[base-utils][i18ninfo] Overflow bug fixed.

Change-Id: I7dfd767da7c51653ef98c78a2bba4980eb9d86bd
Signed-off-by: Tomasz Bocheński <t.bochenski@partner.samsung.com>

diff --git a/i18ninfo/i18ninfo.cpp b/i18ninfo/i18ninfo.cpp
index f51f57b..bfd0d35 100644 (file)
--- a/i18ninfo/i18ninfo.cpp
+++ b/i18ninfo/i18ninfo.cpp
@@ -1133,7 +1133,7 @@ i18n_uchar *_convert_unicode_numeric_values(const i18n_uchar *input, int32_t len
 {
        if (length <= 0)
                return NULL;
-       int32_t output_length = 0;
+       int32_t output_length = 1;
 
        double *values = (double *) malloc(length * sizeof(double));
        int max_value_length = 0;
@@ -1159,8 +1159,12 @@ i18n_uchar *_convert_unicode_numeric_values(const i18n_uchar *input, int32_t len
        if (!INT_ADD_RANGE_OVERFLOW(max_value_length, 1))
                max_value_length += 1;
 
-       i18n_uchar *output = (i18n_uchar *) malloc((output_length + 1) * sizeof(input[0]));
-       i18n_ustring_mem_set(output, '\0', output_length + 1);
+       i18n_uchar *output = (i18n_uchar *) calloc(output_length, sizeof(input[0]));
+       if (output == NULL) {
+               free(values);
+               return NULL;
+       }
+       i18n_ustring_mem_set(output, '\0', output_length);
        char *tmp = (char *) malloc((max_value_length) * sizeof(input[0]));
        i18n_uchar *c = (i18n_uchar *) malloc((max_value_length) * sizeof(input[0]));
 
@@ -1172,7 +1176,6 @@ i18n_uchar *_convert_unicode_numeric_values(const i18n_uchar *input, int32_t len
                        if (NULL == tmp) {
                                free(values);
                                free(c);
-                               free(tmp);
                                free(output);
                                return NULL;
                        }
@@ -1204,13 +1207,17 @@ static int __convert_number(char *custom_number)
                printf(" Input number : %s\n", input_number);
                number_to_convert =
                    (i18n_uchar *) malloc(sizeof(i18n_uchar) * (strlen(input_number) + 1));
-               if (NULL == number_to_convert) {
-                       free(number_to_convert);
+               if (NULL == number_to_convert)
                        return I18N_ERROR_OUT_OF_MEMORY;
-               }
+
                i18n_ustring_copy_ua_n(number_to_convert, input_number, BUF_SIZE);
 
                i18n_uchar *str = _convert_unicode_numeric_values(number_to_convert, i18n_ustring_get_length(number_to_convert));
+               if (NULL == str) {
+                       printf("\nError: Out of memory.\n");
+                       free(number_to_convert);
+                       return 0;
+               }
                char p_string[BUF_SIZE];
                i18n_ustring_copy_au_n(p_string, str, BUF_SIZE);
                printf(" Convert number : %s\n", p_string);
@@ -1225,6 +1232,11 @@ static int __convert_number(char *custom_number)
                i18n_ustring_copy_ua(number_to_convert, input_number);
 
                i18n_uchar *str = _convert_unicode_numeric_values(number_to_convert, i18n_ustring_get_length(number_to_convert));
+               if (NULL == str) {
+                       printf("\nError: Out of memory.\n");
+                       free(number_to_convert);
+                       return 0;
+               }
                char p_string[BUF_SIZE];
                i18n_ustring_copy_au_n(p_string, str, BUF_SIZE);
                printf(" Convert number : %s\n", p_string);