cov-test: Fixing High and medium level issues[DONOT MERGE]

[Sid2001-maker]

RDKEMW-12252: Coverity Scan Report - Analyzing and Fixing all the Critical and High issues

Reason for change: Resolve Critical and high level issues in coverity
Test Procedure: build should be successful
Risk: low
Priority: P2

[rdkcmf-jenkins]

b'## Blackduck scan failure details

Summary: 0 violations, 0 files pending approval, 1 file pending identification.

• Protex Server Path: /home/blackduck/github/rdkNativeScript/106/rdkcentral/rdkNativeScript

• Commit: de5ed8d

Report detail: gist'

[Copilot]

Pull request overview

This pull request addresses Coverity scan issues by fixing critical and high-level defects in the codebase. The changes focus on improving error handling, resource management, input validation, and fixing potential crashes.

Changes:

• Added exception handling wrappers in main functions across multiple files
• Fixed curl_easy_setopt error handling with proper return values after cleanup
• Added input validation for untrusted Wayland display names to prevent injection attacks
• Fixed memory leaks and null pointer checks, improved mutex handling

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 14 comments.

Show a summary per file

File	Description
src/jsruntime.cpp	Added try-catch exception handlers, input validation for Wayland display, removed unnecessary null check for shared_ptr
src/jsc/jsc_lib/jsc_lib.cpp	Fixed curl error handling, improved exception reporting, optimized path separator check
src/jsc/JavaScriptUtils.cpp	Fixed mutex unlock to use lock guard, added stat/fread error handling, fixed memory leaks in metrics function
src/jsc/JavaScriptEngine.cpp	Fixed format specifier from %d to %f for double value
src/jsc/JavaScriptContext.cpp	Added null check for gAAMPJSBindings, added destructor cleanup for mNetworkMetricsData
src/NativeJSRenderer.cpp	Fixed curl error handling, removed premature mutex unlock, fixed string format specifier, removed uninitialized variable usage in one location but introduced it in another
src/JSRuntimeServer.cpp	Initialized res variable to 0 in error case
src/JSRuntimeClient.cpp	Added exception handlers, improved wait_for with predicate
src/JSRuntimeClientContainer.cpp	Added exception handling in main function
include/IJavaScriptContext.h	Added virtual destructor to interface class

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The comment "//change added" is unclear and unnecessary. Comments should explain why code exists, not document when it was added (that's what version control is for).

Suggested change

	virtual ~IJavaScriptContext() = default; //change added
	virtual ~IJavaScriptContext() = default;

[Copilot]

Missing newline character in the log message format string. The message should end with \n for proper logging output formatting.

[Copilot]

Missing newline character in the log message format string. The message should end with \n for proper logging output formatting.

[Copilot]

After curl_easy_cleanup is called on error, the function continues executing with the same curl handle which is now invalid. After each error case with curl_easy_cleanup, the function should return immediately to avoid using the freed handle.

Suggested change

	}
	res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2);
	if (res != CURLE_OK) {
	NativeJSLogger::log(ERROR, "Failed to set CURLOPT_SSL_VERIFYHOST: %s\n", curl_easy_strerror(res));
	curl_easy_cleanup(curl);
	}
	res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, true);
	if (res != CURLE_OK) {
	NativeJSLogger::log(ERROR, "Failed to set CURLOPT_SSL_VERIFYPEER: %s\n", curl_easy_strerror(res));
	curl_easy_cleanup(curl);
	}
	res = curl_easy_setopt(curl, CURLOPT_USERAGENT, "libcurl-agent/1.0");
	if (res != CURLE_OK) {
	NativeJSLogger::log(ERROR, "Failed to set CURLOPT_USERAGENT: %s\n", curl_easy_strerror(res));
	curl_easy_cleanup(curl);
	}
	res = curl_easy_setopt(curl, CURLOPT_PROXY, "");
	if (res != CURLE_OK) {
	NativeJSLogger::log(ERROR, "Failed to set CURLOPT_PROXY: %s\n", curl_easy_strerror(res));
	curl_easy_cleanup(curl);
	return ret;
	}
	res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2);
	if (res != CURLE_OK) {
	NativeJSLogger::log(ERROR, "Failed to set CURLOPT_SSL_VERIFYHOST: %s\n", curl_easy_strerror(res));
	curl_easy_cleanup(curl);
	return ret;
	}
	res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, true);
	if (res != CURLE_OK) {
	NativeJSLogger::log(ERROR, "Failed to set CURLOPT_SSL_VERIFYPEER: %s\n", curl_easy_strerror(res));
	curl_easy_cleanup(curl);
	return ret;
	}
	res = curl_easy_setopt(curl, CURLOPT_USERAGENT, "libcurl-agent/1.0");
	if (res != CURLE_OK) {
	NativeJSLogger::log(ERROR, "Failed to set CURLOPT_USERAGENT: %s\n", curl_easy_strerror(res));
	curl_easy_cleanup(curl);
	return ret;
	}
	res = curl_easy_setopt(curl, CURLOPT_PROXY, "");
	if (res != CURLE_OK) {
	NativeJSLogger::log(ERROR, "Failed to set CURLOPT_PROXY: %s\n", curl_easy_strerror(res));
	curl_easy_cleanup(curl);
	return ret;

[Copilot]

After curl_easy_cleanup is called on error, the function continues executing with the same curl handle which is now invalid. After each error case with curl_easy_cleanup, the function should return immediately to avoid using the freed handle.

[Copilot]

Missing newline character in the log message format string. The message should end with \n for proper logging output formatting.

[Copilot]

The variable 'id' is declared but not initialized before being passed to ApplicationRequest constructor. This will result in undefined behavior as the uninitialized value is used to construct the ApplicationRequest object and subsequently used in createApplicationInternal and runApplicationInternal calls.

Suggested change

	uint32_t id;
	uint32_t id = 0;

[Copilot]

This code attempts to access mContextMap[id] in the else branch when the id was not found in the map (mapEntry == mContextMap.end()). This will either create a new invalid entry in the map or access uninitialized memory, potentially causing a crash or undefined behavior.

Suggested change

	NativeJSLogger::log(ERROR, "Unable to find application with id: %d and url: %s\n", id, mContextMap[id].url.c_str());
	NativeJSLogger::log(ERROR, "Unable to find application with id: %d\n", id);

[Copilot]

The comment "//newly added" is unnecessary and should be removed. Comments should explain why code exists, not document when it was added (that's what version control is for).

[Copilot]

The comment "//newly added" is unnecessary and should be removed. Comments should explain why code exists, not document when it was added (that's what version control is for).