projects / sdk / emulator / qemu.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ee41232)
fix SVACE issue [2] 33/189633/1
authorRahul Dadhich <r.dadhich@samsung.com>
Tue, 18 Sep 2018 09:55:48 +0000 (15:25 +0530)
committerRahul Dadhich <r.dadhich@samsung.com>
Wed, 19 Sep 2018 09:33:43 +0000 (09:33 +0000)
Change-Id: Ia3f067e05199ee6529a286349a5fb15e11ce5088
Signed-off-by: Rahul Dadhich <r.dadhich@samsung.com>
(cherry picked from commit f976bff31d58f7965ca3e902c04c4d6e86660ef2)

tizen/src/ecs/ecs_sdcard.c patch | blob | history
tizen/src/ecs/ecs_sensor.c patch | blob | history
tizen/src/eventcast/sensor.c patch | blob | history
tizen/src/hw/virtio/maru_virtio_jack.c patch | blob | history
tizen/src/hw/virtio/maru_virtio_nfc.c patch | blob | history
tizen/src/hw/virtio/maru_virtio_power.c patch | blob | history
tizen/src/hw/virtio/maru_virtio_sensor.c patch | blob | history
tizen/src/util/extra_pkgs_install.c patch | blob | history
tizen/src/util/net_helper.c patch | blob | history
tizen/src/util/qt5_error_report.c patch | blob | history

diff --git a/tizen/src/ecs/ecs_sdcard.c b/tizen/src/ecs/ecs_sdcard.c
index 284138d..2c03c6f 100644 (file)
--- a/tizen/src/ecs/ecs_sdcard.c
+++ b/tizen/src/ecs/ecs_sdcard.c
@@ -128,11 +128,11 @@ static void send_sdcard_status(void)
                 dsize_buf);
 
         if (image_info->has_encrypted && image_info->encrypted) {
-            length += sprintf(data + length, "encrypted: yes\n");
+            length += snprintf(data + length, (sizeof(data) - length), "encrypted: yes\n");
         }
 
         if (image_info->has_cluster_size) {
-            length += sprintf(data + length, "cluster_size: %" PRId64 "", image_info->cluster_size);
+            length += snprintf(data + length, (sizeof(data) - length), "cluster_size: %" PRId64 "", image_info->cluster_size);
         }
     }
 
diff --git a/tizen/src/ecs/ecs_sensor.c b/tizen/src/ecs/ecs_sensor.c
index ae68467..269c035 100644 (file)
--- a/tizen/src/ecs/ecs_sensor.c
+++ b/tizen/src/ecs/ecs_sensor.c
@@ -352,7 +352,7 @@ static void _req_set_sensor_geo(int len, const char *data)
 
     memset(tmp, 0, sizeof(tmp));
 
-    sprintf(tmp, "%d %d %d", t_north, t_east, t_vertical);
+    snprintf(tmp, sizeof(tmp), "%d %d %d", t_north, t_east, t_vertical);
 
     set_sensor_mag(tmp, strlen(tmp));
 }
diff --git a/tizen/src/eventcast/sensor.c b/tizen/src/eventcast/sensor.c
index fbaa323..5a3e137 100644 (file)
--- a/tizen/src/eventcast/sensor.c
+++ b/tizen/src/eventcast/sensor.c
@@ -176,7 +176,7 @@ static void set_sensor_data(Eventcast__SensorData *data)
     {
         char tmp[255] = {0};
 
-        sprintf(tmp, "%d\n%d\n%lf\n%lf\n%lf\n",
+        snprintf(tmp, sizeof(tmp), "%d\n%d\n%lf\n%lf\n%lf\n",
                 level_gyro, 3, (atof(data->x) / GYRO_ADJUST),
                 (atof(data->y) / GYRO_ADJUST), (atof(data->z) / GYRO_ADJUST));
         send_eventcast_sensor_data(tmp, strlen(tmp));
@@ -190,7 +190,7 @@ static void set_sensor_data(Eventcast__SensorData *data)
         char tmp[255] = {0};
         double x = (double)(atoi(data->x));
 
-        sprintf(tmp, "%d\n%d\n%.1f\n", level_proxi, 1, x);
+        snprintf(tmp, sizeof(tmp), "%d\n%d\n%.1f\n", level_proxi, 1, x);
         send_eventcast_sensor_data(tmp, strlen(tmp));
 
         LOG_TRACE("sensor_proxi x: %.1f, %s\n", x, tmp);
@@ -200,7 +200,7 @@ static void set_sensor_data(Eventcast__SensorData *data)
     {
         char tmp[255] = {0};
 
-        sprintf(tmp, "%d\n%d\n%s%s\n", level_light, 2, data->x, data->y);
+        snprintf(tmp, sizeof(tmp), "%d\n%d\n%s%s\n", level_light, 2, data->x, data->y);
         send_eventcast_sensor_data(tmp, strlen(tmp));
 
         LOG_TRACE("sensor_light x: %s\n", data->x);
diff --git a/tizen/src/hw/virtio/maru_virtio_jack.c b/tizen/src/hw/virtio/maru_virtio_jack.c
index 33b32d4..e0b50c1 100644 (file)
--- a/tizen/src/hw/virtio/maru_virtio_jack.c
+++ b/tizen/src/hw/virtio/maru_virtio_jack.c
@@ -128,7 +128,7 @@ static void set_jack_data(enum jack_types type, char *data, int len)
     }
 }
 
-static void get_jack_data(enum jack_types type, char *msg_info)
+static void get_jack_data(enum jack_types type, char *msg_info, size_t size)
 {
     if (msg_info == NULL) {
         return;
@@ -136,22 +136,22 @@ static void get_jack_data(enum jack_types type, char *msg_info)
 
     switch (type) {
     case jack_type_list:
-        sprintf(msg_info, "%d", jack_capability);
+        snprintf(msg_info, size, "%d", jack_capability);
         break;
     case jack_type_charger:
-        sprintf(msg_info, "%d", charger_online);
+        snprintf(msg_info, size, "%d", charger_online);
         break;
     case jack_type_earjack:
-        sprintf(msg_info, "%d", earjack_online);
+        snprintf(msg_info, size, "%d", earjack_online);
         break;
     case jack_type_earkey:
-        sprintf(msg_info, "%d", earkey_online);
+        snprintf(msg_info, size, "%d", earkey_online);
         break;
     case jack_type_hdmi:
-        sprintf(msg_info, "%d", hdmi_online);
+        snprintf(msg_info, size, "%d", hdmi_online);
         break;
     case jack_type_usb:
-        sprintf(msg_info, "%d", usb_online);
+        snprintf(msg_info, size, "%d", usb_online);
         break;
     default:
         return;
@@ -168,7 +168,7 @@ static void answer_jack_data_request(int type, char *data, VirtQueueElement *ele
 
     msginfo->req = request_answer;
     msginfo->type = type;
-    get_jack_data(type, msginfo->buf);
+    get_jack_data(type, msginfo->buf, (size_t)_MAX_BUF);
 
     TRACE("sending message: %s, type: %d, req: %d\n", msginfo->buf, msginfo->type, msginfo->req);
 
diff --git a/tizen/src/hw/virtio/maru_virtio_nfc.c b/tizen/src/hw/virtio/maru_virtio_nfc.c
index 67fd50f..88bc135 100644 (file)
--- a/tizen/src/hw/virtio/maru_virtio_nfc.c
+++ b/tizen/src/hw/virtio/maru_virtio_nfc.c
@@ -135,6 +135,7 @@ bool send_to_nfc(unsigned char id, unsigned char type, const char *data,
 
     qemu_mutex_lock(&recv_buf_mutex);
     strncpy(nfc_data, data, sizeof(nfc_data));
+    nfc_data[sizeof(nfc_data)-1] = 0;
     QTAILQ_INSERT_TAIL(&nfc_recv_msg_queue, _msg, next);
 
     qemu_mutex_unlock(&recv_buf_mutex);
diff --git a/tizen/src/hw/virtio/maru_virtio_power.c b/tizen/src/hw/virtio/maru_virtio_power.c
index 26d1268..e512bfb 100644 (file)
--- a/tizen/src/hw/virtio/maru_virtio_power.c
+++ b/tizen/src/hw/virtio/maru_virtio_power.c
@@ -89,7 +89,7 @@ static void set_power_data (enum power_types type, char* data, int len)
     }
 }
 
-static void get_power_data(enum power_types type, char* msg_info)
+static void get_power_data(enum power_types type, char* msg_info, size_t size)
 {
     if (msg_info == NULL) {
         return;
@@ -97,13 +97,13 @@ static void get_power_data(enum power_types type, char* msg_info)
 
     switch (type) {
         case power_type_capacity:
-            sprintf(msg_info, "%d", capacity);
+            snprintf(msg_info, size, "%d", capacity);
             break;
         case power_type_charge_full:
-            sprintf(msg_info, "%d", charge_full);
+            snprintf(msg_info, size, "%d", charge_full);
             break;
         case power_type_charge_now:
-            sprintf(msg_info, "%d", charge_now);
+            snprintf(msg_info, size, "%d", charge_now);
             break;
         default:
             return;
@@ -144,7 +144,7 @@ static void answer_power_data_request(int type, char* data, VirtQueueElement *el
 
     msginfo->req = request_answer;
     msginfo->type = type;
-    get_power_data(type, msginfo->buf);
+    get_power_data(type, msginfo->buf, (size_t)_MAX_BUF);
 
     TRACE("sending message: %s, type: %d, req: %d\n", msginfo->buf, msginfo->type, msginfo->req);
 
diff --git a/tizen/src/hw/virtio/maru_virtio_sensor.c b/tizen/src/hw/virtio/maru_virtio_sensor.c
index a6870d5..c97c6ef 100644 (file)
--- a/tizen/src/hw/virtio/maru_virtio_sensor.c
+++ b/tizen/src/hw/virtio/maru_virtio_sensor.c
@@ -203,6 +203,7 @@ static void __set_sensor_data(enum sensor_types type, char *data, int len)
     case sensor_type_accel:
         qemu_mutex_lock(&accel_mutex);
         strncpy(accel_xyz, data, sizeof(accel_xyz));
+        accel_xyz[sizeof(accel_xyz)-1] = 0;
         qemu_mutex_unlock(&accel_mutex);
         break;
     case sensor_type_accel_enable:
@@ -284,6 +285,7 @@ static void __set_sensor_data(enum sensor_types type, char *data, int len)
     case sensor_type_rotation_vector:
         qemu_mutex_lock(&rot_mutex);
         strncpy(rot_quad, data, sizeof(rot_quad));
+        rot_quad[sizeof(rot_quad)-1] = 0;
         qemu_mutex_unlock(&rot_mutex);
         break;
     case sensor_type_rotation_vector_enable:
@@ -299,11 +301,13 @@ static void __set_sensor_data(enum sensor_types type, char *data, int len)
     case sensor_type_mag:
         qemu_mutex_lock(&geo_mutex);
         strncpy(geo_tesla, data, sizeof(geo_tesla));
+        geo_tesla[sizeof(geo_tesla)-1] = 0;
         qemu_mutex_unlock(&geo_mutex);
         break;
     case sensor_type_tilt:
         qemu_mutex_lock(&geo_mutex);
         strncpy(geo_raw, data, sizeof(geo_raw));
+        geo_raw[sizeof(geo_raw)-1] = 0;
         qemu_mutex_unlock(&geo_mutex);
         break;
     case sensor_type_geo_enable:
@@ -319,6 +323,7 @@ static void __set_sensor_data(enum sensor_types type, char *data, int len)
     case sensor_type_pressure:
         qemu_mutex_lock(&pressure_mutex);
         strncpy(pressure_data, data, sizeof(pressure_data));
+        pressure_data[sizeof(pressure_data)-1] = 0;
         qemu_mutex_unlock(&pressure_mutex);
         break;
     case sensor_type_pressure_enable:
@@ -391,7 +396,7 @@ static void __set_sensor_data(enum sensor_types type, char *data, int len)
     }
 }
 
-static void __get_sensor_data(enum sensor_types type, char *msg_info)
+static void __get_sensor_data(enum sensor_types type, char *msg_info, size_t size)
 {
     if (msg_info == NULL) {
         LOG_WARNING("msg_info is null\n");
@@ -405,178 +410,178 @@ static void __get_sensor_data(enum sensor_types type, char *msg_info)
         break;
     case sensor_type_accel:
         qemu_mutex_lock(&accel_mutex);
-        strcpy(msg_info, accel_xyz);
+        strncpy(msg_info, accel_xyz, size);
         qemu_mutex_unlock(&accel_mutex);
         break;
     case sensor_type_accel_enable:
         qemu_mutex_lock(&accel_mutex);
-        sprintf(msg_info, "%d", accel_enable);
+        snprintf(msg_info, size, "%d", accel_enable);
         qemu_mutex_unlock(&accel_mutex);
         break;
     case sensor_type_accel_delay:
         qemu_mutex_lock(&accel_mutex);
-        sprintf(msg_info, "%d", accel_delay);
+        snprintf(msg_info, size, "%d", accel_delay);
         qemu_mutex_unlock(&accel_mutex);
         break;
     case sensor_type_mag:
         qemu_mutex_lock(&geo_mutex);
-        strcpy(msg_info, geo_tesla);
+        strncpy(msg_info, geo_tesla, size);
         qemu_mutex_unlock(&geo_mutex);
         break;
     case sensor_type_tilt:
         qemu_mutex_lock(&geo_mutex);
-        strcpy(msg_info, geo_raw);
+        strncpy(msg_info, geo_raw, size);
         qemu_mutex_unlock(&geo_mutex);
         break;
     case sensor_type_geo_enable:
         qemu_mutex_lock(&geo_mutex);
-        sprintf(msg_info, "%d", geo_enable);
+        snprintf(msg_info, size, "%d", geo_enable);
         qemu_mutex_unlock(&geo_mutex);
         break;
     case sensor_type_geo_delay:
         qemu_mutex_lock(&geo_mutex);
-        sprintf(msg_info, "%d", geo_delay);
+        snprintf(msg_info, size, "%d", geo_delay);
         qemu_mutex_unlock(&geo_mutex);
         break;
     case sensor_type_gyro:
         qemu_mutex_lock(&gyro_mutex);
-        sprintf(msg_info, "%d,%d,%d", gyro_x_raw, gyro_y_raw, gyro_z_raw);
+        snprintf(msg_info, size, "%d,%d,%d", gyro_x_raw, gyro_y_raw, gyro_z_raw);
         qemu_mutex_unlock(&gyro_mutex);
         break;
     case sensor_type_gyro_enable:
         qemu_mutex_lock(&gyro_mutex);
-        sprintf(msg_info, "%d", gyro_enable);
+        snprintf(msg_info, size, "%d", gyro_enable);
         qemu_mutex_unlock(&gyro_mutex);
         break;
     case sensor_type_gyro_delay:
         qemu_mutex_lock(&gyro_mutex);
-        sprintf(msg_info, "%d", gyro_delay);
+        snprintf(msg_info, size, "%d", gyro_delay);
         qemu_mutex_unlock(&gyro_mutex);
         break;
     case sensor_type_gyro_x:
         qemu_mutex_lock(&gyro_mutex);
-        sprintf(msg_info, "%d", gyro_x_raw);
+        snprintf(msg_info, size, "%d", gyro_x_raw);
         qemu_mutex_unlock(&gyro_mutex);
         break;
     case sensor_type_gyro_y:
         qemu_mutex_lock(&gyro_mutex);
-        sprintf(msg_info, "%d", gyro_y_raw);
+        snprintf(msg_info, size, "%d", gyro_y_raw);
         qemu_mutex_unlock(&gyro_mutex);
         break;
     case sensor_type_gyro_z:
         qemu_mutex_lock(&gyro_mutex);
-        sprintf(msg_info, "%d", gyro_z_raw);
+        snprintf(msg_info, size, "%d", gyro_z_raw);
         qemu_mutex_unlock(&gyro_mutex);
         break;
     case sensor_type_light:
     case sensor_type_light_adc:
         qemu_mutex_lock(&light_mutex);
-        sprintf(msg_info, "%d", light_adc);
+        snprintf(msg_info, size, "%d", light_adc);
         qemu_mutex_unlock(&light_mutex);
         break;
     case sensor_type_light_level:
         qemu_mutex_lock(&light_mutex);
-        sprintf(msg_info, "%d", light_level);
+        snprintf(msg_info, size, "%d", light_level);
         qemu_mutex_unlock(&light_mutex);
         break;
     case sensor_type_light_enable:
         qemu_mutex_lock(&light_mutex);
-        sprintf(msg_info, "%d", light_enable);
+        snprintf(msg_info, size, "%d", light_enable);
         qemu_mutex_unlock(&light_mutex);
         break;
     case sensor_type_light_delay:
         qemu_mutex_lock(&light_mutex);
-        sprintf(msg_info, "%d", light_delay);
+        snprintf(msg_info, size, "%d", light_delay);
         qemu_mutex_unlock(&light_mutex);
         break;
     case sensor_type_proxi:
         qemu_mutex_lock(&proxi_mutex);
-        sprintf(msg_info, "%d", proxi_vo);
+        snprintf(msg_info, size, "%d", proxi_vo);
         qemu_mutex_unlock(&proxi_mutex);
         break;
     case sensor_type_proxi_enable:
         qemu_mutex_lock(&proxi_mutex);
-        sprintf(msg_info, "%d", proxi_enable);
+        snprintf(msg_info, size, "%d", proxi_enable);
         qemu_mutex_unlock(&proxi_mutex);
         break;
     case sensor_type_proxi_delay:
         qemu_mutex_lock(&proxi_mutex);
-        sprintf(msg_info, "%d", proxi_delay);
+        snprintf(msg_info, size, "%d", proxi_delay);
         qemu_mutex_unlock(&proxi_mutex);
         break;
     case sensor_type_rotation_vector:
         qemu_mutex_lock(&rot_mutex);
-        strcpy(msg_info, rot_quad);
+        strncpy(msg_info, rot_quad, size);
         qemu_mutex_unlock(&rot_mutex);
         break;
     case sensor_type_rotation_vector_enable:
         qemu_mutex_lock(&rot_mutex);
-        sprintf(msg_info, "%d", rot_enable);
+        snprintf(msg_info, size, "%d", rot_enable);
         qemu_mutex_unlock(&rot_mutex);
         break;
     case sensor_type_rotation_vector_delay:
         qemu_mutex_lock(&rot_mutex);
-        sprintf(msg_info, "%d", rot_delay);
+        snprintf(msg_info, size, "%d", rot_delay);
         qemu_mutex_unlock(&rot_mutex);
         break;
     case sensor_type_pressure:
         qemu_mutex_lock(&pressure_mutex);
-        strcpy(msg_info, pressure_data);
+        strncpy(msg_info, pressure_data, size);
         qemu_mutex_unlock(&pressure_mutex);
         break;
     case sensor_type_pressure_enable:
         qemu_mutex_lock(&pressure_mutex);
-        sprintf(msg_info, "%d", pressure_enable);
+        snprintf(msg_info, size, "%d", pressure_enable);
         qemu_mutex_unlock(&pressure_mutex);
         break;
     case sensor_type_pressure_delay:
         qemu_mutex_lock(&pressure_mutex);
-        sprintf(msg_info, "%d", pressure_delay);
+        snprintf(msg_info, size, "%d", pressure_delay);
         qemu_mutex_unlock(&pressure_mutex);
         break;
     case sensor_type_uv:
         qemu_mutex_lock(&uv_mutex);
-        sprintf(msg_info, "%d", uv_level);
+        snprintf(msg_info, size, "%d", uv_level);
         qemu_mutex_unlock(&uv_mutex);
         break;
     case sensor_type_uv_enable:
         qemu_mutex_lock(&uv_mutex);
-        sprintf(msg_info, "%d", uv_enable);
+        snprintf(msg_info, size, "%d", uv_enable);
         qemu_mutex_unlock(&uv_mutex);
         break;
     case sensor_type_uv_delay:
         qemu_mutex_lock(&uv_mutex);
-        sprintf(msg_info, "%d", uv_delay);
+        snprintf(msg_info, size, "%d", uv_delay);
         qemu_mutex_unlock(&uv_mutex);
         break;
     case sensor_type_hrm:
         qemu_mutex_lock(&hrm_mutex);
-        sprintf(msg_info, "%d, %d", hrm_heart, hrm_rri);
+        snprintf(msg_info, size, "%d, %d", hrm_heart, hrm_rri);
         qemu_mutex_unlock(&hrm_mutex);
         break;
     case sensor_type_hrm_enable:
         qemu_mutex_lock(&hrm_mutex);
-        sprintf(msg_info, "%d", hrm_enable);
+        snprintf(msg_info, size, "%d", hrm_enable);
         qemu_mutex_unlock(&hrm_mutex);
         break;
     case sensor_type_hrm_delay:
         qemu_mutex_lock(&hrm_mutex);
-        sprintf(msg_info, "%d", hrm_delay);
+        snprintf(msg_info, size, "%d", hrm_delay);
         qemu_mutex_unlock(&hrm_mutex);
         break;
     case sensor_type_pedo:
         qemu_mutex_lock(&pedo_mutex);
-        sprintf(msg_info, "%d", pedo_value);
+        snprintf(msg_info, size, "%d", pedo_value);
         qemu_mutex_unlock(&pedo_mutex);
         break;
     case sensor_type_pedo_enable:
         qemu_mutex_lock(&pedo_mutex);
-        sprintf(msg_info, "%d", pedo_enable);
+        snprintf(msg_info, size, "%d", pedo_enable);
         qemu_mutex_unlock(&pedo_mutex);
         break;
     case sensor_type_pedo_delay:
         qemu_mutex_lock(&pedo_mutex);
-        sprintf(msg_info, "%d", pedo_delay);
+        snprintf(msg_info, size, "%d", pedo_delay);
         qemu_mutex_unlock(&pedo_mutex);
         break;
     default:
@@ -599,7 +604,7 @@ void req_sensor_data(enum sensor_types type, enum request_cmd req, char *data, i
     if (req == request_set) {
         __set_sensor_data(type, data, len);
     } else if (req == request_get) {
-        __get_sensor_data(type, msg_info);
+        __get_sensor_data(type, msg_info, sizeof(msg_info));
         send_sensor_to_ecs(msg_info, type);
     }
 }
@@ -614,7 +619,7 @@ static void answer_sensor_data_request(int type, char *data, VirtQueueElement *e
 
     msginfo->req = request_answer;
     msginfo->type = type;
-    __get_sensor_data(type, msginfo->buf);
+    __get_sensor_data(type, msginfo->buf, (size_t)_MAX_BUF);
 
     LOG_TRACE("sending message: %s, type: %d, req: %d\n", msginfo->buf, msginfo->type, msginfo->req);
 
diff --git a/tizen/src/util/extra_pkgs_install.c b/tizen/src/util/extra_pkgs_install.c
index 76694d0..7f033ca 100644 (file)
--- a/tizen/src/util/extra_pkgs_install.c
+++ b/tizen/src/util/extra_pkgs_install.c
@@ -68,7 +68,7 @@ static char *get_addon_path(void)
         return NULL;
     }
 
-    ret = sprintf(extra_path, "%s%s%s%s%s%s%s",
+    ret = snprintf(extra_path, (size_t)MAX_PKG_LIST, "%s%s%s%s%s%s%s",
             get_bin_path(), parent, profile_name, separator,
             IMAGE_DIRECTORY, separator, ADDON_DIRECTORY);
     if (ret < 0) {
@@ -80,12 +80,12 @@ static char *get_addon_path(void)
     return extra_path;
 }
 
-static void add_addon_pkgs_name(char *pkgs, char *name)
+static void add_addon_pkgs_name(char *pkgs, char *name, size_t size)
 {
     if (strlen(pkgs) == 0) {
-        strcpy(pkgs, name);
+        strncpy(pkgs, name, size);
     } else {
-        sprintf(pkgs, "%s, %s", pkgs, name);
+        snprintf(pkgs, size, "%s, %s", pkgs, name);
     }
 }
 
@@ -225,8 +225,8 @@ void epi_init(void)
                     }
 
                     pkg_count++;
-                    add_addon_pkgs_name(pkgs, sub_dir_entry->d_name);
-                    add_addon_pkgs_name(pkg_list, sub_dir_entry->d_name);
+                    add_addon_pkgs_name(pkgs, sub_dir_entry->d_name, sizeof(pkgs));
+                    add_addon_pkgs_name(pkg_list, sub_dir_entry->d_name, sizeof(pkg_list));
                     LOG_TRACE("reading addon sub directory: %s\n", sub_dir_entry->d_name);
                 }
             }
diff --git a/tizen/src/util/net_helper.c b/tizen/src/util/net_helper.c
index e8743ca..6ab967d 100644 (file)
--- a/tizen/src/util/net_helper.c
+++ b/tizen/src/util/net_helper.c
@@ -315,6 +315,7 @@ static void add_sdb_client(struct sockaddr_in* addr, int port, const char* seria
     memcpy(&client->addr, addr, sizeof(struct sockaddr_in));
     client->port = port;
     strncpy(client->serial, serial, sizeof(client->serial));
+    client->serial[sizeof(client->serial) - 1] = 0;
 
     qemu_mutex_lock(&mutex_clients);
 
@@ -460,6 +461,7 @@ static void *get_user_home_path(void *args)
         }
         if (cmd_root_off != NULL) {
             g_free(cmd_root_off);
+            cmd_root_off = NULL;
         }
         pclose(fp);
 
diff --git a/tizen/src/util/qt5_error_report.c b/tizen/src/util/qt5_error_report.c
index bffd329..56d44b8 100644 (file)
--- a/tizen/src/util/qt5_error_report.c
+++ b/tizen/src/util/qt5_error_report.c
@@ -56,8 +56,8 @@ char *get_app_path(void)
     int app_len = strlen(app_name);
     int app_path_len = bin_len + app_len + 3;
     char *tmp_path = (char *)g_malloc0(app_path_len);
-    strcpy(tmp_path, bin_dir);
-    strcat(tmp_path, app_name);
+    strncpy(tmp_path, bin_dir, (size_t)app_path_len);
+    strncat(tmp_path, app_name, (size_t)app_path_len);
     tmp_path[app_path_len - 1] = '\0';
 
     INFO("qt5_msgbox path : %s\n", tmp_path);
Domain: SDK / Emulator;