Coverity-fixes in armsrc

2025-02-13 02:34:48 +08:00 · 2014-10-28 21:44:17 +01:00 · 2014-10-28 21:44:17 +01:00 · 2ed270a854
commit 2ed270a854
parent 97d582a692
6 changed files with 104 additions and 91 deletions
--- a/armsrc/epa.c
+++ b/armsrc/epa.c
@ -419,7 +419,7 @@ int EPA_Setup()
 	// return code
 	int return_code = 0;
 	// card UID
-	uint8_t uid[8];
+	uint8_t uid[10];
 	// card select information
 	iso14a_card_select_t card_select_info;
 	// power up the field
--- a/armsrc/hitag2.c
+++ b/armsrc/hitag2.c
@ -1140,7 +1140,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
 		case RHT2F_PASSWORD: {
      Dbprintf("List identifier in password mode");
 			memcpy(password,htd->pwd.password,4);
-      blocknr = 0;
+      		blocknr = 0;
 			bQuitTraceFull = false;
 			bQuiet = false;
 			bPwd = false;
@ -1158,7 +1158,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
      
 		case RHT2F_CRYPTO: {
 			DbpString("Authenticating using key:");
-			memcpy(key,htd->crypto.key,6);
+			memcpy(key,htd->crypto.key,4);
 			Dbhexdump(6,key,false);
      blocknr = 0;
 			bQuiet = false;
--- a/armsrc/iclass.c
+++ b/armsrc/iclass.c
@ -1295,20 +1295,23 @@ static void TransmitIClassCommand(const uint8_t *cmd, int len, int *samples, int
  FpgaSetupSsc();

   if (wait)
-    if(*wait < 10)
-      *wait = 10;
+   {
+     if(*wait < 10) *wait = 10;
+     
+     for(c = 0; c < *wait;) {
+       if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
+         AT91C_BASE_SSC->SSC_THR = 0x00;		// For exact timing!
+         c++;
+       }
+       if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
+         volatile uint32_t r = AT91C_BASE_SSC->SSC_RHR;
+         (void)r;
+       }
+       WDT_HIT();
+     }
+
+   }

-  for(c = 0; c < *wait;) {
-    if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
-      AT91C_BASE_SSC->SSC_THR = 0x00;		// For exact timing!
-      c++;
-    }
-    if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
-      volatile uint32_t r = AT91C_BASE_SSC->SSC_RHR;
-      (void)r;
-    }
-    WDT_HIT();
-  }

  uint8_t sendbyte;
  bool firstpart = TRUE;
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@ -1726,7 +1726,13 @@ int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, u
    if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) {
      // Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of:
      // http://www.nxp.com/documents/application_note/AN10927.pdf
-      memcpy(uid_resp, uid_resp + 1, 3);
+      // This was earlier:
+      //memcpy(uid_resp, uid_resp + 1, 3);
+      // But memcpy should not be used for overlapping arrays, 
+      // and memmove appears to not be available in the arm build. 
+      // So this has been replaced with a for-loop:
+      for(int xx = 0; xx < 3; xx++) uid_resp[xx] = uid_resp[xx+1];
+
      uid_resp_len = 3;
    }

@ -1936,7 +1942,8 @@ void ReaderMifare(bool first_try)
 	uint8_t uid[10];
 	uint32_t cuid;

-	uint32_t nt, previous_nt;
+	uint32_t nt =0 ;
+	uint32_t previous_nt = 0;
 	static uint32_t nt_attacked = 0;
 	byte_t par_list[8] = {0,0,0,0,0,0,0,0};
 	byte_t ks_list[8] = {0,0,0,0,0,0,0,0};
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@ -1456,78 +1456,81 @@ int DemodPCF7931(uint8_t **outBlocks) {
 	
 	for (bitidx = 0; i < GraphTraceLen; i++)
 	{
-    if ( (GraphBuffer[i-1] > GraphBuffer[i] && dir == 1 && GraphBuffer[i] > lmax) || (GraphBuffer[i-1] < GraphBuffer[i] && dir == 0 && GraphBuffer[i] < lmin))
-    {
-      lc = i - lastval;
-      lastval = i;
-      
-      // Switch depending on lc length:
-      // Tolerance is 1/8 of clock rate (arbitrary)
-      if (abs(lc-clock/4) < tolerance) {
-        // 16T0
-        if((i - pmc) == lc) { /* 16T0 was previous one */
-          /* It's a PMC ! */
-          i += (128+127+16+32+33+16)-1;
-          lastval = i;
-          pmc = 0;
-          block_done = 1;
-        }
-        else {
-          pmc = i;
-        }
-      } else if (abs(lc-clock/2) < tolerance) {
-        // 32TO
-        if((i - pmc) == lc) { /* 16T0 was previous one */
-          /* It's a PMC ! */
-          i += (128+127+16+32+33)-1;
-          lastval = i;
-          pmc = 0;
-          block_done = 1;
-        }
-        else if(half_switch == 1) {
-          BitStream[bitidx++] = 0;
-          half_switch = 0;
-        }
-        else
-          half_switch++;
-      } else if (abs(lc-clock) < tolerance) {
-        // 64TO
-        BitStream[bitidx++] = 1;
-      } else {
-        // Error
-        warnings++;
-        if (warnings > 10)
-        {
-          Dbprintf("Error: too many detection errors, aborting.");
-          return 0;
-        }
-      }
-      
-      if(block_done == 1) {
-        if(bitidx == 128) {
-          for(j=0; j<16; j++) {
-            Blocks[num_blocks][j] = 128*BitStream[j*8+7]+
-            64*BitStream[j*8+6]+
-            32*BitStream[j*8+5]+
-            16*BitStream[j*8+4]+
-            8*BitStream[j*8+3]+
-            4*BitStream[j*8+2]+
-            2*BitStream[j*8+1]+
-            BitStream[j*8];
-          }
-          num_blocks++;
-        }
-        bitidx = 0;
-        block_done = 0;
-        half_switch = 0;
-      }
-      if (GraphBuffer[i-1] > GraphBuffer[i]) dir=0;
-      else dir = 1;
-    }
-    if(bitidx==255)
-      bitidx=0;
-    warnings = 0;
-    if(num_blocks == 4) break;
+	    if ( (GraphBuffer[i-1] > GraphBuffer[i] && dir == 1 && GraphBuffer[i] > lmax) || (GraphBuffer[i-1] < GraphBuffer[i] && dir == 0 && GraphBuffer[i] < lmin))
+	    {
+	      lc = i - lastval;
+	      lastval = i;
+	      
+	      // Switch depending on lc length:
+	      // Tolerance is 1/8 of clock rate (arbitrary)
+	      if (abs(lc-clock/4) < tolerance) {
+	        // 16T0
+	        if((i - pmc) == lc) { /* 16T0 was previous one */
+	          /* It's a PMC ! */
+	          i += (128+127+16+32+33+16)-1;
+	          lastval = i;
+	          pmc = 0;
+	          block_done = 1;
+	        }
+	        else {
+	          pmc = i;
+	        }
+	      } else if (abs(lc-clock/2) < tolerance) {
+	        // 32TO
+	        if((i - pmc) == lc) { /* 16T0 was previous one */
+	          /* It's a PMC ! */
+	          i += (128+127+16+32+33)-1;
+	          lastval = i;
+	          pmc = 0;
+	          block_done = 1;
+	        }
+	        else if(half_switch == 1) {
+	          BitStream[bitidx++] = 0;
+	          half_switch = 0;
+	        }
+	        else
+	          half_switch++;
+	      } else if (abs(lc-clock) < tolerance) {
+	        // 64TO
+	        BitStream[bitidx++] = 1;
+	      } else {
+	        // Error
+	        warnings++;
+	        if (warnings > 10)
+	        {
+	          Dbprintf("Error: too many detection errors, aborting.");
+	          return 0;
+	        }
+	      }
+	      
+	      if(block_done == 1) {
+	        if(bitidx == 128) {
+	          for(j=0; j<16; j++) {
+	            Blocks[num_blocks][j] = 128*BitStream[j*8+7]+
+	            64*BitStream[j*8+6]+
+	            32*BitStream[j*8+5]+
+	            16*BitStream[j*8+4]+
+	            8*BitStream[j*8+3]+
+	            4*BitStream[j*8+2]+
+	            2*BitStream[j*8+1]+
+	            BitStream[j*8];
+	          }
+	          num_blocks++;
+	        }
+	        bitidx = 0;
+	        block_done = 0;
+	        half_switch = 0;
+	      }
+	      if(i < GraphTraceLen)
+	      {
+		      if (GraphBuffer[i-1] > GraphBuffer[i]) dir=0;
+		      else dir = 1;	      	
+	      }
+	    }
+	    if(bitidx==255)
+	      bitidx=0;
+	    warnings = 0;
+	    if(num_blocks == 4) break;
 	}
 	memcpy(outBlocks, Blocks, 16*num_blocks);
 	return num_blocks;
--- a/armsrc/util.c
+++ b/armsrc/util.c
@ -225,7 +225,7 @@ void FormatVersionInformation(char *dst, int len, const char *prefix, void *vers
 {
 	struct version_information *v = (struct version_information*)version_information;
 	dst[0] = 0;
-	strncat(dst, prefix, len);
+	strncat(dst, prefix, len-1);
 	if(v->magic != VERSION_INFORMATION_MAGIC) {
 		strncat(dst, "Missing/Invalid version information", len - strlen(dst) - 1);
 		return;