Skip to content

Coverity Scan Fix (Week25)

The following defects detected by Coverity Scan fixed.

  1. CID 340290 Variable msg_p going out of scope leaks the storage it points to.
  2. CID 340280 Variable msg going out of scope leaks the storage it points to.
  3. CID 340278 Variable quantityConfig going out of scope leaks the storage it points to.
  4. CID 340277 Variable gNB_CUSystemInformation going out of scope leaks the storage it points to.
  5. CID 340268 Passing freed pointer pdu_mem_pP as an argument to rlc_um_store_pdu_in_dar_buffer.
  6. CID 340263 Using uninitialized value DRB2LCHAN[i] when calling rrc_mac_config_req_eNB.
  7. CID 340261 Variable securityConfigHO going out of scope leaks the storage it points to.
  8. CID 340247 Variable pc5s_header going out of scope leaks the storage it points to.
  9. CID 340245 Variable Sparams going out of scope leaks the storage it points to.
  10. CID 340243 Overrunning array of 1 bytes at byte offset 1 by dereferencing pointer ie->value.choice.UESecurityCapabilities.encryptionAlgorithms.buf + 1.
  11. CID 340237 Using variable UE_id as an index to array UE_list->UE_sched_ctrl.
  12. CID 340235 Using variable UE_id_mac as an index to array RC.mac[ctxt_pP->module_id]->UE_list.UE_sched_ctrl.
  13. CID 340232 Variable message_p going out of scope leaks the storage it points to.
  14. CID 340228 Handle variable s going out of scope leaks the handle.
  15. CID 340221 Variable msg going out of scope leaks the storage it points to.
  16. CID 340211 Variable message_p going out of scope leaks the storage it points to.
  17. CID 340209 Variable message_p going out of scope leaks the storage it points to.
  18. CID 340004 Overrunning array eutra_bandtable of 48 24-byte elements at element index 48 (byte offset 1152) using index i (which evaluates to 48).
  19. CID 339991 Variable msg going out of scope leaks the storage it points to.
  20. CID 339978 Variable msg going out of scope leaks the storage it points to.
  21. CID 339974 Overrunning array eutra_bandtable of 48 24-byte elements at element index 48 (byte offset 1152) using index i (which evaluates to 48).
  22. CID 339972 Variable msg going out of scope leaks the storage it points to.
  23. CID 339964 Passing &rrc_eNB_mui to function rrc_eNB_process_S1AP_DOWNLINK_NAS which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
  24. CID 339954 Overrunning callee's array of size 16 by passing argument ue_id (which evaluates to 65535) in call to flexran_set_ue_ul_slice_idx.
  25. CID 300489 Variable neigh_meas going out of scope leaks the storage it points to.
  26. CID 300471 Using uninitialized value queue->mutex when calling free.
  27. CID 300464 Using hi as an array. This might corrupt or misinterpret adjacent memory locations.
  28. CID 300460 Using uninitialized value fp->eutra_band when calling from_earfcn.
  29. CID 300393 Variable copy going out of scope leaks the storage it points to.
  30. CID 300392 Variable dl_report going out of scope leaks the storage it points to.
  31. CID 300388 Variable destinationInfoList going out of scope leaks the storage it points to.
  32. CID 300387 Using freed pointer req_msg.
  33. CID 300384 Variable rrc_measurements going out of scope leaks the storage it points to.
  34. CID 300383 Variable sl_CommConfig going out of scope leaks the storage it points to.
  35. CID 300379 Variable csi_reports going out of scope leaks the storage it points to.
  36. CID 300377 Variable p_info going out of scope leaks the storage it points to.
  37. CID 300371 Overrunning array rb_table of 34 bytes at byte offset 255 using index rb_table_index (which evaluates to 255).
  38. CID 300370 Variable reconf_param going out of scope leaks the storage it points to.
  39. CID 261663 Overrunning array reestablish_rnti_map of 16 4-byte elements at element index 16 (byte offset 64) using index i (which evaluates to 16).
  40. CID 261649 Variable rx_buffer going out of scope leaks the storage it points to.
  41. CID 261637 Using uninitialized value timestamp[0].
  42. CID 261633 Overrunning array reestablish_rnti_map of 16 4-byte elements at element index 16 (byte offset 64) using index i (which evaluates to 16).
  43. CID 261623 Variable msg_p going out of scope leaks the storage it points to.
  44. CID 261570 Overwriting DRB_config in DRB_config = calloc(1UL, 96UL) leaks the storage that DRB_config points to.
  45. CID 261563 Overrunning array ue_context_p->ue_context.enb_gtp_ebi of 11 2-byte elements at element index 13 (byte offset 26) using index i (which evaluates to 13).
  46. CID 261548 Overrunning array eutra_bandtable of 48 24-byte elements at element index 48 (byte offset 1152) using index i (which evaluates to 48).
  47. CID 261543 Overrunning array usim_data->usim_sqn_data.sqn_ms of 6 bytes at byte offset 6 using index 6 - i (which evaluates to 6).
  48. CID 261519 Using uninitialized value tmp. Field tmp.elems is uninitialized when calling _mm256_insert_epi16.
  49. CID 261506 Overrunning array eutra_bandtable of 48 24-byte elements at element index 48 (byte offset 1152) using index i (which evaluates to 48).
  50. CID 261499 Overrunning array sqn_ms of 6 bytes at byte offset 6 using index 6 - i (which evaluates to 6).
  51. CID 261498 Overrunning array eutra_bandtable of 48 24-byte elements at element index 48 (byte offset 1152) using index i (which evaluates to 48).
  52. CID 261489 Overrunning array cc->mbsfn_SubframeConfig of 8 8-byte elements at element index 65535 (byte offset 524280) using index j (which evaluates to 65535).
  53. CID 261481 Overwriting message_p in message_p = NULL leaks the storage that message_p points to.
  54. CID 261470 Using uninitialized value tmp. Field tmp.elems is uninitialized when calling _mm256_insert_epi8.
  55. CID 261468 Using variable UE_id as an index to array UE_list->UE_sched_ctrl.
  56. CID 261458 Variable message_p going out of scope leaks the storage it points to.
  57. CID 140733 Calling strncpy with a maximum size argument of 16 bytes on destination array ifr.ifr_ifrn.ifrn_name of size 16 bytes might leave the destination string unterminated.
  58. CID 60471 Function memory_read does not terminate string *user->nas_user_nvdata.
  59. CID 60469 Using uninitialized value log. Field log.logMgrHandle is uninitialized when calling nwGtpv1uSetLogMgrEntity.
  60. CID 60435 Using uninitialized value bid when calling esm_ebr_context_release.
  61. CID 60430 Using uninitialized value meas2. Field meas2.ext1 is uninitialized.
  62. CID 60413 Using uninitialized value udp. Field udp.hUdp is uninitialized when calling nwGtpv1uSetUdpEntity.
  63. CID 60394 Using uninitialized value addr6. Field addr6.sin6_flowinfo is uninitialized when calling bind.
  64. CID 60393 Using uninitialized value pid when calling esm_ebr_context_release.
  65. CID 60387 Using uninitialized value ulp. Field ulp.hUlp is uninitialized when calling nwGtpv1uSetUlpEntity.
  66. CID 60372 Handle variable sd going out of scope leaks the handle.
  67. CID 60371 Handle variable fd going out of scope leaks the handle.
  68. CID 60369 Variable plain_msg going out of scope leaks the storage it points to.
  69. CID 60357 Handle variable sfd going out of scope leaks the handle.
  70. CID 60351 Variable sctp_cnx going out of scope leaks the storage it points to.
  71. CID 60348 Variable addr going out of scope leaks the storage it points to.
  72. CID 60277 Calling strncpy with a maximum size argument of 4096 bytes on destination array user_api_id->recv_buffer of size 4096 bytes might leave the destination string unterminated.
  73. CID 60241 Passing &eplmn to function emm_proc_attach_accept which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
  74. CID 21938 Using uninitialized value status_resp. Field status_resp.head_sdu_creation_time is uninitialized.
  75. CID 21929 Using uninitialized value newtbl.num_elements when calling hashtable_insert.
  76. CID 21911 Using uninitialized value data_req. Field data_req.buffer_occupancy_in_pdus is uninitialized.
  77. CID 21906 Using uninitialized value pcfich_bt[2 * i].
  78. CID 21843 Using uninitialized value data_req. Field data_req.buffer_occupancy_in_pdus is uninitialized.
  79. CID 21842 Using uninitialized value data_req. Field data_req.ue_id_type_indicator is uninitialized.
  80. CID 21734 Variable Sparams going out of scope leaks the storage it points to.
  81. CID 21694 Variable quantityConfig going out of scope leaks the storage it points to.
  82. CID 21666 Variable measResultListEUTRA2 going out of scope leaks the storage it points to.