From 70c9bfec2486840c9e00606422897216f1893e39 Mon Sep 17 00:00:00 2001 From: navyasher Date: Wed, 6 May 2026 17:58:28 +0530 Subject: [PATCH] RDKB-64347: Fixing low priority coverity issues Reason for change: Fixing high medium priority coverity issues. Test Procedure: Build should be successful and the regression test should also succeed. Risks: Low Priority: P1 Signed-off-by: Kondamma_Kudumula@comcast.com --- lib/ovsdb/ovsdb_table.c | 4 +-- lib/ovsdb/ovsdb_utils.c | 6 ++++ source/apps/levl/wifi_levl.c | 8 +++-- source/core/wifi_ctrl_rbus_handlers.c | 12 ++++---- source/dml/tr_181/ml/cosa_wifi_dml.c | 7 +++-- source/dml/wifi_ssp/ssp_loop.c | 5 +++ source/sampleapps/webconfig_consumer_apis.c | 34 +++++++++++++++------ 7 files changed, 53 insertions(+), 23 deletions(-) diff --git a/lib/ovsdb/ovsdb_table.c b/lib/ovsdb/ovsdb_table.c index 3dc783bfd..ea2db8182 100644 --- a/lib/ovsdb/ovsdb_table.c +++ b/lib/ovsdb/ovsdb_table.c @@ -333,7 +333,7 @@ bool onewifi_ovsdb_table_upsert_where_f(const char *ovsdb_sock_path, ovsdb_table json_t *where, void *record, bool update_uuid, char *filter[]) { json_t *jrow = NULL; - ovs_uuid_t *uuid = update_uuid ? uuid = record + table->uuid_offset : NULL; + ovs_uuid_t *uuid = update_uuid ? (ovs_uuid_t *)((char *)record + table->uuid_offset) : NULL; bool ret; jrow = onewifi_ovsdb_table_to_json_f(table, record, filter); @@ -392,7 +392,7 @@ bool onewifi_ovsdb_table_upsert_with_parent_where(const char *ovsdb_sock_path, o char *parent_table, json_t *parent_where, char *parent_column) { json_t *jrow = NULL; - ovs_uuid_t *uuid = update_uuid ? uuid = record + table->uuid_offset : NULL; + ovs_uuid_t *uuid = update_uuid ? (ovs_uuid_t *)((char *)record + table->uuid_offset) : NULL; bool ret; jrow = onewifi_ovsdb_table_to_json_f(table, record, filter); diff --git a/lib/ovsdb/ovsdb_utils.c b/lib/ovsdb/ovsdb_utils.c index 58fa517d7..9e77ff858 100644 --- a/lib/ovsdb/ovsdb_utils.c +++ b/lib/ovsdb/ovsdb_utils.c @@ -194,6 +194,9 @@ schema2tree(size_t key_size, size_t value_size, size_t nelems, key = keys[i]; value = values[i]; pair = get_pair(key, value); + if (pair == NULL) { + goto err_free_tree; + } loop = (pair != NULL); ds_tree_insert(tree, pair, pair->key); i++; @@ -371,6 +374,9 @@ schema2itree(size_t elem_size, size_t nelems, key = keys[i]; value = values[i]; pair = get_ipair(key, value); + if (pair == NULL) { + goto err_free_tree; + } loop = (pair != NULL); ds_tree_insert(tree, pair, pair->key); i++; diff --git a/source/apps/levl/wifi_levl.c b/source/apps/levl/wifi_levl.c index d4ce2a04c..10b2a1377 100644 --- a/source/apps/levl/wifi_levl.c +++ b/source/apps/levl/wifi_levl.c @@ -976,10 +976,13 @@ int levl_event_speed_test(wifi_app_t *app, wifi_event_subtype_t sub_type, void * int apps_frame_event_exec_timeout(wifi_app_t *apps) { time_t l_curr_alive_time_sec, delta_time_sec; - hash_map_t *probe_map = apps->data.u.levl.probe_req_map; + hash_map_t *probe_map = NULL; probe_req_elem_t *l_elem = NULL, *l_temp_elem = NULL; + pthread_mutex_lock(&apps->data.u.levl.lock); + probe_map = apps->data.u.levl.probe_req_map; if (probe_map == NULL) { + pthread_mutex_unlock(&apps->data.u.levl.lock); wifi_util_error_print(WIFI_APPS,"%s:%d probe map is NULL\r\n", __func__, __LINE__); return RETURN_ERR; } @@ -1003,6 +1006,7 @@ int apps_frame_event_exec_timeout(wifi_app_t *apps) } wifi_util_info_print(WIFI_APPS,"%s:%d total probe entry:%d\r\n", __func__, __LINE__, hash_map_count(probe_map)); + pthread_mutex_unlock(&apps->data.u.levl.lock); return 0; } @@ -1579,7 +1583,7 @@ bus_error_t levl_event_handler(char *eventName, bus_event_sub_action_t action, i return bus_error_general; } - if ((radio < 0) || (radio > MAX_NUM_RADIOS)) { + if ((radio == 0) || (radio > MAX_NUM_RADIOS)) { wifi_util_dbg_print(WIFI_APPS, "%s:%d Invalid Radio: %u\n", __func__, __LINE__, radio-1); pthread_mutex_unlock(&wifi_app->data.u.levl.lock); return bus_error_general; diff --git a/source/core/wifi_ctrl_rbus_handlers.c b/source/core/wifi_ctrl_rbus_handlers.c index f13bf0fa9..51eee519c 100644 --- a/source/core/wifi_ctrl_rbus_handlers.c +++ b/source/core/wifi_ctrl_rbus_handlers.c @@ -3541,14 +3541,14 @@ static bus_error_t stats_table_addrowhandler(char const *tableName, char const * bus_error_t ap_table_removerowhandler(char const *rowName) { - int i = 0; + int i = 0, count = 0; event_bus_element_t *event; wifi_ctrl_t *ctrl = (wifi_ctrl_t *)get_wifictrl_obj(); - int count = queue_count(ctrl->events_bus_data.events_bus_queue); + pthread_mutex_lock(&ctrl->events_bus_data.events_bus_lock); + count = queue_count(ctrl->events_bus_data.events_bus_queue); wifi_util_dbg_print(WIFI_CTRL, "%s(): %s\n", __FUNCTION__, rowName); - pthread_mutex_lock(&ctrl->events_bus_data.events_bus_lock); while (i < count) { event = queue_peek(ctrl->events_bus_data.events_bus_queue, i); @@ -3572,13 +3572,13 @@ bus_error_t ap_table_removerowhandler(char const *rowName) static bus_error_t stats_table_removerowhandler(char const *rowName) { - int i = 0; + int i = 0, count = 0; event_bus_element_t *event; wifi_ctrl_t *ctrl = (wifi_ctrl_t *)get_wifictrl_obj(); - int count = queue_count(ctrl->events_bus_data.events_bus_queue); + pthread_mutex_lock(&ctrl->events_bus_data.events_bus_lock); + count = queue_count(ctrl->events_bus_data.events_bus_queue); wifi_util_dbg_print(WIFI_CTRL, "%s(): %s\n", __FUNCTION__, rowName); - pthread_mutex_lock(&ctrl->events_bus_data.events_bus_lock); while (i < count) { event = queue_peek(ctrl->events_bus_data.events_bus_queue, i); diff --git a/source/dml/tr_181/ml/cosa_wifi_dml.c b/source/dml/tr_181/ml/cosa_wifi_dml.c index d874d7688..b85ac941c 100755 --- a/source/dml/tr_181/ml/cosa_wifi_dml.c +++ b/source/dml/tr_181/ml/cosa_wifi_dml.c @@ -5611,19 +5611,20 @@ SSID_GetParamStringValue { wifi_vap_info_t *pcfg = (wifi_vap_info_t *)hInsContext; CHAR str[32] = {0}; - uint8_t instance_number = (uint8_t)convert_vap_name_to_index(&((webconfig_dml_t *)get_webconfig_dml())->hal_cap.wifi_prop, pcfg->vap_name) +1; if (pcfg == NULL) { wifi_util_dbg_print(WIFI_DMCLI,"%s:%d Null pointer get fail\n", __FUNCTION__,__LINE__); return FALSE; } + + uint8_t instance_number = convert_vap_name_to_index(&((webconfig_dml_t *)get_webconfig_dml())->hal_cap.wifi_prop, pcfg->vap_name) +1; memset(str,0,sizeof(str)); /* check the parameter name and return the corresponding value */ if( AnscEqualString(ParamName, "Alias", TRUE)) { /* collect value */ - if(instance_number>(MAX_NUM_RADIOS * MAX_NUM_VAP_PER_RADIO) || instance_number<0) + if(instance_number>(MAX_NUM_RADIOS * MAX_NUM_VAP_PER_RADIO) || instance_number == 0) { wifi_util_dbg_print(WIFI_DMCLI,"%s:%d invalid vap instance %d\n", __FUNCTION__,__LINE__,instance_number); return FALSE; @@ -5796,7 +5797,7 @@ SSID_SetParamBoolValue wifi_util_dbg_print(WIFI_DMCLI,"%s:%d Null pointer get fail\n", __FUNCTION__,__LINE__); return FALSE; } - uint8_t instance_number = (uint8_t)convert_vap_name_to_index(&((webconfig_dml_t *)get_webconfig_dml())->hal_cap.wifi_prop, pcfg->vap_name) +1; + uint8_t instance_number = convert_vap_name_to_index(&((webconfig_dml_t *)get_webconfig_dml())->hal_cap.wifi_prop, pcfg->vap_name) +1; wifi_vap_info_t *vapInfo = (wifi_vap_info_t *) get_dml_cache_vap_info(instance_number-1); if (vapInfo == NULL) diff --git a/source/dml/wifi_ssp/ssp_loop.c b/source/dml/wifi_ssp/ssp_loop.c index cdb4fc582..b8941ddf5 100644 --- a/source/dml/wifi_ssp/ssp_loop.c +++ b/source/dml/wifi_ssp/ssp_loop.c @@ -1176,6 +1176,10 @@ void Psm_Db_Write_MacFilter(wifi_mac_entry_param_t *mcfg) psm_mac_map = get_mac_psm_obj(mcfg->vap_index); mcfg_mac = strdup(mcfg->mac); // Coverity fix [280369] + if (mcfg_mac == NULL) { + wifi_util_error_print(WIFI_PSM, "%s:%d Failed to dup str\n", __func__, __LINE__); + return; + } str_tolower(mcfg_mac); wifi_util_dbg_print(WIFI_PSM, "%s:%d mac filter vap_index:%d hash_map_address:%p\r\n",__func__, __LINE__, mcfg->vap_index, psm_mac_map); wifi_util_dbg_print(WIFI_PSM, "%s:%d mac strdup(mcfg->mac):%s\r\n",__func__, __LINE__, mcfg_mac); @@ -1200,6 +1204,7 @@ void Psm_Db_Write_MacFilter(wifi_mac_entry_param_t *mcfg) snprintf(temp_mac_entry->device_name, sizeof(temp_mac_entry->device_name), "%s", mcfg->device_name); } wifi_util_dbg_print(WIFI_PSM, "%s:%d mac entry already present\r\n",__func__, __LINE__); + free(mcfg_mac); return; } ret = set_psm_record_by_name((mcfg->vap_index + 1), (mac_psm_data->data_index + 1), MacFilter, mcfg->mac); diff --git a/source/sampleapps/webconfig_consumer_apis.c b/source/sampleapps/webconfig_consumer_apis.c index 67e0cf417..c3f271467 100644 --- a/source/sampleapps/webconfig_consumer_apis.c +++ b/source/sampleapps/webconfig_consumer_apis.c @@ -18,6 +18,7 @@ **************************************************************************/ #include +#include #include #include "const.h" #include "wifi_hal.h" @@ -777,11 +778,29 @@ void test_null_subdoc_change(webconfig_consumer_t *consumer) data = NULL; } +static int secure_rand_mod(int mod) +{ + int fd; + unsigned int val; + + fd = open("/dev/urandom", O_RDONLY); + if (fd < 0) { + return 0; // safe fallback + } + + if (read(fd, &val, sizeof(val)) != sizeof(val)) { + close(fd); + return 0; + } + + close(fd); + return val % mod; +} + void test_mesh_sta_subdoc_change(webconfig_consumer_t *consumer) { webconfig_subdoc_data_t *data = NULL; webconfig_error_t ret=webconfig_error_none; - time_t t; char *str; str = NULL; @@ -792,7 +811,6 @@ void test_mesh_sta_subdoc_change(webconfig_consumer_t *consumer) return; } memset(data, 0, sizeof(webconfig_subdoc_data_t)); - srand((unsigned) time(&t)); printf("%s:%d: current time:%llu\n", __func__, __LINE__, get_current_time_ms()); if (enable_ovsdb == true) { @@ -811,7 +829,7 @@ void test_mesh_sta_subdoc_change(webconfig_consumer_t *consumer) data = NULL; return; } - vap_info->u.sta_info.scan_params.period = rand() % 10; + vap_info->u.sta_info.scan_params.period = secure_rand_mod(10); vap_info = get_wifi_radio_vap_info(&data->u.decoded.radios[1], "mesh_sta"); if (vap_info == NULL) { printf("%s:%d: vap_info is NULL \n", __func__, __LINE__); @@ -819,7 +837,7 @@ void test_mesh_sta_subdoc_change(webconfig_consumer_t *consumer) data = NULL; return; } - vap_info->u.sta_info.scan_params.period = rand() % 10; + vap_info->u.sta_info.scan_params.period = secure_rand_mod(10); } // clearing the descriptor and raw json data @@ -865,7 +883,6 @@ void test_mesh_subdoc_change(webconfig_consumer_t *consumer) webconfig_subdoc_data_t *data = NULL; webconfig_error_t ret=webconfig_error_none; char test_mac[18]; - time_t t; rdk_wifi_vap_info_t *rdk_vap; mac_address_t mac; acl_entry_t *acl_entry; @@ -879,8 +896,7 @@ void test_mesh_subdoc_change(webconfig_consumer_t *consumer) return; } memset(data, 0, sizeof(webconfig_subdoc_data_t)); - srand((unsigned) time(&t)); - snprintf(test_mac, sizeof(test_mac), "%02x:%02x:%02x:%02x:%02x:%02x", 0xaa, 0xbb,0xcc,0xaa, rand() % 25, rand() % 50); + snprintf(test_mac, sizeof(test_mac), "%02x:%02x:%02x:%02x:%02x:%02x", 0xaa, 0xbb,0xcc,0xaa, secure_rand_mod(25), secure_rand_mod(50)); printf("%s:%d: current time:%llu\n", __func__, __LINE__, get_current_time_ms()); if (enable_ovsdb == true) { @@ -981,7 +997,6 @@ void test_macfilter_subdoc_change(webconfig_consumer_t *consumer) rdk_wifi_vap_info_t *rdk_vap; mac_address_t mac; acl_entry_t *acl_entry; - time_t t; char *str; str = NULL; @@ -992,9 +1007,8 @@ void test_macfilter_subdoc_change(webconfig_consumer_t *consumer) return; } memset(data, 0, sizeof(webconfig_subdoc_data_t)); - srand((unsigned) time(&t)); - snprintf(test_mac, sizeof(test_mac), "%02x:%02x:%02x:%02x:%02x:%02x", 0xaa, 0xbb,0xcc,0xdd, rand() % 25, rand() % 50); + snprintf(test_mac, sizeof(test_mac), "%02x:%02x:%02x:%02x:%02x:%02x", 0xaa, 0xbb,0xcc,0xdd, secure_rand_mod(25), secure_rand_mod(50)); printf("%s:%d: current time:%llu\n", __func__, __LINE__, get_current_time_ms()); if (enable_ovsdb == true) {