From 65fc70a31a334d3b0819fd1b4069c91d73976739 Mon Sep 17 00:00:00 2001 From: Noel Eck Date: Mon, 6 Mar 2017 12:13:27 -0800 Subject: [PATCH] rf22: Static analysis fixes A few small fixes for the rf22 to satisfy klocwork. * Converted malloc's to new's to be more C++'ish and since malloc return were not checked. * Initialize data, buf, and _lastInterruptFlags * Up'ed RF22_MAX_MESSAGE_LEN to 64. Reason: void RF22::sendNextFragment() { if (_txBufSentIndex < _bufLen) { // Some left to send? uint8_t len = _bufLen - _txBufSentIndex; // But dont send too much if (len > (RF22_FIFO_SIZE - RF22_TXFFAEM_THRESHOLD - 1)) len = (RF22_FIFO_SIZE - RF22_TXFFAEM_THRESHOLD - 1); spiBurstWrite(RF22_REG_7F_FIFO_ACCESS, _buf + _txBufSentIndex, len); _txBufSentIndex += len; } } RF22_FIFO_SIZE = 64 RF22_TXFFAEM_THRESHOLD = 4 RF22_MAX_MESSAGE_LEN = 50 _buf[RF22_MAX_MESSAGE_LEN] Length of _buf *was* 50, so if the 'But dont send too much' above was to happen, the length is set to 63, which overruns _buf[RF22_MAX_MESSAGE_LEN] Signed-off-by: Noel Eck --- src/rf22/rf22.cxx | 46 ++++++++++++++++++---------------------------- src/rf22/rf22.hpp | 2 +- 2 files changed, 19 insertions(+), 29 deletions(-) diff --git a/src/rf22/rf22.cxx b/src/rf22/rf22.cxx index 55b69e65..82239e59 100644 --- a/src/rf22/rf22.cxx +++ b/src/rf22/rf22.cxx @@ -187,7 +187,7 @@ uint8_t RF22::init() // C++ level interrupt handler for this instance void RF22::handleInterrupt() { - uint8_t _lastInterruptFlags[2]; + uint8_t _lastInterruptFlags[2] = {}; // Read the interrupt flags which clears the interrupt spiBurstRead(RF22_REG_03_INTERRUPT_STATUS1, _lastInterruptFlags, 2); @@ -282,7 +282,7 @@ void RF22::reset() uint8_t RF22::spiRead(uint8_t reg) { - uint8_t data; + uint8_t data = 0; spiBurstRead (reg, &data, 1); return data; } @@ -294,52 +294,42 @@ void RF22::spiWrite(uint8_t reg, uint8_t val) void RF22::spiBurstRead(uint8_t reg, uint8_t* dest, uint8_t len) { - uint8_t *request; - uint8_t *response; - - request = (uint8_t *) malloc(sizeof(uint8_t) * (len + 1)); - response = (uint8_t *) malloc(sizeof(uint8_t) * (len + 1)); - memset(request, 0x00, len + 1); - memset(response, 0x00, len + 1); - + uint8_t *request = new uint8_t[len + 1](); + uint8_t *response = new uint8_t[len + 1](); + request[0] = reg & ~RF22_SPI_WRITE_MASK; memcpy (&request[1], dest, len); - + mraa_gpio_write(_cs, 0x1); mraa_gpio_write(_cs, 0x0); usleep(100); mraa_spi_transfer_buf(_spi, request, response, len + 1); usleep(100); mraa_gpio_write(_cs, 0x1); - + memcpy (dest, &response[1], len); - - free (request); - free (response); + + delete[] request; + delete[] response; } void RF22::spiBurstWrite(uint8_t reg, const uint8_t* src, uint8_t len) { - uint8_t *request; - uint8_t *response; - - request = (uint8_t *) malloc(sizeof(uint8_t) * (len + 1)); - response = (uint8_t *) malloc(sizeof(uint8_t) * (len + 1)); - memset(request, 0x00, len + 1); - memset(response, 0x00, len + 1); - + uint8_t *request = new uint8_t[len + 1](); + uint8_t *response = new uint8_t[len + 1](); + request[0] = reg | RF22_SPI_WRITE_MASK; memcpy (&request[1], src, len); - + mraa_gpio_write(_cs, 0x1); mraa_gpio_write(_cs, 0x0); usleep(100); mraa_spi_transfer_buf(_spi, request, response, len + 1); usleep(100); mraa_gpio_write(_cs, 0x1); - - free (request); - free (response); + + delete[] request; + delete[] response; } uint8_t RF22::statusRead() @@ -373,7 +363,7 @@ uint8_t RF22::temperatureRead(uint8_t tsrange, uint8_t tvoffs) uint16_t RF22::wutRead() { - uint8_t buf[2]; + uint8_t buf[2] = {}; spiBurstRead(RF22_REG_17_WAKEUP_TIMER_VALUE1, buf, 2); return ((uint16_t)buf[0] << 8) | buf[1]; // Dont rely on byte order } diff --git a/src/rf22/rf22.hpp b/src/rf22/rf22.hpp index 8a50ce0f..e1f006f7 100644 --- a/src/rf22/rf22.hpp +++ b/src/rf22/rf22.hpp @@ -41,7 +41,7 @@ // Can be pre-defined to a smaller size (to save SRAM) prior to including this header #ifndef RF22_MAX_MESSAGE_LEN //#define RF22_MAX_MESSAGE_LEN 255 -#define RF22_MAX_MESSAGE_LEN 50 +#define RF22_MAX_MESSAGE_LEN 64 #endif // Max number of octets the RF22 Rx and Tx FIFOs can hold