From 6e5a8865debfe858aac284fb234b6ccd5e2e3650 Mon Sep 17 00:00:00 2001 From: Rahul Tank Date: Mon, 2 Dec 2024 11:17:46 +0530 Subject: [PATCH] fix(nimble): Address few coverity reported issues 1. Overflowed constant (INTEGER_OVERFLOW): Added change to typecast value 2. Structurally dead code: Removed dead code 3. Resource leak: Added a free for allocated memory, in case of failure 4. too_few_printf_args: Corrected print statement to pass arguments 5. Fixed nesting levels 6. Fixed unused value warnings 7. Illegal memory access fix --- components/bt/common/osi/pkt_queue.c | 1 + components/bt/host/nimble/nimble | 2 +- components/wifi_provisioning/src/scheme_ble.c | 3 ++- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/components/bt/common/osi/pkt_queue.c b/components/bt/common/osi/pkt_queue.c index 81abd1f043..4c149be2c6 100644 --- a/components/bt/common/osi/pkt_queue.c +++ b/components/bt/common/osi/pkt_queue.c @@ -25,6 +25,7 @@ struct pkt_queue *pkt_queue_create(void) } if (osi_mutex_new(&queue->lock) != 0) { osi_free(queue); + return NULL; } struct pkt_queue_header *p = &queue->header; STAILQ_INIT(p); diff --git a/components/bt/host/nimble/nimble b/components/bt/host/nimble/nimble index 4cf7d046d3..16d59c062d 160000 --- a/components/bt/host/nimble/nimble +++ b/components/bt/host/nimble/nimble @@ -1 +1 @@ -Subproject commit 4cf7d046d3b8e3a572224abe25b8d93a40658ca2 +Subproject commit 16d59c062d498b7db210d9dc57255ac5d1d945ad diff --git a/components/wifi_provisioning/src/scheme_ble.c b/components/wifi_provisioning/src/scheme_ble.c index faaac06a03..c880429136 100644 --- a/components/wifi_provisioning/src/scheme_ble.c +++ b/components/wifi_provisioning/src/scheme_ble.c @@ -170,7 +170,7 @@ static esp_err_t set_config_service(void *config, const char *service_name, cons /* XXX Does it even make any sense to set truncated mfg_data ? The * only reason to not return failure from here is provisioning * should continue as it is with error prints for mfg_data length */ - mfg_data_len = MAX_BLE_MANUFACTURER_DATA_LEN - sizeof(ble_config->device_name) - 2; + mfg_data_len = (size_t)(MAX_BLE_MANUFACTURER_DATA_LEN - sizeof(ble_config->device_name) - 2); } ble_config->manufacturer_data = custom_manufacturer_data; @@ -213,6 +213,7 @@ static esp_err_t set_config_endpoint(void *config, const char *endpoint_name, ui realloc(ble_config->nu_lookup, (ble_config->nu_lookup_count + 1) * sizeof(protocomm_ble_name_uuid_t))); if (!lookup_table) { ESP_LOGE(TAG, "Error allocating memory for EP-UUID lookup table"); + free(copy_ep_name); return ESP_ERR_NO_MEM; }