Possible Bug Fixes detected by Static Code Analysis
As a result of Static Code Analysis of develop branch (14 May 2017), the followings are identified as possible bugs.
Any comments (such as that's a bug or not a bug or how to test them) are welcomed.
1. openair1/PHY/LTE_TRANSPORT/print_stats.c:691
Variable 'nb_sb' is reassigned a value before the old one has been used. 'break;' missing?
case 15:
nb_sb = 4;
case 25:
nb_sb = 7;
break;
2. openair1/SCHED/phy_procedures_lte_eNb.c:2065
Variable 'update_TA' is reassigned a value before the old one has been used. 'break;' missing?
case 75:
update_TA = 3;
update_TA2 = 2;
case 100:
update_TA = 1;
break;
3. openair1/SCHED/phy_procedures_lte_ue.c:1753
Logical disjunction always evaluates to true: subframe_tx != 2 || subframe_tx != 7. This coding is really intended? Operator || should be && instead?
((frame_parms->frame_type==TDD)&&(frame_parms->tdd_config==1)&&((subframe_tx!=2)||(subframe_tx!=7)))) {
4. openair1/SIMULATION/LTE_PHY/dlsim.c:1895
Buffer is accessed out of bounds: csv_fname. The length of csv_fname[] is 32 only. But the argument of sprintf() exeeds 32 characters like "dataout_tx?_u2?_mcs?_chan?_nsimus?_R?.m". 32 should be 256? 512?
char csv_fname[32];
:
:
sprintf(csv_fname,"dataout_tx%d_u2%d_mcs%d_chan%d_nsimus%d_R%d.m",transmission_mode,dual_stream_UE,mcs1,channel_model,n_frames,num_rounds);
5. openair1/SIMULATION/LTE_PHY/prachsim.c:157-171
Variable 'channel_model' is reassigned a value before the old one has been used. 'break;' missing?
case 'H':
channel_model=Rayleigh8;
case 'I':
channel_model=Rayleigh1;
case 'J':
channel_model=Rayleigh1_corr;
case 'K':
channel_model=Rayleigh1_anticorr;
case 'L':
channel_model=Rice8;
case 'M':
channel_model=Rice1;
6. openair2/UTIL/OMG/omg.c:983
Array 'omg_param_list[3]' accessed at index 4, which is out of bounds.
omg_param_list is declared as omg_param_list[4], but omg_param_list[SUMO=4] is used here. SUMO should be added to typedef enum node_types in omg_constatns.h?
for (i = 1; i < omg_param_list[SUMO].nodes + 1; i++) {
7. openair2/UTIL/OMG/omg.c:992
Array 'omg_param_list[3]' accessed at index 4, which is out of bounds.
omg_param_list is declared as omg_param_list[4], but omg_param_list[SUMO=4] is used here. SUMO should be added to typedef enum node_types in omg_constatns.h?
omv_data.geo[i].mobility_type = omg_param_list[SUMO].mobility_type;
8. openair2/UTIL/OTG/otg_rx_socket.c:266
Uninitialized variable: payload
payload is not initized, but is used as a pointer immediately after declaration.
payload_t* payload;
payload->control_hdr = (control_hdr_t*) malloc (sizeof(control_hdr_t));
payload->payload_rest = (char *) malloc (bytes_recv - sizeof(control_hdr_t));
memcpy (payload->control_hdr, msg, sizeof(control_hdr_t));
memcpy (payload->payload_rest , msg+sizeof(control_hdr_t), (bytes_recv - sizeof(control_hdr_t)));
LOG_I(OTG,"SOCKET:: UDP-IP4 :: SRC=%d, DST=%d, PROTO=%d, IP VERSION=%d\n", payload->control_hdr->src,payload->control_hdr->dst, payload->control_hdr->trans_proto, payload->control_hdr->ip_v);
9. targets/SIMU/USER/channel_sim.c:432
Array index -1 is out of bounds.
If PHY_ABSTRACTION_UL is defined, att_eNB_id is -1 but this att_eNB_id is used as an index of array.
#ifdef PHY_ABSTRACTION_UL
int32_t att_eNB_id=-1;
#endif
:
:
rx_pwr = signal_energy_fp2(UE2eNB[UE_id][eNB_id][CC_id]->ch[0],
UE2eNB[UE_id][eNB_id][CC_id]->channel_length)*UE2eNB[UE_id][att_eNB_id][CC_id]->channel_length; // calculate the rx power at the eNB
10. targets/SIMU/USER/channel_sim.c:445
Array index -1 is out of bounds.
If PHY_ABSTRACTION_UL is defined, att_eNB_id is -1 but this att_eNB_id is used as an index of array.
#ifdef PHY_ABSTRACTION_UL
int32_t att_eNB_id=-1;
#endif
:
:
init_snr_up(UE2eNB[UE_id][att_eNB_id][CC_id],enb_data[att_eNB_id], ue_data[UE_id],PHY_vars_eNB_g[att_eNB_id][CC_id]->sinr_dB,&PHY_vars_UE_g[att_eNB_id][CC_id]->N0,ul_nb_rb,ul_fr_rb);