Small fixes from static analysis:

- Potential NULL dereference in tsmf_ifman.c
- Check return value for our functions in tsmf_media.c and rdp.c
- Bad binary operator used in gcc.c
- Unreachable code in ntlm.c
- Bad free operation on SCOPE_LIST object in license.c

channels/drdynvc/tsmf/tsmf_ifman.c

@@ -128,7 +128,8 @@ int tsmf_ifman_on_new_presentation(TSMF_IFMAN* ifman)
 	presentation = tsmf_presentation_new(stream_get_tail(ifman->input), ifman->channel_callback);
 	if (presentation == NULL)
 		error = 1;
-	tsmf_presentation_set_audio_device(presentation, ifman->audio_name, ifman->audio_device);
+	else
+		tsmf_presentation_set_audio_device(presentation, ifman->audio_name, ifman->audio_device);
 	ifman->output_pending = true;
 	return error;
 }
@@ -389,9 +390,12 @@ int tsmf_ifman_on_end_of_stream(TSMF_IFMAN* ifman)
 	presentation = tsmf_presentation_find_by_id(stream_get_tail(ifman->input));
 	stream_seek(ifman->input, 16);
 	stream_read_uint32(ifman->input, StreamId);
-	stream = tsmf_stream_find_by_id(presentation, StreamId);
-	tsmf_stream_end(stream);
-
+	if (presentation)
+	{
+		stream = tsmf_stream_find_by_id(presentation, StreamId);
+		if (stream)
+			tsmf_stream_end(stream);
+	}
 	DEBUG_DVC("StreamId %d", StreamId);
 
 	stream_check_size(ifman->output, 16);

channels/drdynvc/tsmf/tsmf_media.c

@@ -448,6 +448,7 @@ static void tsmf_sample_playback(TSMF_SAMPLE* sample)
 			sample->pixfmt = pixfmt;
 		}
 
+		ret = false ;
 		if (stream->decoder->GetDecodedDimension)
 			ret = stream->decoder->GetDecodedDimension(stream->decoder, &width, &height);
 		if (ret && (width != stream->width || height != stream->height))

libfreerdp-core/gcc.c

@@ -1131,7 +1131,7 @@ boolean gcc_read_client_cluster_data(STREAM* s, rdpSettings* settings, uint16 bl
 
 	stream_read_uint32(s, flags); /* flags */
 
-	if ((flags | REDIRECTED_SESSIONID_FIELD_VALID))
+	if ((flags & REDIRECTED_SESSIONID_FIELD_VALID))
 		stream_read_uint32(s, settings->redirected_session_id); /* redirectedSessionID */
 
 	return true;

libfreerdp-core/license.c

@@ -579,11 +579,19 @@ void license_free_scope_list(SCOPE_LIST* scopeList)
 {
 	uint32 i;
 
+	/*
+	 * We must NOT call license_free_binary_blob() on each scopelist->array[i] element,
+	 * because scopelist->array was allocated at once, by a single call to xmalloc. The elements
+	 * it contains cannot be deallocated separately then.
+	 * To make things clean, we must deallocate each scopelist->array[].data,
+	 * and finish by deallocating scopelist->array with a single call to xfree().
+	 */
 	for (i = 0; i < scopeList->count; i++)
 	{
-		license_free_binary_blob(&scopeList->array[i]);
+		xfree(scopeList->array[i].data);
 	}
 
+	xfree(scopeList->array) ;
 	xfree(scopeList);
 }
 

libfreerdp-core/rdp.c

@@ -224,7 +224,8 @@ boolean rdp_read_header(rdpRdp* rdp, STREAM* s, uint16* length, uint16* channel_
 	enum DomainMCSPDU MCSPDU;
 
 	MCSPDU = (rdp->settings->server_mode) ? DomainMCSPDU_SendDataRequest : DomainMCSPDU_SendDataIndication;
-	mcs_read_domain_mcspdu_header(s, &MCSPDU, length);
+	if (!mcs_read_domain_mcspdu_header(s, &MCSPDU, length))
+		return false ;
 
 	if (*length - 8 > stream_get_left(s))
 		return false;

libwinpr-sspi/NTLM/ntlm.c

@@ -296,9 +296,6 @@ SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(PCredHandle phCredential, P
 	{
 		context->state = NTLM_STATE_NEGOTIATE;
 
-		if (!context)
-			return SEC_E_INVALID_HANDLE;
-
 		if (!pInput)
 			return SEC_E_INVALID_TOKEN;
 
@@ -338,9 +335,6 @@ SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(PCredHandle phCredential, P
 	}
 	else if (context->state == NTLM_STATE_AUTHENTICATE)
 	{
-		if (!context)
-			return SEC_E_INVALID_HANDLE;
-
 		if (!pInput)
 			return SEC_E_INVALID_TOKEN;
 
@@ -436,12 +430,6 @@ SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(PCredHandle phCredenti
 	}
 	else
 	{
-		if (!context)
-			return SEC_E_INVALID_HANDLE;
-
-		if (!pInput)
-			return SEC_E_INVALID_TOKEN;
-
 		if (pInput->cBuffers < 1)
 			return SEC_E_INVALID_TOKEN;