From f0e143b907acd5606086048236d76b01addd178c Mon Sep 17 00:00:00 2001 From: Ralph Lange Date: Tue, 9 Jun 2020 11:02:18 +0200 Subject: [PATCH 01/11] ca/client: fix possible null pointer dereference (found by sonar/cppcheck) --- src/ca/client/access.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ca/client/access.cpp b/src/ca/client/access.cpp index a36899c02..ec873dd5b 100644 --- a/src/ca/client/access.cpp +++ b/src/ca/client/access.cpp @@ -605,7 +605,7 @@ void epicsShareAPI ca_signal_formated ( long ca_status, const char *pfilenm, } else { fprintf ( stderr, "CA exception in thread w/o CA ctx: status=%s file=%s line=%d: \n", - ca_message ( ca_status ), pfilenm, lineno ); + ca_message ( ca_status ), pfilenm ? pfilenm : "", lineno ); if ( pFormat ) { vfprintf ( stderr, pFormat, theArgs ); } From 7d1ff1411fa33997c910bebfc953dccc24814844 Mon Sep 17 00:00:00 2001 From: Ralph Lange Date: Tue, 9 Jun 2020 11:09:59 +0200 Subject: [PATCH 02/11] ca/tools: fix type errors in option parsing (found by sonar/cppcheck) --- src/ca/client/tools/cainfo.c | 2 +- src/ca/client/tools/camonitor.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ca/client/tools/cainfo.c b/src/ca/client/tools/cainfo.c index fc18ccd3f..b12a30aac 100644 --- a/src/ca/client/tools/cainfo.c +++ b/src/ca/client/tools/cainfo.c @@ -157,7 +157,7 @@ int main (int argc, char *argv[]) } break; case 's': /* ca_client_status interest level */ - if (sscanf(optarg,"%du", &statLevel) != 1) + if (sscanf(optarg,"%u", &statLevel) != 1) { fprintf(stderr, "'%s' is not a valid interest level " "- ignored. ('cainfo -h' for help.)\n", optarg); diff --git a/src/ca/client/tools/camonitor.c b/src/ca/client/tools/camonitor.c index 6799182be..1493a1888 100644 --- a/src/ca/client/tools/camonitor.c +++ b/src/ca/client/tools/camonitor.c @@ -258,7 +258,7 @@ int main (int argc, char *argv[]) } break; case '#': /* Array count */ - if (sscanf(optarg,"%ld", &reqElems) != 1) + if (sscanf(optarg,"%lu", &reqElems) != 1) { fprintf(stderr, "'%s' is not a valid array element count " "- ignored. ('camonitor -h' for help.)\n", optarg); From 69d4c238e745e630f97bd80d401c265ce9dfb0df Mon Sep 17 00:00:00 2001 From: Ralph Lange Date: Tue, 9 Jun 2020 11:23:42 +0200 Subject: [PATCH 03/11] ca/tools: free() all allocated buffers (found by sonar/cppcheck) --- src/ca/client/tools/caput.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/ca/client/tools/caput.c b/src/ca/client/tools/caput.c index 79ffef8c3..8f88c5398 100644 --- a/src/ca/client/tools/caput.c +++ b/src/ca/client/tools/caput.c @@ -437,6 +437,7 @@ int main (int argc, char *argv[]) dbuf = calloc (count, sizeof(double)); if(!sbuf || !dbuf) { fprintf(stderr, "Memory allocation failed\n"); + free(sbuf); free(dbuf); return 1; } @@ -450,6 +451,7 @@ int main (int argc, char *argv[]) result = ca_pend_io(caTimeout); if (result == ECA_TIMEOUT) { fprintf(stderr, "Read operation timed out: ENUM data was not read.\n"); + free(sbuf); free(dbuf); return 1; } @@ -460,6 +462,7 @@ int main (int argc, char *argv[]) if (*(argv+optind+i) == pend) { /* Conversion didn't work */ fprintf(stderr, "Enum index value '%s' is not a number.\n", *(argv+optind+i)); + free(sbuf); free(dbuf); return 1; } if (dbuf[i] >= bufGrEnum.no_str) { @@ -486,6 +489,7 @@ int main (int argc, char *argv[]) dbuf[i] = epicsStrtod(sbuf[i], &pend); if (sbuf[i] == pend || enumAsString) { fprintf(stderr, "Enum string value '%s' invalid.\n", sbuf[i]); + free(sbuf); free(dbuf); return 1; } if (dbuf[i] >= bufGrEnum.no_str) { @@ -503,6 +507,7 @@ int main (int argc, char *argv[]) ebuf = calloc(len, sizeof(char)); if(!ebuf) { fprintf(stderr, "Memory allocation failed\n"); + free(sbuf); free(dbuf); free(ebuf); return 1; } count = epicsStrnRawFromEscaped(ebuf, len, cbuf, len-1) + 1; @@ -537,12 +542,14 @@ int main (int argc, char *argv[]) } if (result != ECA_NORMAL) { fprintf(stderr, "Error from put operation: %s\n", ca_message(result)); + free(sbuf); free(dbuf); free(ebuf); return 1; } result = ca_pend_io(caTimeout); if (result == ECA_TIMEOUT) { fprintf(stderr, "Write operation timed out: Data was not written.\n"); + free(sbuf); free(dbuf); free(ebuf); return 1; } if (request == callback) { /* Also wait for callbacks */ @@ -556,6 +563,7 @@ int main (int argc, char *argv[]) if (result != ECA_NORMAL) { fprintf(stderr, "Error occured writing data: %s\n", ca_message(result)); + free(sbuf); free(dbuf); free(ebuf); return 1; } @@ -567,6 +575,7 @@ int main (int argc, char *argv[]) /* Shut down Channel Access */ ca_context_destroy(); + free(sbuf); free(dbuf); free(ebuf); return result; } From 30f5c3b3017c7b98a315191ee8687a3faf1ded74 Mon Sep 17 00:00:00 2001 From: Ralph Lange Date: Tue, 9 Jun 2020 11:39:47 +0200 Subject: [PATCH 04/11] db: fix incomplete initialization in dbChannelOpen() (found by sonar/cppcheck) --- src/ioc/db/dbChannel.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/ioc/db/dbChannel.c b/src/ioc/db/dbChannel.c index 399d13dab..a6fd64450 100644 --- a/src/ioc/db/dbChannel.c +++ b/src/ioc/db/dbChannel.c @@ -38,6 +38,7 @@ #include "link.h" #include "recSup.h" #include "special.h" +#include "alarm.h" typedef struct parseContext { dbChannel *chan; @@ -619,6 +620,11 @@ long dbChannelOpen(dbChannel *chan) probe.field_type = dbChannelExportType(chan); probe.no_elements = dbChannelElements(chan); probe.field_size = dbChannelFieldSize(chan); + probe.sevr = NO_ALARM; + probe.stat = NO_ALARM; + probe.time.secPastEpoch = 0; + probe.time.nsec = 0; + p = probe; /* From 801710b8c7569f7d275e5c7bd5d6ce46a79cfdc0 Mon Sep 17 00:00:00 2001 From: Ralph Lange Date: Tue, 9 Jun 2020 11:50:11 +0200 Subject: [PATCH 05/11] db: fix possible null pointer dereference (found by sonar/cppcheck) --- src/ioc/db/recGbl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ioc/db/recGbl.c b/src/ioc/db/recGbl.c index 6406b3773..29b7c19ed 100644 --- a/src/ioc/db/recGbl.c +++ b/src/ioc/db/recGbl.c @@ -67,7 +67,7 @@ void recGblDbaddrError(long status, const struct dbAddr *paddr, errPrintf(status,0,0, "PV: %s.%s " "error detected in routine: %s\n", - (paddr ? precord->name : "Unknown"), + (precord ? precord->name : "Unknown"), (pdbFldDes ? pdbFldDes->name : ""), (pmessage ? pmessage : "Unknown")); return; @@ -104,7 +104,7 @@ void recGblRecSupError(long status, const struct dbAddr *paddr, " %s\n", (psupport_name ? psupport_name : "Unknown"), (pdbRecordType ? pdbRecordType->name : "Unknown"), - (paddr ? precord->name : "Unknown"), + (precord ? precord->name : "Unknown"), (pdbFldDes ? pdbFldDes->name : ""), (pmessage ? pmessage : "")); return; From 97b29129af9224f19ff5d1c1ce2a315fab1c0704 Mon Sep 17 00:00:00 2001 From: Ralph Lange Date: Tue, 9 Jun 2020 11:52:03 +0200 Subject: [PATCH 06/11] libcom/test: don't modify operand in assert() statement (code smell found by sonar/cppcheck) --- src/libCom/cxxTemplates/test/tsSLListTest.cc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libCom/cxxTemplates/test/tsSLListTest.cc b/src/libCom/cxxTemplates/test/tsSLListTest.cc index 32f96359d..311ffee49 100644 --- a/src/libCom/cxxTemplates/test/tsSLListTest.cc +++ b/src/libCom/cxxTemplates/test/tsSLListTest.cc @@ -46,6 +46,10 @@ int main () tsSLIter iter1 = list.firstIter (); tsSLIter iter2 = iter1; tsSLIter iter3 = iter1; + tsSLIter itert = iter3++ + assert ( iter1 == itert ); + itert = ++iter2; + assert ( iter3 == itert ); assert ( iter1 == iter3++ ); assert ( iter3 == ++iter2 ); list.remove ( *pFredII ); // removes pFred From d5eb055bb79a2fc5451d0da5414d3ea7028b4424 Mon Sep 17 00:00:00 2001 From: Ralph Lange Date: Tue, 9 Jun 2020 12:02:24 +0200 Subject: [PATCH 07/11] libcom/flex: fix sscanf() argument types (code smell found by sonar/cppcheck) --- src/libCom/flex/misc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libCom/flex/misc.c b/src/libCom/flex/misc.c index b8a7a0399..b41668f3a 100644 --- a/src/libCom/flex/misc.c +++ b/src/libCom/flex/misc.c @@ -438,7 +438,7 @@ int htoi(unsigned char *str) { int result; - (void) sscanf( (char *) str, "%x", &result ); + (void) sscanf( (char *) str, "%x", (unsigned *) &result ); return ( result ); } @@ -653,7 +653,7 @@ int otoi(Char *str) { int result; - (void) sscanf( (char *) str, "%o", &result ); + (void) sscanf( (char *) str, "%o", (unsigned *) &result ); return ( result ); } From d3d40689c8c4ed4637d47e723e41a5d997500903 Mon Sep 17 00:00:00 2001 From: Ralph Lange Date: Tue, 9 Jun 2020 13:12:03 +0200 Subject: [PATCH 08/11] libcom/osi: fix dangerous usage of strncat (WIN32) (found by sonar/cppcheck) --- src/libCom/osi/os/WIN32/osdSock.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libCom/osi/os/WIN32/osdSock.c b/src/libCom/osi/os/WIN32/osdSock.c index b8c8363fb..8b9869423 100644 --- a/src/libCom/osi/os/WIN32/osdSock.c +++ b/src/libCom/osi/os/WIN32/osdSock.c @@ -64,10 +64,10 @@ epicsShareFunc int epicsShareAPI osiSockAttach() DWORD titleLength = GetConsoleTitle(title, sizeof(title)); if (titleLength) { titleLength = strlen (title); - strncat (title, " " EPICS_VERSION_STRING, sizeof(title)); + strncat (title, " " EPICS_VERSION_STRING, sizeof(title)-1); } else { - strncpy(title, EPICS_VERSION_STRING, sizeof(title)); + strncpy(title, EPICS_VERSION_STRING, sizeof(title)-1); } title[sizeof(title)-1]= '\0'; SetConsoleTitle(title); From cd47bbf99b7121245aba8ec76114f334693f4dbc Mon Sep 17 00:00:00 2001 From: Ralph Lange Date: Tue, 9 Jun 2020 13:15:03 +0200 Subject: [PATCH 09/11] libcom/osi: fix debug printf() in default/osdNetIntf.c (found by sonar/cppcheck) --- src/libCom/osi/os/default/osdNetIntf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libCom/osi/os/default/osdNetIntf.c b/src/libCom/osi/os/default/osdNetIntf.c index fbee6b03e..702660e15 100644 --- a/src/libCom/osi/os/default/osdNetIntf.c +++ b/src/libCom/osi/os/default/osdNetIntf.c @@ -207,7 +207,7 @@ epicsShareFunc void epicsShareAPI osiSockDiscoverBroadcastAddresses pNewNode->addr.sa = pIfreqList->ifr_broadaddr; ifDepenDebugPrintf ( ( "found broadcast addr = %x\n", ntohl ( baddr.ia.sin_addr.s_addr ) ) ); } else { - ifDepenDebugPrintf ( ( "Ignoring broadcast addr = \n", ntohl ( baddr.ia.sin_addr.s_addr ) ) ); + ifDepenDebugPrintf ( ( "Ignoring broadcast addr = %x\n", ntohl ( baddr.ia.sin_addr.s_addr ) ) ); free ( pNewNode ); continue; } From 579fc9d0c768dee74fc73b43fd1ffb3ef29564ee Mon Sep 17 00:00:00 2001 From: Ralph Lange Date: Tue, 9 Jun 2020 13:18:00 +0200 Subject: [PATCH 10/11] libcom/osi: fix potential leak in default/osdThreadHooks.c (found by sonar/cppcheck) --- src/libCom/osi/os/default/osdThreadHooks.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libCom/osi/os/default/osdThreadHooks.c b/src/libCom/osi/os/default/osdThreadHooks.c index cbe28a4ff..3c2f49667 100644 --- a/src/libCom/osi/os/default/osdThreadHooks.c +++ b/src/libCom/osi/os/default/osdThreadHooks.c @@ -72,6 +72,7 @@ epicsShareFunc int epicsThreadHookAdd(EPICS_THREAD_HOOK_ROUTINE hook) return 0; } fprintf(stderr, "epicsThreadHookAdd: Locking problem\n"); + free(pHook); return -1; } From 92374b2be2579bf8d11f56aa76ecea3de5026ed9 Mon Sep 17 00:00:00 2001 From: Ralph Lange Date: Tue, 9 Jun 2020 14:04:50 +0200 Subject: [PATCH 11/11] libcom/osi: fix potential leak in vxWorks/osdThread.c (found by sonar/cppcheck) --- src/libCom/osi/os/vxWorks/osdThread.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/libCom/osi/os/vxWorks/osdThread.c b/src/libCom/osi/os/vxWorks/osdThread.c index ce01ea609..cc8a1a539 100644 --- a/src/libCom/osi/os/vxWorks/osdThread.c +++ b/src/libCom/osi/os/vxWorks/osdThread.c @@ -348,8 +348,9 @@ epicsShareFunc void epicsThreadMap ( EPICS_THREAD_HOOK_ROUTINE func ) while (noTasks == 0) { noTasks = taskIdListGet(taskIdList, taskIdListSize); if (noTasks == taskIdListSize) { - taskIdList = realloc(taskIdList, (taskIdListSize+ID_LIST_CHUNK)*sizeof(int)); - assert(taskIdList); + int *newlist = realloc(taskIdList, (taskIdListSize+ID_LIST_CHUNK)*sizeof(int)); + assert(newlist); + taskIdList = newlist; taskIdListSize += ID_LIST_CHUNK; noTasks = 0; }