From 24767a0c66a4b4332486b634be73c7084a306424 Mon Sep 17 00:00:00 2001
From: Bruno Herrera <bruherrera@gmail.com>
Date: Mon, 25 Sep 2017 07:17:09 -0600
Subject: [PATCH] Fixes for problems found by Coverity in the nuttx repository:

    net/socket/recvfrom.c: Check fromlen integrity before using it.

    net/socket/net_sockets.c: Always check for valid psock before using.

    net/tcp/tcp_send_unbuffered.c:  Avoid using psock beforing checking its integrity.

    sched/timer/timer_create.c: Fix watchdog resource leak if cannot allocate a new timer.
---
 net/socket/net_sockets.c      | 6 ++----
 net/socket/recvfrom.c         | 2 +-
 net/tcp/tcp_send_unbuffered.c | 2 +-
 sched/timer/timer_create.c    | 3 ++-
 4 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/net/socket/net_sockets.c b/net/socket/net_sockets.c
index fbf38ed548..a614af3bdc 100644
--- a/net/socket/net_sockets.c
+++ b/net/socket/net_sockets.c
@@ -205,9 +205,7 @@ int sockfd_allocate(int minsd)
 
 void sock_release(FAR struct socket *psock)
 {
-#ifdef CONFIG_DEBUG_FEATURES
-  if (psock)
-#endif
+  if (psock != NULL)
     {
       /* Take the list semaphore so that there will be no accesses
        * to this socket structure.
@@ -221,7 +219,7 @@ void sock_release(FAR struct socket *psock)
            */
 
           _net_semtake(list);
-          if (psock && psock->s_crefs > 1)
+          if (psock->s_crefs > 1)
             {
               psock->s_crefs--;
             }
diff --git a/net/socket/recvfrom.c b/net/socket/recvfrom.c
index 9bf0d706b5..3f86ce33a2 100644
--- a/net/socket/recvfrom.c
+++ b/net/socket/recvfrom.c
@@ -128,7 +128,7 @@ ssize_t psock_recvfrom(FAR struct socket *psock, FAR void *buf, size_t len,
     }
 #endif
 
-  if (from != NULL && fromlen <= 0)
+  if (from != NULL && fromlen != NULL && *fromlen <= 0)
     {
       errcode = EINVAL;
       goto errout;
diff --git a/net/tcp/tcp_send_unbuffered.c b/net/tcp/tcp_send_unbuffered.c
index 5464c0e107..e9d687c75a 100644
--- a/net/tcp/tcp_send_unbuffered.c
+++ b/net/tcp/tcp_send_unbuffered.c
@@ -712,7 +712,7 @@ static inline void send_txnotify(FAR struct socket *psock,
 ssize_t psock_tcp_send(FAR struct socket *psock,
                        FAR const void *buf, size_t len)
 {
-  FAR struct tcp_conn_s *conn = (FAR struct tcp_conn_s *)psock->s_conn;
+  FAR struct tcp_conn_s *conn;
   struct send_s state;
   int errcode;
   int ret = OK;
diff --git a/sched/timer/timer_create.c b/sched/timer/timer_create.c
index cff93c0a4b..e6c775093d 100644
--- a/sched/timer/timer_create.c
+++ b/sched/timer/timer_create.c
@@ -1,7 +1,7 @@
 /****************************************************************************
  * sched/timer/timer_create.c
  *
- *   Copyright (C) 2007-2009, 2011, 2014-2016 Gregory Nutt. All rights reserved.
+ *   Copyright (C) 2007-2009, 2011, 2014-2017 Gregory Nutt. All rights reserved.
  *   Author: Gregory Nutt <gnutt@nuttx.org>
  *
  * Redistribution and use in source and binary forms, with or without
@@ -193,6 +193,7 @@ int timer_create(clockid_t clockid, FAR struct sigevent *evp,
   ret = timer_allocate();
   if (!ret)
     {
+      wd_delete(wdog);
       set_errno(EAGAIN);
       return ERROR;
     }