remove coverity bugs

src/server/ua_server.c

@@ -11,8 +11,7 @@
 #include "ua_services.h"
 #include "ua_nodeids.h"
 
-const char *UA_LoggerCategoryNames[3] =
-    {"communication", "server", "userland"};
+const char *UA_LoggerCategoryNames[3] = {"communication", "server", "userland"};
 
 /**********************/
 /* Namespace Handling */

src/server/ua_services_nodemanagement.c

@@ -313,6 +313,7 @@ void Service_AddReferences(UA_Server *server, UA_Session *session, const UA_AddR
 				response->diagnosticInfos);
 	}
 	/* ### End External Namespaces */
+
 	response->resultsSize = size;
 	for(UA_Int32 i = 0; i < response->resultsSize; i++) {
 		if(!isExternal[i])

src/server/ua_services_session.c

@@ -7,6 +7,14 @@
 void Service_CreateSession(UA_Server *server, UA_SecureChannel *channel,
                            const UA_CreateSessionRequest *request,
                            UA_CreateSessionResponse *response) {
+
+    response->serverEndpoints = UA_malloc(sizeof(UA_EndpointDescription));
+    if(!response->serverEndpoints || (response->responseHeader.serviceResult =
+        UA_EndpointDescription_copy(server->endpointDescriptions, response->serverEndpoints)) !=
+       UA_STATUSCODE_GOOD)
+        return;
+    response->serverEndpointsSize = 1;
+
     // creates a session and adds a pointer to the channel. Only when the
     // session is activated will the channel point to the session as well
 	UA_Session *newSession;
@@ -14,19 +22,17 @@ void Service_CreateSession(UA_Server *server, UA_SecureChannel *channel,
 	if(response->responseHeader.serviceResult != UA_STATUSCODE_GOOD)
 		return;
 
-    //TODO get maxResponseMessageSize
-    UA_String_copy(&request->sessionName, &newSession->sessionName);
+    //TODO get maxResponseMessageSize internally
     newSession->maxResponseMessageSize = request->maxResponseMessageSize;
-    
     response->sessionId = newSession->sessionId;
     response->revisedSessionTimeout = newSession->timeout;
     response->authenticationToken = newSession->authenticationToken;
-    UA_ByteString_copy(&server->serverCertificate, &response->serverCertificate);
-
-    response->serverEndpointsSize = 1;
-    response->serverEndpoints = UA_malloc(sizeof(UA_EndpointDescription));
-    UA_EndpointDescription_copy(server->endpointDescriptions, response->serverEndpoints);
-    
+    response->responseHeader.serviceResult = UA_String_copy(&request->sessionName, &newSession->sessionName);
+    response->responseHeader.serviceResult |= UA_ByteString_copy(&server->serverCertificate, &response->serverCertificate);
+    if(response->responseHeader.serviceResult != UA_STATUSCODE_GOOD) {
+        UA_SessionManager_removeSession(&server->sessionManager, &newSession->sessionId);
+         return;
+    }
 }
 
 void Service_ActivateSession(UA_Server *server,UA_SecureChannel *channel,
@@ -48,19 +54,15 @@ void Service_CloseSession(UA_Server *server, const UA_CloseSessionRequest *reque
                               UA_CloseSessionResponse *response) {
 	UA_Session *foundSession;
 	UA_SessionManager_getSessionByToken(&server->sessionManager,
-			(const UA_NodeId*)&request->requestHeader.authenticationToken,
-			&foundSession);
+			(const UA_NodeId*)&request->requestHeader.authenticationToken, &foundSession);
 
 	if(foundSession == UA_NULL){
 		response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
 		return;
 	}
 
-
-	if(UA_SessionManager_removeSession(&server->sessionManager, &foundSession->sessionId) == UA_STATUSCODE_GOOD){
+	if(UA_SessionManager_removeSession(&server->sessionManager, &foundSession->sessionId) == UA_STATUSCODE_GOOD)
 		response->responseHeader.serviceResult = UA_STATUSCODE_GOOD;
-	}else{
-		//still not 100% sure about the return code
+	else
 		response->responseHeader.serviceResult = UA_STATUSCODE_BADSECURECHANNELIDINVALID;
-	}
 }

src/server/ua_services_view.c

@@ -43,18 +43,19 @@ static UA_StatusCode fillReferenceDescription(UA_NodeStore *ns, const UA_Node *c
 
 /* Tests if the node is relevant to the browse request and shall be returned. If
    so, it is retrieved from the Nodestore. If not, null is returned. */
-static const UA_Node *
-getRelevantTargetNode(UA_NodeStore *ns, const UA_BrowseDescription *browseDescription, UA_Boolean returnAll,
-                      UA_ReferenceNode *reference, UA_NodeId *relevantRefTypes, UA_UInt32 relevantRefTypesCount) {
-    if(reference->isInverse == UA_TRUE && browseDescription->browseDirection == UA_BROWSEDIRECTION_FORWARD)
+static const UA_Node * getRelevantTargetNode(UA_NodeStore *ns, const UA_BrowseDescription *browseDescription,
+                                             UA_Boolean returnAll, UA_ReferenceNode *reference,
+                                             UA_NodeId *relevantRefTypes, size_t relevantRefTypesCount) {
+    if(reference->isInverse == UA_TRUE &&
+       browseDescription->browseDirection == UA_BROWSEDIRECTION_FORWARD)
         return UA_NULL;
-
-    else if(reference->isInverse == UA_FALSE && browseDescription->browseDirection == UA_BROWSEDIRECTION_INVERSE)
+    else if(reference->isInverse == UA_FALSE &&
+            browseDescription->browseDirection == UA_BROWSEDIRECTION_INVERSE)
         return UA_NULL;
 
     UA_Boolean isRelevant = returnAll;
     if(!isRelevant) {
-        for(UA_UInt32 i = 0;i < relevantRefTypesCount;i++) {
+        for(size_t i = 0;i < relevantRefTypesCount;i++) {
             if(UA_NodeId_equal(&reference->referenceTypeId, &relevantRefTypes[i]))
                 isRelevant = UA_TRUE;
         }
@@ -63,25 +64,21 @@ getRelevantTargetNode(UA_NodeStore *ns, const UA_BrowseDescription *browseDescri
     }
 
     const UA_Node *node = UA_NodeStore_get(ns, &reference->targetId.nodeId);
-    if(!node)
-        return UA_NULL;
-
-    if(browseDescription->nodeClassMask != 0 && (node->nodeClass & browseDescription->nodeClassMask) == 0) {
+    if(node && browseDescription->nodeClassMask != 0 && (node->nodeClass & browseDescription->nodeClassMask) == 0) {
         UA_NodeStore_release(node);
-        return UA_NULL;
+        node = UA_NULL;
     }
-
     return node;
 }
 
 /* We do not search across namespaces so far. The id of the root-referencetype
    is returned in the array also. */
 static UA_StatusCode findRelevantReferenceTypes(UA_NodeStore *ns, const UA_NodeId *rootReferenceType,
-                                                UA_NodeId **referenceTypes, UA_UInt32 *referenceTypesSize) {
+                                                UA_NodeId **referenceTypes, size_t *referenceTypesSize) {
     /* The references form a tree. We walk the tree by adding new nodes to the end of the array. */
-    UA_UInt32 currentIndex = 0;
-    UA_UInt32 currentLastIndex = 0;
-    UA_UInt32 currentArraySize = 20; // should be more than enough. if not, increase the array size.
+    size_t currentIndex = 0;
+    size_t currentLastIndex = 0;
+    size_t currentArraySize = 20; // should be more than enough. if not, increase the array size.
     UA_NodeId *typeArray = UA_malloc(sizeof(UA_NodeId) * currentArraySize);
     if(!typeArray)
         return UA_STATUSCODE_BADOUTOFMEMORY;
@@ -143,16 +140,16 @@ static UA_StatusCode findRelevantReferenceTypes(UA_NodeStore *ns, const UA_NodeI
 /* Results for a single browsedescription. */
 static void getBrowseResult(UA_NodeStore *ns, const UA_BrowseDescription *browseDescription,
                             UA_UInt32 maxReferences, UA_BrowseResult *browseResult) {
-    UA_UInt32  relevantReferenceTypesSize = 0;
+    size_t relevantReferenceTypesSize = 0;
     UA_NodeId *relevantReferenceTypes = UA_NULL;
 
     // if the referencetype is null, all referencetypes are returned
     UA_Boolean returnAll = UA_NodeId_isNull(&browseDescription->referenceTypeId);
     if(!returnAll) {
         if(browseDescription->includeSubtypes) {
-            browseResult->statusCode = findRelevantReferenceTypes(ns, &browseDescription->referenceTypeId,
-                                                                  &relevantReferenceTypes,
-                                                                  &relevantReferenceTypesSize);
+            browseResult->statusCode =
+                findRelevantReferenceTypes(ns, &browseDescription->referenceTypeId, &relevantReferenceTypes,
+                                           &relevantReferenceTypesSize);
             if(browseResult->statusCode != UA_STATUSCODE_GOOD)
                 return;
         } else {
@@ -170,16 +167,14 @@ static void getBrowseResult(UA_NodeStore *ns, const UA_BrowseDescription *browse
         return;
     }
 
-    maxReferences = parentNode->referencesSize; // 0 => unlimited references
-    if(maxReferences <= 0 || maxReferences > UA_INT32_MAX ||
-       (UA_Int32)maxReferences > parentNode->referencesSize) {
-        if(parentNode->referencesSize <= 0) {
-            browseResult->referencesSize = 0;
-            return;
-        }
-        else
-            maxReferences = parentNode->referencesSize;
+    if(parentNode->referencesSize <= 0) {
+        UA_NodeStore_release(parentNode);
+        browseResult->referencesSize = 0;
+        if(!returnAll)
+            UA_Array_delete(relevantReferenceTypes, &UA_TYPES[UA_TYPES_NODEID], relevantReferenceTypesSize);
+        return;
     }
+    maxReferences = parentNode->referencesSize; // 0 => unlimited references
 
     /* We allocate an array that is probably too big. But since most systems
        have more than enough memory, this has zero impact on speed and
@@ -188,13 +183,12 @@ static void getBrowseResult(UA_NodeStore *ns, const UA_BrowseDescription *browse
     if(!browseResult->references) {
         browseResult->statusCode = UA_STATUSCODE_BADOUTOFMEMORY;
     } else {
-        UA_UInt32 currentRefs = 0;
+        size_t currentRefs = 0;
         for(UA_Int32 i = 0;i < parentNode->referencesSize && currentRefs < maxReferences;i++) {
             // 1) Is the node relevant? If yes, the node is retrieved from the nodestore.
-            const UA_Node *currentNode = getRelevantTargetNode(ns, browseDescription, returnAll,
-                                                               &parentNode->references[i],
-                                                               relevantReferenceTypes,
-                                                               relevantReferenceTypesSize);
+            const UA_Node *currentNode =
+                getRelevantTargetNode(ns, browseDescription, returnAll, &parentNode->references[i],
+                                      relevantReferenceTypes, relevantReferenceTypesSize);
             if(!currentNode)
                 continue;
 
@@ -259,13 +253,11 @@ void Service_Browse(UA_Server *server, UA_Session *session, const UA_BrowseReque
     }
     /* ### End External Namespaces */
 
-
     response->resultsSize = size;
     for(size_t i = 0;i < size;i++){
-        if(!isExternal[i]) {
+        if(!isExternal[i])
             getBrowseResult(server->nodestore, &request->nodesToBrowse[i],
                         request->requestedMaxReferencesPerNode, &response->results[i]);
-        }
     }
 }
 

src/ua_types.c

@@ -120,20 +120,18 @@ UA_StatusCode UA_String_copy(UA_String const *src, UA_String *dst) {
 
 /* The c-string needs to be null-terminated. the string cannot be smaller than zero. */
 UA_Int32 UA_String_copycstring(char const *src, UA_String *dst) {
-    UA_UInt32 length = (UA_UInt32) strlen(src);
+    UA_String_init(dst);
+    size_t length = (UA_UInt32) strlen(src);
     if(length == 0) {
         dst->length = 0;
         dst->data = UA_NULL;
         return UA_STATUSCODE_GOOD;
     }
     dst->data = UA_malloc(length);
-    if(dst->data != UA_NULL) {
-        UA_memcpy(dst->data, src, length);
-        dst->length = (UA_Int32) (length & ~(1<<31)); // the highest bit is always zero to avoid overflows into negative values
-    } else {
-        dst->length = -1;
+    if(!dst->data)
         return UA_STATUSCODE_BADOUTOFMEMORY;
-    }
+    UA_memcpy(dst->data, src, length);
+    dst->length = length;
     return UA_STATUSCODE_GOOD;
 }