some coverity fixes plus fix fdx help (#328)

* coverity fixes

cmdhflegic- indications are the i in calls to data_buf[i] could = 1052
and overflow the array.
cmdhfmfhard - +1 to add space for string null terminator - should we add
the 0 terminator value too?
reveng.c - memory leak
util.c - fix potential overflow of array buf[]
util_posix.c - possible integer overflow

* fix help errors

* fix sprint_hex_ascii

again
and this function is not even used anywhere... yet...

client/cmdhflegic.c

@@ -59,7 +59,7 @@ int CmdLegicDecode(const char *Cmd)
   int crc = 0;
   int wrp = 0;
   int wrc = 0;
-  uint8_t data_buf[1052]; // receiver buffer
+  uint8_t data_buf[1053]; // receiver buffer
   char out_string[3076]; // just use big buffer - bad practice
   char token_type[4];
   

client/cmdhfmfhard.c

@@ -247,7 +247,7 @@ static void init_bitflip_bitarrays(void)
 #endif	
 
 	char state_files_path[strlen(get_my_executable_directory()) + strlen(STATE_FILES_DIRECTORY) + strlen(STATE_FILE_TEMPLATE) + 1];
-	char state_file_name[strlen(STATE_FILE_TEMPLATE)];
+	char state_file_name[strlen(STATE_FILE_TEMPLATE)+1];
 	
 	for (odd_even_t odd_even = EVEN_STATE; odd_even <= ODD_STATE; odd_even++) {
 		num_effective_bitflips[odd_even] = 0;

client/cmdlffdx.c

@@ -47,7 +47,7 @@ static int CmdHelp(const char *Cmd);
 
 int usage_lf_fdx_clone(void){
 	PrintAndLog("Clone a FDX-B animal tag to a T55x7 tag.");
-	PrintAndLog("Usage: lf animal clone [h] <country id> <animal id> <Q5>");
+	PrintAndLog("Usage: lf fdx clone [h] <country id> <animal id> <Q5>");
 	PrintAndLog("Options:");
 	PrintAndLog("      h            : This help");
 	PrintAndLog("      <country id> : Country id");
@@ -66,13 +66,13 @@ int usage_lf_fdx_sim(void) {
 	PrintAndLog("Enables simulation of FDX-B animal tag");
 	PrintAndLog("Simulation runs until the button is pressed or another USB command is issued.");
 	PrintAndLog("");
-	PrintAndLog("Usage:  lf animal sim [h] <country id> <animal id>");
+	PrintAndLog("Usage:  lf fdx sim [h] <country id> <animal id>");
 	PrintAndLog("Options:");
 	PrintAndLog("      h            : This help");
 	PrintAndLog("      <country id> : Country ID");
 	PrintAndLog("      <animal id>  : Animal ID");
 	PrintAndLog("");
-	PrintAndLog("Sample: lf animal sim 999 112233");
+	PrintAndLog("Sample: lf fdx sim 999 112233");
 	return 0;
 }
 // clearing the topbit needed for the preambl detection. 

client/reveng/reveng.c

@@ -257,6 +257,7 @@ engini(int *resc, model_t **result, const poly_t divisor, int flags, int args, c
 		palloc(&apoly, dlen);
 		calini(resc, result, divisor, flags, apoly, args, argpolys);
 		pfree(&apoly);
+		free(mat);
 		return;
 	}
 

client/util.c

@@ -193,13 +193,14 @@ char *sprint_hex_ascii(const uint8_t *data, const size_t len) {
 	static char buf[1024];
 	char *tmp = buf;
 	memset(buf, 0x00, 1024);
-	size_t max_len = (len > 1010) ? 1010 : len;
+	size_t max_len = (len > 255) ? 255 : len;
-
+	// max 255 bytes * 3 + 2 characters = 767 in buffer
 	sprintf(tmp, "%s| ", sprint_hex(data, max_len) );
 	
 	size_t i = 0;
 	size_t pos = (max_len * 3)+2;
-	while(i < max_len){
+	// add another 255 characters ascii = 1020 characters of buffer used
+	while(i < max_len) {
 		char c = data[i];
 		if ( (c < 32) || (c == 127))
 			c = '.';

client/util_posix.c

@@ -31,7 +31,7 @@ static void nsleep(uint64_t n) {
 }
 
 void msleep(uint32_t n) {
-	nsleep(1000000 * n);
+	nsleep(1000000 * (uint64_t)n);
 }
 #endif // _WIN32