Fix Svace issue

Change-Id: I90787dd8f14cc363989548c766b153779b9ee63c

diff --git a/framework/storage-handler/MsgStorageMessage.cpp b/framework/storage-handler/MsgStorageMessage.cpp
index 853da57..0444e26 100755 (executable)
--- a/framework/storage-handler/MsgStorageMessage.cpp
+++ b/framework/storage-handler/MsgStorageMessage.cpp
@@ -1120,6 +1120,7 @@ msg_error_t MsgStoDeleteAllMessageInFolder(msg_folder_id_t folderId, bool bOnlyD
        MSG_DEBUG("pToDeleteMsgIdList->nCount [%d]", pToDeleteMsgIdList->nCount);
 
        pToDeleteMsgIdList->msgIdList = (msg_message_id_t *)new char[sizeof(msg_message_id_t) * rowCnt];
+       memset(pToDeleteMsgIdList->msgIdList, 0x00, sizeof(msg_message_id_t) * rowCnt);
 
        for (int i = 0; i < rowCnt; i++)
                pToDeleteMsgIdList->msgIdList[i] = dbHandle->getColumnToInt(index++);
@@ -1308,8 +1309,9 @@ msg_error_t MsgStoDeleteAllMessageInFolder(msg_folder_id_t folderId, bool bOnlyD
        if (pMsgIdList != NULL && pToDeleteMsgIdList->nCount > 0) {
                pMsgIdList->nCount = pToDeleteMsgIdList->nCount;
 
-               pMsgIdList->msgIdList = (msg_message_id_t *)new char[sizeof(msg_message_id_t)*pToDeleteMsgIdList->nCount];
-               memcpy(pMsgIdList->msgIdList, pToDeleteMsgIdList->msgIdList, sizeof(msg_message_id_t)*pToDeleteMsgIdList->nCount);
+               pMsgIdList->msgIdList = (msg_message_id_t *)new char[sizeof(msg_message_id_t) * pToDeleteMsgIdList->nCount];
+               memset(pMsgIdList->msgIdList, 0x00, sizeof(msg_message_id_t) * pToDeleteMsgIdList->nCount);
+               memcpy(pMsgIdList->msgIdList, pToDeleteMsgIdList->msgIdList, sizeof(msg_message_id_t) * pToDeleteMsgIdList->nCount);
        }
 
        /* Create thread  for noti and phone log delete. */

diff --git a/plugin/mms_plugin/MmsPluginDecode.cpp b/plugin/mms_plugin/MmsPluginDecode.cpp
index 49e1368..db8eccb 100755 (executable)
--- a/plugin/mms_plugin/MmsPluginDecode.cpp
+++ b/plugin/mms_plugin/MmsPluginDecode.cpp
@@ -1345,14 +1345,14 @@ static bool __MmsBinaryDecodeParameter(FILE *pFile, MsgType *pMsgType, int value
                                                        memset(pMsgType->param.szBoundary, 0, MSG_BOUNDARY_LEN + 1);
                                                        strncpy(pMsgType->param.szBoundary, szTypeValue, MSG_BOUNDARY_LEN);
 #ifdef FEATURE_JAVA_MMS
-                                               } else if (strcasecmp(szTypeString, "Application-ID") == 0) {
+                                               } else if (g_ascii_strcasecmp(szTypeString, "Application-ID") == 0) {
                                                        pMsgType->param.szApplicationID = (char*) calloc(1, textLength + 1);
                                                        if (pMsgType->param.szApplicationID) {
                                                                memset(pMsgType->param.szApplicationID, 0, textLength + 1);
                                                                strncpy(pMsgType->param.szApplicationID, szTypeValue, textLength);
                                                                MSG_SEC_DEBUG("Application-ID:%s", pMsgType->param.szApplicationID);
                                                        }
-                                               } else if (strcasecmp(szTypeString, "Reply-To-Application-ID") == 0) {
+                                               } else if (g_ascii_strcasecmp(szTypeString, "Reply-To-Application-ID") == 0) {
                                                        pMsgType->param.szReplyToApplicationID = (char*)calloc(1, textLength + 1);
                                                        if (pMsgType->param.szReplyToApplicationID) {
                                                                memset(pMsgType->param.szReplyToApplicationID, 0, textLength + 1);

diff --git a/plugin/sms_plugin/SmsPluginCbMsgHandler.cpp b/plugin/sms_plugin/SmsPluginCbMsgHandler.cpp
index 1280b65..da8f06c 100755 (executable)
--- a/plugin/sms_plugin/SmsPluginCbMsgHandler.cpp
+++ b/plugin/sms_plugin/SmsPluginCbMsgHandler.cpp
@@ -454,12 +454,16 @@ void SmsPluginCbMsgHandler::Decode3gCbMsg(TelSmsCbMsg_t *pCbMsg, SMS_CBMSG_PAGE_
                for (int i = 0; i < pCbPage->pageHeader.totalPages; ++i) {
                        if (pCbPage->pageHeader.dcs.iso639Lang[0]) {
                                dataLen = cbData[7+(i+1)*82 + i] - 2;
-                               memcpy(cbMessage + offset, &cbData[7+(i*82)+ i + 2], dataLen);
-                               offset += dataLen;
+                               if (dataLen > 0) {
+                                       memcpy(cbMessage + offset, &cbData[7+(i*82)+ i + 2], dataLen);
+                                       offset += dataLen;
+                               }
                        } else {
                                dataLen = cbData[7+(i+1)*82 + i];
-                               memcpy(cbMessage + offset, &cbData[7+(i*82)+ i], dataLen);
-                               offset += dataLen;
+                               if (dataLen > 0) {
+                                       memcpy(cbMessage + offset, &cbData[7+(i*82)+ i], dataLen);
+                                       offset += dataLen;
+                               }
                        }
                }
                dataLen = offset;

diff --git a/plugin/sms_plugin/SmsPluginParamCodec.cpp b/plugin/sms_plugin/SmsPluginParamCodec.cpp
index 61e4641..d605b62 100755 (executable)
--- a/plugin/sms_plugin/SmsPluginParamCodec.cpp
+++ b/plugin/sms_plugin/SmsPluginParamCodec.cpp
@@ -46,31 +46,37 @@ int SmsPluginParamCodec::encodeAddress(const SMS_ADDRESS_S *pAddress, char **ppP
 
        SMS_TON_T ton;
 
-       *ppParam = new char[MAX_ADD_PARAM_LEN];
+       char *tempParam = new char[MAX_ADD_PARAM_LEN];
+       if (tempParam == NULL)
+               return 0;
+
+       memset(tempParam, 0x00, sizeof(char)*MAX_ADD_PARAM_LEN);
 
        /* Set Address Length */
        if (temp[0] == '+') {
-               (*ppParam)[offset++] = strlen(temp) - 1;
+               tempParam[offset++] = strlen(temp) - 1;
                temp++;
 
                ton = SMS_TON_INTERNATIONAL;
        } else {
-               (*ppParam)[offset++] = strlen(temp);
+               tempParam[offset++] = strlen(temp);
 
                ton = pAddress->ton;
        }
 
        /* Set TON, NPI */
-       (*ppParam)[offset++] = 0x80 + (ton << 4) + pAddress->npi;
+       tempParam[offset++] = 0x80 + (ton << 4) + pAddress->npi;
 
-       MSG_DEBUG("Address length is %d.", (*ppParam)[0]);
+       MSG_DEBUG("Address length is %d.", tempParam[0]);
        MSG_DEBUG("pAddress->ton : %d.", ton);
        MSG_DEBUG("pAddress->npi : %d.", pAddress->npi);
 
-       length = convertDigitToBcd(temp, strlen(temp), (unsigned char *) &((*ppParam)[offset]));
+       length = convertDigitToBcd(temp, strlen(temp), (unsigned char *) &(tempParam[offset]));
 
        offset += length;
 
+       *ppParam = tempParam;
+
        return offset ;
 }
 

diff --git a/plugin/sms_plugin/SmsPluginSetting.cpp b/plugin/sms_plugin/SmsPluginSetting.cpp
index dfc38c2..56b3ea7 100755 (executable)
--- a/plugin/sms_plugin/SmsPluginSetting.cpp
+++ b/plugin/sms_plugin/SmsPluginSetting.cpp
@@ -1664,9 +1664,13 @@ bool SmsPluginSetting::getMailboxInfoEvent()
 {
        int ret = 0;
 
+       mx.lock();
+
        bTapiResult = false;
        ret = cv.timedwait(mx.pMsgMutex(), MAX_TAPI_SIM_API_TIMEOUT);
 
+       mx.unlock();
+
        if (ret == ETIMEDOUT) {
                MSG_DEBUG("WARNING: TAPI callback TIME-OUT");
                return false;

diff --git a/utils/MsgSmil.cpp b/utils/MsgSmil.cpp
index b36737f..afd42ab 100755 (executable)
--- a/utils/MsgSmil.cpp
+++ b/utils/MsgSmil.cpp
@@ -304,10 +304,10 @@ int MsgSmilGetTime(char *pValue)
        if (strstr(pValue, "ms"))
                bMSec = true;
 
-       pTemp = (char *)malloc(strlen(pValue) + 1);
+       pTemp = (char *)calloc(1, strlen(pValue) + 1);
 
        if (NULL == pTemp) {
-               MSG_DEBUG("malloc for <time> attribute is failed");
+               MSG_DEBUG("calloc for <time> attribute is failed");
                return 0;
        }