Modify recorded_date conversion for data overflow

 - PROBLEM
 64byte array will make data overflow when p(tag) is over 64 byte.

[version] 0.2.83
[solution] Remove fixed size array and replace it to memory allocation

Change-Id: I8d7f3b5b496abaf822dad7df15d10c7473a9d4c1
Signed-off-by: Jiyong Min <jiyong.min@samsung.com>

diff --git a/packaging/libmedia-service.spec b/packaging/libmedia-service.spec
index c2d1c66..8d209fa 100644 (file)
--- a/packaging/libmedia-service.spec
+++ b/packaging/libmedia-service.spec
@@ -1,6 +1,6 @@
 Name:       libmedia-service
 Summary:    Media information service library for multimedia applications
-Version: 0.2.82
+Version: 0.2.83
 Release:    0
 Group:      Multimedia/Libraries
 License:    Apache-2.0 and public domain

diff --git a/src/common/media-svc-util.c b/src/common/media-svc-util.c
index 60642a9..b448539 100755 (executable)
--- a/src/common/media-svc-util.c
+++ b/src/common/media-svc-util.c
@@ -1991,23 +1991,25 @@ int _media_svc_extract_media_metadata(sqlite3 *handle, media_svc_content_info_s
                if ((mmf_error == FILEINFO_ERROR_NONE) && (size > 0)) {
                        if (content_info->media_type == MEDIA_SVC_MEDIA_TYPE_VIDEO) {
                                /*Creation time format is 2013-01-01 00:00:00. change it to 2013:01:01 00:00:00 like exif time format*/
-                               char time_info[64] = {0, };
-                               char p_value[64] = {0, };
-                               int idx = 0;
-                               memset(time_info, 0x00, sizeof(time_info));
-                               memset(p_value, 0x00, sizeof(p_value));
-                               strncpy(p_value, p, size);
-                               for (idx = 0; idx < size; idx++) {
-                                       if (p_value[idx] == '-') {
-                                               time_info[idx] = ':';
-                                       } else if (p_value[idx] != '\0') {
-                                               time_info[idx] = p_value[idx];
-                                       } else {
-                                               media_svc_error("strcpy error");
-                                               break;
+                               char *time_info = (char*)calloc(1, (size + 1));
+                               char *p_value = p;
+                               char *time_value = time_info;
+                               if (time_info != NULL) {
+                                       while(*p_value != '\0') {
+                                               if (*p_value == '-')
+                                                       *time_value = ':';
+                                               else
+                                                       *time_value = *p_value;
+                                               time_value++;
+                                               p_value++;
                                        }
+                                       *time_value = '\0';
+                                       ret = __media_svc_malloc_and_strncpy(&content_info->media_meta.recorded_date, time_info);
+                                       SAFE_FREE(time_info);
+                               } else {
+                                       media_svc_error("memory allocation error");
+                                       ret = MS_MEDIA_ERR_OUT_OF_MEMORY;
                                }
-                               ret = __media_svc_malloc_and_strncpy(&content_info->media_meta.recorded_date, time_info);
                        } else {
                                ret = __media_svc_malloc_and_strncpy(&content_info->media_meta.recorded_date, p);
                        }