Try to fix issues reported by coverity

src/core/ipv6/ip6.c

@@ -1038,14 +1038,6 @@ netif_found:
   }
 
 options_done:
-  if (hlen_tot >= 0x8000) {
-    /* s16_t overflow */
-    LWIP_DEBUGF(IP6_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("ip6_input: header length overflow: %"U16_F"\n", hlen_tot));
-    pbuf_free(p);
-    IP6_STATS_INC(ip6.proterr);
-    IP6_STATS_INC(ip6.drop);
-    goto options_done;
-  }
 
   /* send to upper layers */
   LWIP_DEBUGF(IP6_DEBUG, ("ip6_input: \n"));
@@ -1056,7 +1048,7 @@ options_done:
   
 #if LWIP_RAW
   /* p points to IPv6 header again for raw_input. */
-  pbuf_header_force(p, (s16_t)hlen_tot);
+  pbuf_add_header_force(p, hlen_tot);
   /* raw input did not eat the packet? */
   raw_status = raw_input(p, inp);
   if (raw_status != RAW_INPUT_EATEN)
@@ -1097,7 +1089,7 @@ options_done:
         {
 #if LWIP_ICMP6
         /* p points to IPv6 header again for raw_input. */
-        pbuf_header_force(p, (s16_t)hlen_tot);
+        pbuf_add_header_force(p, hlen_tot);
         /* send ICMP parameter problem unless it was a multicast or ICMPv6 */
         if ((!ip6_addr_ismulticast(ip6_current_dest_addr())) &&
             (IP6H_NEXTH(ip6hdr) != IP6_NEXTH_ICMP6)) {

src/core/ipv6/ip6_addr.c

@@ -139,21 +139,19 @@ ip6addr_aton(const char *cp, ip6_addr_t *addr)
     else {
       addr->addr[addr_index] = current_block_value << 16;
     }
-  }
 
-  /* convert to network byte order. */
-  if (addr) {
+    /* convert to network byte order. */
     for (addr_index = 0; addr_index < 4; addr_index++) {
       addr->addr[addr_index] = lwip_htonl(addr->addr[addr_index]);
     }
+
+    ip6_addr_clear_zone(addr);
   }
 
   if (current_block_index != 7) {
     return 0;
   }
 
-  ip6_addr_clear_zone(addr);
-
   return 1;
 }
 

src/core/mem.c

@@ -104,9 +104,8 @@ mem_overflow_check_raw(void *p, size_t size, const char *descr1, const char *des
   m = (u8_t *)p + size;
   for (k = 0; k < MEM_SANITY_REGION_AFTER_ALIGNED; k++) {
     if (m[k] != 0xcd) {
-      char errstr[128] = "detected mem overflow in ";
-      strcat(errstr, descr1);
-      strcat(errstr, descr2);
+      char errstr[128];
+      snprintf(errstr, sizeof(errstr), "detected mem overflow in %s%s", descr1, descr2);
       LWIP_ASSERT(errstr, 0);
     }
   }
@@ -116,9 +115,8 @@ mem_overflow_check_raw(void *p, size_t size, const char *descr1, const char *des
   m = (u8_t *)p - MEM_SANITY_REGION_BEFORE_ALIGNED;
   for (k = 0; k < MEM_SANITY_REGION_BEFORE_ALIGNED; k++) {
     if (m[k] != 0xcd) {
-      char errstr[128] = "detected mem underflow in ";
-      strcat(errstr, descr1);
-      strcat(errstr, descr2);
+      char errstr[128];
+      snprintf(errstr, sizeof(errstr), "detected mem underflow in %s%s", descr1, descr2);
       LWIP_ASSERT(errstr, 0);
     }
   }

src/core/tcp_out.c

@@ -965,9 +965,7 @@ tcp_split_unsent_seg(struct tcp_pcb *pcb, u16_t split)
 memerr:
   TCP_STATS_INC(tcp.memerr);
 
-  if (seg != NULL) {
-    tcp_segs_free(seg);
-  }
+  LWIP_ASSERT("seg == NULL", seg == NULL);
   if (p != NULL) {
     pbuf_free(p);
   }