Add negative number checking logic before ssprintf function.

When converting string to unsigned int,
it can be tainted with negative value.
So before converting, check the negative value.

Change-Id: Ib6cada03a25440599d3d093c4220c64b63782ab0
Signed-off-by: Yunmi Ha <yunmi.ha@samsung.com>

diff --git a/src/common/tlm-config.c b/src/common/tlm-config.c
old mode 100644 (file)
new mode 100755 (executable)
index 4696344..c49c7f0
--- a/src/common/tlm-config.c
+++ b/src/common/tlm-config.c
@@ -426,7 +426,12 @@ tlm_config_get_uint (
 {
     guint value;
     const gchar *str_value = tlm_config_get_string (self, group, key);
-    if (!str_value || sscanf (str_value, "%u", &value) <= 0) value = retval;
+
+    if (str_value && (*str_value == '-'))  {
+        value = retval;
+    } else  {
+        if (!str_value || sscanf (str_value, "%u", &value) <= 0) value = retval;
+    }
 
     return value;
 }