Fix use after free

[platform/core/appfw/widget-service.git] / src / widget_service.c

diff --git a/src/widget_service.c b/src/widget_service.c
index bb69d15..d055538 100644 (file)
--- a/src/widget_service.c
+++ b/src/widget_service.c
@@ -309,27 +309,28 @@ static int __change_own(uid_t uid, const char *path)
        return WIDGET_ERROR_NONE;
 }
 
-static int _recover_db(sqlite3 *db, const char *path, uid_t uid, bool is_init)
+static int _recover_db(const char *path, uid_t uid, bool is_init)
 {
+       sqlite3 *db;
        int ret;
        char *errmsg = NULL;
 
        _I("DB recovery process start");
-       if (db)
-               sqlite3_close(db);
-       unlink(path);
+       if (access(path, F_OK) == 0)
+               unlink(path);
 
        ret = sqlite3_open_v2(path, &db,
                        SQLITE_OPEN_CREATE | SQLITE_OPEN_READWRITE,
                        NULL);
        if (ret != SQLITE_OK) {
                _E("Failed to open db[%d]", ret);
+               sqlite3_close_v2(db);
                unlink(path);
                return WIDGET_ERROR_FAULT;
        }
 
        ret = sqlite3_exec(db, CREATE_WIDGET_TABLE, NULL, NULL, &errmsg);
-       sqlite3_close(db);
+       sqlite3_close_v2(db);
        if (ret != SQLITE_OK) {
                _E("Failed to exec query[%d][%s]", ret, errmsg);
                sqlite3_free(errmsg);
@@ -356,8 +357,7 @@ static int _integrity_check(sqlite3 *db)
                               _check_integrity_cb, NULL, &errmsg);
        if (ret != SQLITE_OK || _is_corrupted) {
                _E("Failed to exec query[%d][%s]", ret, errmsg);
-               if (errmsg)
-                       sqlite3_free(errmsg);
+               sqlite3_free(errmsg);
                return WIDGET_ERROR_FAULT;
        }
 
@@ -378,7 +378,6 @@ static int _check_table_exist(sqlite3 *db)
        if (ret != SQLITE_OK) {
                /* LCOV_EXCL_START */
                _E("prepare error: %s", sqlite3_errmsg(db));
-               sqlite3_close_v2(db);
                return WIDGET_ERROR_FAULT;
                /* LCOV_EXCL_STOP */
        }
@@ -394,7 +393,6 @@ static int _check_table_exist(sqlite3 *db)
        sqlite3_finalize(stmt);
        if (idx != WIDGET_TBL_COUNT) {
                _E("wrong table count");
-               sqlite3_close_v2(db);
                return WIDGET_ERROR_FAULT;
        }
 
@@ -417,25 +415,23 @@ static int _check_db_integrity(uid_t uid, bool is_init)
        ret = sqlite3_open_v2(path, &db, SQLITE_OPEN_READONLY, NULL);
        if (ret != SQLITE_OK) {
                /* LCOV_EXCL_START */
-               ret = _recover_db(db, path, uid, is_init);
-               return ret;
+               sqlite3_close_v2(db);
+               return _recover_db(path, uid, is_init);
                /* LCOV_EXCL_STOP */
        }
 
        /* check integrity */
        ret = _integrity_check(db);
        if (ret != WIDGET_ERROR_NONE) {
-               ret = _recover_db(db, path, uid, is_init);
-               return ret;
+               sqlite3_close_v2(db);
+               return _recover_db(path, uid, is_init);
        }
 
        /* check table exist */
        ret = _check_table_exist(db);
-       if (ret != WIDGET_ERROR_NONE) {
-               ret = _recover_db(db, path, uid, is_init);
-               return ret;
-       }
-       sqlite3_close(db);
+       sqlite3_close_v2(db);
+       if (ret != WIDGET_ERROR_NONE)
+               return _recover_db(path, uid, is_init);
 
        return WIDGET_ERROR_NONE;
 }