Fix prevent issue 74/8474/1
authorwootak.jung <wootak.jung@samsung.com>
Thu, 27 Jun 2013 01:17:40 +0000 (10:17 +0900)
committerwootak.jung <wootak.jung@samsung.com>
Tue, 20 Aug 2013 00:58:57 +0000 (09:58 +0900)
- src/co_call.c: buffer_size_warning
Calling strncpy with a maximum size argument of 83 bytes on destination
array "co->cna.name" of size 83 bytes might leave the destination string
unterminated.

- src/co_call.c: dead_error_line
Execution cannot reach this statement "continue;".

- src/co_sat.c: check_after_deref
Null-checking "address" suggests that it may be null, but it has already
been dereferenced on all paths leading to the check.

- src/at.c: suspicious_sizeof
Passing argument "at->resp" of type "TcoreATResponse *" and argument
"4 /* sizeof (TcoreATResponse *) */" to function "tcore_pending_emit_
response_callback(TcorePending *, int, void const *)" is suspicious.
Did you intend to use "sizeof(TcoreATResponse)" instead of "sizeof
(TcoreATResponse *)" ?

Change-Id: Ic5fd98b57b2cca40da80f74a5e3415974287e56a

packaging/libtcore.spec
src/at.c
src/co_call.c
src/co_sat.c

index 21e37c2..dd2b5af 100644 (file)
@@ -1,6 +1,6 @@
 Name: libtcore
 Summary: Telephony-core library
-Version: 0.1.84
+Version: 0.1.85
 Release:    1
 Group:      System/Libraries
 License:    Apache
index 8bb02c2..e47ac2e 100755 (executable)
--- a/src/at.c
+++ b/src/at.c
@@ -184,7 +184,7 @@ static void _emit_pending_response(TcoreAT *at)
                dbg("no pending");
        }
 
-       tcore_pending_emit_response_callback(p, sizeof(TcoreATResponse *), at->resp);
+       tcore_pending_emit_response_callback(p, sizeof(TcoreATResponse), at->resp);
        tcore_user_request_unref(tcore_pending_ref_user_request(p));
        tcore_pending_free(p);
 
index 8d3c371..67bcc04 100644 (file)
@@ -359,28 +359,14 @@ static TReturn _dispatcher(CoreObject *o, UserRequest *ur)
 static void _free_hook(CoreObject *o)
 {
        struct private_object_data *po;
-       GSList *list;
 
        po = tcore_object_ref_object(o);
        if (NULL == po)
                return;
 
-       if (po->cobjs) {
-               for (list = po->cobjs; list; list = list->next) {
-                       if (NULL == list)
-                               continue;
-
-                       if (list->data)
-                               g_free(list->data);
-
-                       list->data = NULL;
-               }
-
-               g_slist_free(po->cobjs);
-               po->cobjs = NULL;
-       }
-
+       g_slist_free_full(po->cobjs, g_free);
        g_free(po);
+
        tcore_object_link_object(o, NULL);
 }
 
@@ -843,13 +829,24 @@ enum tcore_call_cli_mode tcore_call_object_get_cli_mode(struct call_object *co)
 }
 
 gboolean tcore_call_object_set_cna_info(struct call_object *co,
-                                                       enum tcore_call_cna_mode mode, char *name, int dcs)
+               enum tcore_call_cna_mode mode, char *name, int dcs)
 {
+       int len;
+
        _check_null("co", co, FALSE);
        _check_null("name", name, FALSE);
 
+       len = strlen(name);
+       if (len >= MAX_CALL_NAME_LEN) {
+               dbg("Call name is too long");
+               return FALSE;
+       }
+
+       strncpy(co->cna.name, name, len);
+       co->cna.name[len] = '\0';
+
        co->cna.mode = mode;
-       strncpy(co->cna.name, name, MAX_CALL_NAME_LEN);
+
        return TRUE;
 }
 
@@ -1150,7 +1147,7 @@ void tcore_call_information_mt_cna(CoreObject *o,
 {
        CORE_OBJECT_CHECK(o, CORE_OBJECT_TYPE_CALL);
 
-       return _call_info_mt_cna(o, mode, name, dcs);
+       _call_info_mt_cna(o, mode, name, dcs);
 }
 
 void tcore_call_information_mt_forwarded_call(CoreObject *o, char *number)
index 35d4048..7cb2df2 100644 (file)
@@ -2299,13 +2299,14 @@ static enum tcore_sat_result _sat_decode_other_address_tlv(unsigned char* tlv_st
        }//end of switch
 
        //address
-       memcpy(other_address_obj->address, address, strlen(address));
-       other_address_obj->address_len = strlen(address);
+       if (address) {
+               other_address_obj->address_len = strlen(address);
+               memcpy(other_address_obj->address, address, other_address_obj->address_len);
 
-       if (address)
                g_free(address);
+               dbg("destination address(%s)", other_address_obj->address);
+       }
 
-       dbg("destination address(%s)", other_address_obj->address);
        *consumed_data_len = 2+address_len;
        return TCORE_SAT_SUCCESS;
 }