ru_id]->wait_cnt>0)){
-       AssertFatal((pthread_mutex_lock(&proc->mutex_RUs))==0, "mutex_lock returns %d\n",ret);
+       AssertFatal((ret=pthread_mutex_lock(&proc->mutex_RUs))==0, "mutex_lock returns %d\n",ret);
        proc->instance_cnt_RUs = 0;
-       AssertFatal((pthread_mutex_unlock(&proc->mutex_RUs))==0, "mutex_unlock returns %d\n",ret);
+       AssertFatal((ret=pthread_mutex_unlock(&proc->mutex_RUs))==0, "mutex_unlock returns %d\n",ret);
        continue;//hacking only works when all RU_tx works on the same subframe #TODO: adding mask stuff
     }
 
-- 
GitLab