Fix some missing frees, null dereferences and missing initialisation picked up by clang-analyzer

2025-07-16 10:03:04 -07:00 · 2024-01-16 00:22:53 +10:00 · 2024-01-16 00:22:53 +10:00 · d2d6f80d11
commit d2d6f80d11
parent 5db2276602
11 changed files with 24 additions and 15 deletions
--- a/client/deps/hardnested/hardnested_bruteforce.c
+++ b/client/deps/hardnested/hardnested_bruteforce.c
@ -493,6 +493,8 @@ float brute_force_benchmark(void) {
    if (!read_bench_data(test_candidates)) {
        PrintAndLogEx(NORMAL, "Couldn't read benchmark data. Assuming brute force rate of %1.0f states per second", DEFAULT_BRUTE_FORCE_RATE);
        free(test_candidates[0].states[ODD_STATE]);
        free(test_candidates[0].states[EVEN_STATE]);
        return DEFAULT_BRUTE_FORCE_RATE;
    }
@ -515,5 +517,3 @@ float brute_force_benchmark(void) {
    test_candidates[0].len[EVEN_STATE] = 0;
    return bf_rate;
 }
--- a/client/src/cmdhf14a.c
+++ b/client/src/cmdhf14a.c
@ -832,7 +832,7 @@ int CmdHF14ASim(const char *Cmd) {
    clearCommandBuffer();
    SendCommandNG(CMD_HF_ISO14443A_SIMULATE, (uint8_t *)&payload, sizeof(payload));
-    PacketResponseNG resp;
+    PacketResponseNG resp = {0};
    sector_t *k_sector = NULL;
    size_t k_sectors_cnt = MIFARE_4K_MAXSECTOR;
--- a/client/src/cmdhf15.c
+++ b/client/src/cmdhf15.c
@ -968,6 +968,7 @@ static int CmdHF15Info(const char *Cmd) {
    if (scan) {
        if (getUID(true, false, uid) != PM3_SUCCESS) {
            PrintAndLogEx(WARNING, "no tag found");
            free(packet);
            return PM3_EINVARG;
        }
        uidlen = HF15_UID_LENGTH;
@ -1625,6 +1626,7 @@ static int CmdHF15WriteDsfid(const char *Cmd) {
        if (scan) {
            if (getUID(verbose, false, uid) != PM3_SUCCESS) {
                PrintAndLogEx(WARNING, "no tag found");
                free(packet);
                return PM3_EINVARG;
            }
            uidlen = HF15_UID_LENGTH;
@ -1743,6 +1745,7 @@ static int CmdHF15Dump(const char *Cmd) {
        // default fallback to scan for tag. Overriding unaddress parameter
        if (scan) {
            if (getUID(verbose, false, uid) != PM3_SUCCESS) {
                free(packet);
                PrintAndLogEx(WARNING, "no tag found");
                return PM3_EINVARG;
            }
@ -2098,6 +2101,7 @@ static int CmdHF15Readmulti(const char *Cmd) {
    if (unaddressed == false) {
        if (scan) {
            if (getUID(verbose, false, uid) != PM3_SUCCESS) {
                free(packet);
                PrintAndLogEx(WARNING, "no tag found");
                return PM3_EINVARG;
            }
@ -2250,6 +2254,7 @@ static int CmdHF15Readblock(const char *Cmd) {
        // default fallback to scan for tag. Overriding unaddress parameter
        if (scan) {
            if (getUID(verbose, false, uid) != PM3_SUCCESS) {
                free(packet);
                PrintAndLogEx(WARNING, "no tag found");
                return PM3_EINVARG;
            }
--- a/client/src/cmdhfcryptorf.c
+++ b/client/src/cmdhfcryptorf.c
@ -281,12 +281,12 @@ static int CmdHFCryptoRFDump(const char *Cmd) {
    bool m512 = arg_get_lit(ctx, 3);
    CLIParserFree(ctx);
-    if (m512 + m64 > 1) {
+    if (m512 + m64 != 1) {
        PrintAndLogEx(INFO, "Select only one card memory size");
        return PM3_EINVARG;
    }
-    uint16_t cardsize = 0;
+    uint16_t cardsize;
    uint8_t blocks = 0;
    if (m64) {
        cardsize = (512 / 8) + 4;
@ -550,4 +550,3 @@ int CmdHFCryptoRF(const char *Cmd) {
    clearCommandBuffer();
    return CmdsParse(CommandTable, Cmd);
 }
--- a/client/src/cmdhfemrtd.c
+++ b/client/src/cmdhfemrtd.c
@ -2043,6 +2043,7 @@ int infoHF_EMRTD_offline(const char *path) {
    // coverity scan CID 395630,
    if (data == NULL) {
        free(filepath);
        return PM3_ESOFT;
    }
--- a/client/src/cmdlf.c
+++ b/client/src/cmdlf.c
@ -292,6 +292,7 @@ int CmdLFCommandRead(const char *Cmd) {
    payload.samples = samples;
    payload.keep_field_on = keep_field_on;
    payload.verbose = verbose;
    memset(payload.symbol_extra, 0, sizeof(payload.symbol_extra));
    if (add_crc_ht && (cmd_len <= 120)) {
        // Hitag 1, Hitag S, ZX8211
@ -734,6 +735,7 @@ static int lf_read_internal(bool realtime, bool verbose, uint64_t samples) {
        int result = set_fpga_mode(FPGA_BITSTREAM_LF);
        if (result != PM3_SUCCESS) {
            PrintAndLogEx(FAILED, "failed to load LF bitstream to FPGA");
            free(realtimeBuf);
            return result;
        }
@ -860,6 +862,7 @@ int lf_sniff(bool realtime, bool verbose, uint64_t samples) {
        int result = set_fpga_mode(FPGA_BITSTREAM_LF);
        if (result != PM3_SUCCESS) {
            PrintAndLogEx(FAILED, "failed to load LF bitstream to FPGA");
            free(realtimeBuf);
            return result;
        }
--- a/client/src/cmdlft55xx.c
+++ b/client/src/cmdlft55xx.c
@ -1853,7 +1853,7 @@ static int CmdT55xxReadTrace(const char *Cmd) {
        ct = localtime_r(&now, &tm_buf);
 #endif
-        if (data.year > ct->tm_year - 110)
+        if (ct != NULL && (data.year > ct->tm_year - 110))
            data.year += 2000;
        else
            data.year += 2010;
@ -4419,4 +4419,3 @@ int CmdLFT55XX(const char *Cmd) {
    clearCommandBuffer();
    return CmdsParse(CommandTable, Cmd);
 }
--- a/client/src/cmdsmartcard.c
+++ b/client/src/cmdsmartcard.c
@ -1091,6 +1091,7 @@ static int CmdSmartBruteforceSFI(const char *Cmd) {
        if (json_is_object(data) == false) {
            PrintAndLogEx(ERR, "\ndata %d is not an object\n", i + 1);
            json_decref(root);
            free(buf);
            return PM3_ESOFT;
        }
@ -1098,6 +1099,7 @@ static int CmdSmartBruteforceSFI(const char *Cmd) {
        if (json_is_string(jaid) == false) {
            PrintAndLogEx(ERR, "\nAID data [%d] is not a string", i + 1);
            json_decref(root);
            free(buf);
            return PM3_ESOFT;
        }
@ -1459,5 +1461,3 @@ bool smart_select(bool verbose, smart_card_atr_t *atr) {
    return true;
 }
--- a/client/src/scripting.c
+++ b/client/src/scripting.c
@ -1333,11 +1333,12 @@ static int l_cwd(lua_State *L) {
    while (GetCurrentDir(cwd, path_len) == NULL) {
        if (errno == ERANGE) {  // Need bigger buffer
            path_len += 10;      // if buffer was too small add 10 characters and try again
-            cwd = realloc(cwd, path_len);
+            char* cwdNew = realloc(cwd, path_len);
-            if (cwd == NULL) {
+            if (cwdNew == NULL) {
                free(cwd);
                return returnToLuaWithError(L, "Failed to allocate memory");
            }
            cwd = cwdNew;
        } else {
            free(cwd);
            return returnToLuaWithError(L, "Failed to get current working directory");
--- a/client/src/uart/uart_win32.c
+++ b/client/src/uart/uart_win32.c
@ -85,13 +85,14 @@ static int uart_reconfigure_timeouts_polling(serial_port sp) {
 serial_port uart_open(const char *pcPortName, uint32_t speed, bool slient) {
    char acPortName[255] = {0};
    serial_port_windows_t *sp = calloc(sizeof(serial_port_windows_t), sizeof(uint8_t));
    sp->hSocket = INVALID_SOCKET; // default: serial port
    if (sp == 0) {
        PrintAndLogEx(WARNING, "UART failed to allocate memory\n");
        return INVALID_SERIAL_PORT;
    }
    sp->hSocket = INVALID_SOCKET; // default: serial port
    sp->udpBuffer = NULL;
    rx_empty_counter = 0;
    g_conn.send_via_local_ip = false;
--- a/client/src/ui.c
+++ b/client/src/ui.c
@ -119,7 +119,7 @@ int searchHomeFilePath(char **foundpath, const char *subdir, const char *filenam
        pathlen += strlen(subdir);
        char *tmp = realloc(path, pathlen * sizeof(char));
        if (tmp == NULL) {
-            //free(path);
+            free(path);
            return PM3_EMALLOC;
        }
        path = tmp;
@ -156,7 +156,7 @@ int searchHomeFilePath(char **foundpath, const char *subdir, const char *filenam
    pathlen += strlen(filename);
    char *tmp = realloc(path, pathlen * sizeof(char));
    if (tmp == NULL) {
-        //free(path);
+        free(path);
        return PM3_EMALLOC;
    }