Fix static analysis issue

This patch fixes the following cases:
 - Resource leak
 - Unchecked return value from library
 - Logically dead code
 - Unused value
 - Explicit null dereferenced
 - Double close
 - Dereference before null check
 - Out-of-bounds access
 - Integer overflowed argument

Change-Id: Ic66241d312f15dc4f0dfba3b363e9bc57dd841ad
Signed-off-by: Hwankyu Jhun <h.jhun@samsung.com>

diff --git a/include/aul_sock.h b/include/aul_sock.h
index d02c2a1..c107471 100644 (file)
--- a/include/aul_sock.h
+++ b/include/aul_sock.h
@@ -85,7 +85,7 @@ int aul_sock_create_launchpad_client(const char *pad_type, uid_t uid);
 /*
  * This API is only for Appfw internally.
  */
-int aul_sock_recv_reply_sock_fd(int fd, int *ret_fd, int num_of_ret_fd);
+int aul_sock_recv_reply_sock_fd(int fd, int (*ret_fd)[2], int num_of_ret_fd);
 
 /*
  * This API is only for Appfw internally.

diff --git a/include/aul_util.h b/include/aul_util.h
index c3e86b6..174dbc0 100644 (file)
--- a/include/aul_util.h
+++ b/include/aul_util.h
@@ -35,6 +35,7 @@
 #define MAX_PID_STR_BUFSZ 20
 #define MAX_UID_STR_BUFSZ 20
 #define REGULAR_UID_MIN 5000
+#define MAX_RUNNING_INSTANCE 10000
 
 typedef enum {
        TIZEN_PROFILE_UNKNOWN = 0,

diff --git a/include/menu_db_util.h b/include/menu_db_util.h
index 383c948..722772f 100644 (file)
--- a/include/menu_db_util.h
+++ b/include/menu_db_util.h
@@ -189,12 +189,20 @@ static inline int __appinfo_func(const pkgmgrinfo_appinfo_h appinfo,
        ret = pkgmgrinfo_appinfo_get_exec(appinfo, &apppath);
        if (ret == PMINFO_R_OK && apppath) {
                menu_info->app_path = strdup(apppath);
-               ret = PMINFO_R_ERROR;
+               if (menu_info->app_path == NULL) {
+                       _E("Out of memory");
+                       return PMINFO_R_ERROR;
+               }
        }
 
        ret = pkgmgrinfo_appinfo_get_pkgid(appinfo, &pkgid);
-       if (ret == PMINFO_R_OK && pkgid)
+       if (ret == PMINFO_R_OK && pkgid) {
                menu_info->pkg_id = strdup(pkgid);
+               if (menu_info->pkg_id == NULL) {
+                       _E("Out of memory");
+                       return PMINFO_R_ERROR;
+               }
+       }
 
        return ret;
 }

diff --git a/src/aul_path.c b/src/aul_path.c
index 6955b4a..97786ee 100644 (file)
--- a/src/aul_path.c
+++ b/src/aul_path.c
@@ -73,10 +73,8 @@ static int __get_pkgid(char *pkgid, int len, const char *appid, uid_t uid)
 
        ret = pkgmgrinfo_appinfo_get_usr_appinfo(appid, uid, &appinfo);
        if (ret != PMINFO_R_OK) {
-               if (ret != PMINFO_R_OK) {
-                       _E("Failed to get app info. (ret:%d)", ret);
-                       return AUL_R_ENOAPP;
-               }
+               _E("Failed to get app info. (ret:%d)", ret);
+               return AUL_R_ENOAPP;
        }
 
        ret = pkgmgrinfo_appinfo_get_pkgid(appinfo, &_pkgid);
@@ -175,7 +173,7 @@ static int __get_path_from_db(char **path, const char *appid, const char *dir_na
 
        root_path = aul_get_preinit_root_path();
        if (appid == NULL && root_path) {
-               len = root_path ? strlen(root_path) : 0;
+               len = strlen(root_path);
                snprintf(buf, sizeof(buf), "%s%s%s", root_path,
                        root_path[len - 1] == '/' ?  "" : "/",
                        dir_name ? dir_name : "");

diff --git a/src/aul_rsc_mgr_internal.c b/src/aul_rsc_mgr_internal.c
index 7a3b8a7..df33952 100644 (file)
--- a/src/aul_rsc_mgr_internal.c
+++ b/src/aul_rsc_mgr_internal.c
@@ -138,6 +138,7 @@ static int __parse_group(xmlNode *xml_node, GList **groups)
        group = calloc(1, sizeof(resource_group_t));
        if (group == NULL) {
                LOGE("Out of memory");
+               free(type);
                return -1;
        }
 

diff --git a/src/aul_sock.c b/src/aul_sock.c
index 367cd5a..ee90504 100644 (file)
--- a/src/aul_sock.c
+++ b/src/aul_sock.c
@@ -102,6 +102,7 @@ API struct timeval aul_sock_get_rcv_timeval(void)
 API int aul_sock_set_sock_option(int fd, int cli)
 {
        int size;
+       int r;
 
        size = AUL_SOCK_MAXBUFF;
        setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &size, sizeof(size));
@@ -110,7 +111,9 @@ API int aul_sock_set_sock_option(int fd, int cli)
        if (cli) {
                if (TIZEN_FEATURE_SOCKET_TIMEOUT && !socket_timeout_initialized)
                        __init_socket_timeout();
-               setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv));
+               r = setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv));
+               if (r < 0)
+                       return r;
        }
 
        return 0;
@@ -347,12 +350,12 @@ static int __connect_client_sock(int fd, const struct sockaddr *saptr, socklen_t
        return -1;      /* select error: sockfd not set*/
 
 done:
-       fcntl(fd, F_SETFL, flags);
-       if (error) {
+       ret = fcntl(fd, F_SETFL, flags);
+       if (ret < 0) {
                close(fd);
-               errno = error;
-               return -1;
+               return ret;
        }
+
        return 0;
 }
 
@@ -402,7 +405,8 @@ API int aul_sock_send_raw_with_fd(int fd, int cmd, unsigned char *kb_data, int d
 
        res = __send_raw_async_with_fd(fd, cmd, kb_data, datalen, opt);
        if (res < 0 || opt & AUL_SOCK_NOREPLY) {
-               close(fd);
+               if (!(opt & AUL_SOCK_ASYNC))
+                       close(fd);
                return res;
        }
 
@@ -716,7 +720,7 @@ static int __recv_message(int sock, struct iovec *vec, int vec_max_size, int *ve
        return 0;
 }
 
-int aul_sock_recv_reply_sock_fd(int fd, int *ret_fd, int fd_size)
+int aul_sock_recv_reply_sock_fd(int fd, int (*ret_fd)[2], int fd_size)
 {
        int fds[2] = {0,};
        char recv_buff[1024];
@@ -735,10 +739,10 @@ int aul_sock_recv_reply_sock_fd(int fd, int *ret_fd, int fd_size)
 
                ret = -ECOMM;
        } else if ((fds_len == fd_size) && (fds_len == 2)) {
-               ret_fd[0] = fds[0];
-               ret_fd[1] = fds[1];
+               (*ret_fd)[0] = fds[0];
+               (*ret_fd)[1] = fds[1];
        } else if ((fds_len == fd_size) && (fds_len == 1)) {
-               ret_fd[0] = fds[0];
+               (*ret_fd)[0] = fds[0];
        } else {
                _E("wrong number of FD recevied. Expected:%d Actual:%d", fd_size, fds_len);
                ret = -ECOMM;
@@ -858,7 +862,8 @@ int aul_sock_recv_pkt_with_cb(int fd,
                _E("recv error - %d", ret);
                close(fd);
                return -ECOMM;
-       } else if (count <= 0 || recv_size != sizeof(int)) {
+       } else if (count <= 0 || count > MAX_RUNNING_INSTANCE ||
+                       recv_size != sizeof(int)) {
                _E("error - count: %d, recv_size: %d",
                                count, recv_size);
                close(fd);

diff --git a/src/aul_window.c b/src/aul_window.c
index f809b22..5181130 100644 (file)
--- a/src/aul_window.c
+++ b/src/aul_window.c
@@ -110,7 +110,7 @@ API int aul_window_stack_get(aul_window_stack_h *handle)
        }
 
        g_variant_get(body, "(a(uiiiibibiiii))", &iter);
-       while (g_variant_iter_loop(iter, "(uiiiibibiiii)",
+       while (iter && g_variant_iter_loop(iter, "(uiiiibibiiii)",
                        &wi->gid,
                        &wi->x,
                        &wi->y,

diff --git a/src/launch.c b/src/launch.c
index f8317d8..867f8cc 100755 (executable)
--- a/src/launch.c
+++ b/src/launch.c
@@ -374,7 +374,7 @@ static int __send_result_to_launchpad(int fd, int res)
 static int widget_get_content(int clifd, bundle *kb)
 {
        int ret;
-       int fd = 0;
+       int fd[2] = { 0, };
        char *widget_id = NULL;
        char *instance_id = NULL;
        char *content_info = NULL;
@@ -389,7 +389,7 @@ static int widget_get_content(int clifd, bundle *kb)
        }
 
        if (!widget_id || !instance_id) {
-               aul_sock_send_raw_with_fd(fd, -EINVAL, 0, 0, AUL_SOCK_NOREPLY);
+               aul_sock_send_raw_with_fd(fd[0], -EINVAL, 0, 0, AUL_SOCK_NOREPLY);
                return 0;
        }
 
@@ -397,16 +397,16 @@ static int widget_get_content(int clifd, bundle *kb)
 
        bundle_get_str(kb, AUL_K_WIDGET_CONTENT_INFO, &content_info);
        if (content_info) {
-               ret = aul_sock_send_raw_with_fd(fd, 0,
+               ret = aul_sock_send_raw_with_fd(fd[0], 0,
                                (unsigned char *)content_info,
                                strlen(content_info) + 1, AUL_SOCK_NOREPLY);
        } else {
-               ret = aul_sock_send_raw_with_fd(fd, -ENOENT,
+               ret = aul_sock_send_raw_with_fd(fd[0], -ENOENT,
                                NULL, 0, AUL_SOCK_NOREPLY);
        }
 
        if (ret < 0)
-               _E("failed to send content %d (%d)", fd, ret);
+               _E("failed to send content %d (%d)", fd[0], ret);
 
        return ret;
 }
@@ -430,13 +430,15 @@ int aul_sock_handler(int fd)
                return -1;
        }
 
-       if (pkt->opt & AUL_SOCK_NOREPLY) {
-               close(clifd);
-       } else if (pkt->cmd != WIDGET_GET_CONTENT) {
-               ret = __send_result_to_launchpad(clifd, 0);
-               if (ret < 0) {
-                       free(pkt);
-                       return -1;
+       if (pkt->cmd != WIDGET_GET_CONTENT) {
+               if (pkt->opt & AUL_SOCK_NOREPLY) {
+                       close(clifd);
+               } else {
+                       ret = __send_result_to_launchpad(clifd, 0);
+                       if (ret < 0) {
+                               free(pkt);
+                               return -1;
+                       }
                }
        }
 
@@ -606,7 +608,7 @@ API int aul_request_data_control_socket_pair(bundle *kb, int *fd)
        bundle *b = kb;
        int ret;
        int clifd;
-       int fds[1] = {0};
+       int fds[2] = { 0, };
 
        if (!fd)
                return AUL_R_EINVAL;
@@ -634,7 +636,7 @@ API int aul_request_data_control_socket_pair(bundle *kb, int *fd)
                        return ret;
                }
 
-               ret = aul_sock_recv_reply_sock_fd(clifd, fds, 1);
+               ret = aul_sock_recv_reply_sock_fd(clifd, &fds, 1);
                if (ret == 0)
                        fd[0] = fds[0];
        } else {
@@ -655,7 +657,7 @@ API int aul_request_message_port_socket_pair(int *fd)
        ret = aul_sock_send_raw(AUL_UTIL_PID, getuid(),
                        APP_GET_MP_SOCKET_PAIR, NULL, 0, AUL_SOCK_ASYNC);
        if (ret > 0) {
-               ret = aul_sock_recv_reply_sock_fd(ret, fds, 2);
+               ret = aul_sock_recv_reply_sock_fd(ret, &fds, 2);
                if (ret == 0) {
                        fd[0] = fds[0];
                        fd[1] = fds[1];

diff --git a/src/service.c b/src/service.c
index 08533c8..fafc332 100755 (executable)
--- a/src/service.c
+++ b/src/service.c
@@ -520,11 +520,13 @@ static char* __make_query_with_collation(char *op, char *uri, char *mime, char *
 
        query = _svc_db_query_builder_add(query, op, uri, mime, true);
 
-       if ((strncmp(mime, "NULL", 4) != 0) && (strncmp(s_type, "%", 1) != 0)) {
+       if (mime && (strncmp(mime, "NULL", 4) != 0) &&
+                       s_type && (strncmp(s_type, "%", 1) != 0)) {
                snprintf(tmp, MAX_MIME_STR_SIZE - 1, "%s/*", m_type);
                query = _svc_db_query_builder_add(query, op, uri, tmp, true);
        }
-       if ((strncmp(mime, "NULL", 4) != 0) && (strncmp(m_type, "%", 1) != 0)) {
+       if (mime && (strncmp(mime, "NULL", 4) != 0) &&
+                       s_type && (strncmp(m_type, "%", 1) != 0)) {
                snprintf(tmp, MAX_MIME_STR_SIZE - 1, "*/*");
                query = _svc_db_query_builder_add(query, op, uri, tmp, true);
        }
@@ -1084,7 +1086,7 @@ static int __run_service(bundle *b, int request_code,
                info.mime, info.m_type, info.s_type);
 
        if (info.scheme && (strcmp(info.scheme, "file") == 0)
-               && info.mime && (strcmp(info.mime, "NULL") != 0)) {
+                       && info.mime && (strcmp(info.mime, "NULL") != 0)) {
                query = __make_query(query, info.op, "NULL",
                        info.mime, info.m_type, info.s_type);
        }

diff --git a/src/service_db.c b/src/service_db.c
index 6e08487..5538fbd 100755 (executable)
--- a/src/service_db.c
+++ b/src/service_db.c
@@ -149,7 +149,14 @@ static int __collate_appsvc(void *ucol, int str1_len, const void *str1,
                return -1;
 
        dup_str1 = strdup(str1);
+       if (dup_str1 == NULL)
+               return -1;
+
        dup_str2 = strdup(str2);
+       if (dup_str2 == NULL) {
+               free(dup_str1);
+               return -1;
+       }
 
        in_op = strtok_r(dup_str2, "|", &saveptr1);
        in_uri = strtok_r(NULL, "|", &saveptr1);

diff --git a/src/widget.c b/src/widget.c
index 95d33f0..5c98eb8 100644 (file)
--- a/src/widget.c
+++ b/src/widget.c
@@ -162,6 +162,7 @@ API int aul_widget_instance_foreach(const char *widget_id,
                                cb_data.cb = cb;
                                cb_data.data = data;
                                bundle_foreach(list_kb, __foreach_cb, &cb_data);
+                               bundle_free(list_kb);
                        }
                }
        } else {
@@ -218,7 +219,7 @@ API int aul_widget_instance_get_content(const char *widget_id,
 {
        int ret;
        bundle *kb;
-       int fd = 0;
+       int fd[2] = { 0, };
        app_pkt_t *pkt = NULL;
 
        if (widget_id == NULL || instance_id == NULL || content == NULL)
@@ -239,7 +240,7 @@ API int aul_widget_instance_get_content(const char *widget_id,
        if (ret > 0) {
                ret = aul_sock_recv_reply_sock_fd(ret, &fd, 1);
                if (ret == 0) {
-                       ret = aul_sock_recv_reply_pkt(fd, &pkt);
+                       ret = aul_sock_recv_reply_pkt(fd[0], &pkt);
                        if (ret == 0 && pkt && pkt->cmd == 0) {
                                *content = strdup((const char *)pkt->data);
                                _D("recieved content: %s", *content);

diff --git a/tool/app_launcher.c b/tool/app_launcher.c
index bfadcda..ad2e7b2 100644 (file)
--- a/tool/app_launcher.c
+++ b/tool/app_launcher.c
@@ -503,8 +503,8 @@ static int __set_appinfo_for_launchpad(bundle *kb, const char *appid, uid_t uid)
        if (ret != PMINFO_R_OK)
                goto end;
 
-       if (!component_type || (!strcmp(component_type, APP_TYPE_SERVICE) &&
-                               !strcmp(component_type, APP_TYPE_UI))) {
+       if (!component_type || (strcmp(component_type, APP_TYPE_SERVICE) != 0 &&
+                               strcmp(component_type, APP_TYPE_UI) != 0)) {
                ret = -1;
                goto end;
        }