Fix buffer overflow

Change-Id: If34d0fe69ddaed84560cf95cdfafb523ea7f6f7a
Signed-off-by: Hyunbin Lee <hyunbin.lee@samsung.com>

diff --git a/src/io/FIo_DirEnumeratorImpl.cpp b/src/io/FIo_DirEnumeratorImpl.cpp
index 78b30a2..771bc6c 100644 (file)
--- a/src/io/FIo_DirEnumeratorImpl.cpp
+++ b/src/io/FIo_DirEnumeratorImpl.cpp
@@ -142,15 +142,19 @@ _DirEnumeratorImpl::MoveNext(void)
                        "Failed to the next directory entry. parent: %s, errno: %d (%s)", pDirPath.get(), errno, strerror(errno));
        SysTryReturnResult(NID_IO, pDirEnt != null, E_END_OF_FILE, "End of directory entries");
 
-       char entryPath[PATH_MAX] = { 0, };
-       strcpy(entryPath, pDirPath.get());
-       strncat(entryPath, "/", 1);
-       strncat(entryPath, pDirEnt->d_name, strlen(pDirEnt->d_name));
+       size_t len = strlen(pDirPath.get()) + strlen(pDirEnt->d_name) + 2;
+       unique_ptr<char[]> pEntryPath(new (std::nothrow) char[len]);
+       SysTryReturnResult(NID_IO, pEntryPath != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
+
+       memset(pEntryPath.get(), 0, len);
+       strcpy(pEntryPath.get(), pDirPath.get());
+       strncat(pEntryPath.get(), "/", 1);
+       strncat(pEntryPath.get(), pDirEnt->d_name, strlen(pDirEnt->d_name));
 
        struct stat64 statbuf;
-       int ret = stat64(entryPath, &statbuf);
+       int ret = stat64(pEntryPath.get(), &statbuf);
        SysSecureTryReturnResult(NID_IO, ret == 0, __ConvertNativeErrorToResult(errno),
-                       "Failed to get attributes for directory entry (%s), errno: %d (%s)", entryPath, errno, strerror(errno));
+                       "Failed to get attributes for directory entry (%s), errno: %d (%s)", pEntryPath.get(), errno, strerror(errno));
 
        struct tm* pTm = localtime(&statbuf.st_mtime);
        SysTryReturnResult(NID_IO, pTm != null, E_SYSTEM, "Failed to call localtime() (%s).", strerror(errno));