fixed sample app defects detected by static analysis

fixed issues in CA sample app reported by static analysis tool

Change-Id: I1eaf0c6bedb0a86e8da7edf3301dcd06cb1ddfbf
Signed-off-by: hyuna0213.jo <hyuna0213.jo@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/4401
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Jaehong Jo <jaehong.jo@samsung.com>
Reviewed-by: Jon A. Cruz <jonc@osg.samsung.com>

diff --git a/resource/csdk/connectivity/samples/android/casample/sampleService/src/main/jni/ResourceModel.c b/resource/csdk/connectivity/samples/android/casample/sampleService/src/main/jni/ResourceModel.c
index d7c528d..36ef460 100644 (file)
--- a/resource/csdk/connectivity/samples/android/casample/sampleService/src/main/jni/ResourceModel.c
+++ b/resource/csdk/connectivity/samples/android/casample/sampleService/src/main/jni/ResourceModel.c
@@ -618,15 +618,15 @@ Java_org_iotivity_ca_service_RMInterface_RMSendResponse(JNIEnv *env, jobject obj
         {
             uint32_t length = strlen(SECURE_INFO_DATA) + strlen(g_resourceUri) + 1;
             responseData.payload = (CAPayload_t) malloc(length);
-            sprintf((char *) responseData.payload, SECURE_INFO_DATA, g_resourceUri,
-                    g_localSecurePort);
+            snprintf((char *) responseData.payload, length, SECURE_INFO_DATA,
+                     g_resourceUri, g_localSecurePort);
             responseData.payloadSize = length;
         }
         else
         {
             uint32_t length = strlen(NORMAL_INFO_DATA) + strlen(g_resourceUri) + 1;
             responseData.payload = (CAPayload_t) malloc(length);
-            sprintf((char *) responseData.payload, NORMAL_INFO_DATA, g_resourceUri);
+            snprintf((char *) responseData.payload, length, NORMAL_INFO_DATA, g_resourceUri);
             responseData.payloadSize = length;
         }
     }
@@ -648,6 +648,7 @@ Java_org_iotivity_ca_service_RMInterface_RMSendResponse(JNIEnv *env, jobject obj
     // destroy remote endpoint
     CADestroyEndpoint(g_clientEndpoint);
     g_clientEndpoint = NULL;
+    free(responseData.payload);
 }
 
 JNIEXPORT void JNICALL
@@ -749,7 +750,8 @@ Java_org_iotivity_ca_service_RMInterface_RMSendNotification(JNIEnv *env, jobject
             free(requestData.resourceUri);
             return;
         }
-        snprintf((char *) requestData.payload, length, SECURE_INFO_DATA, resourceURI, g_localSecurePort);
+        snprintf((char *) requestData.payload, length, SECURE_INFO_DATA,
+                 resourceURI, g_localSecurePort);
         requestData.payloadSize = length;
     }
     else
@@ -867,12 +869,12 @@ Java_org_iotivity_ca_service_RMInterface_RMGetNetworkInfomation(JNIEnv *env, job
         {
             char networkInfo[NETWORK_INFO_LENGTH];
             LOGI("Type: %d", tempInfo[index].adapter);
-            sprintf(networkInfo, "%d",tempInfo[index].adapter);
+            snprintf(networkInfo, NETWORK_INFO_LENGTH, "%d",tempInfo[index].adapter);
             callback("Type :", networkInfo);
             if (CA_ADAPTER_IP == tempInfo[index].adapter)
             {
                 LOGI("Port: %d", tempInfo[index].port);
-                sprintf(networkInfo, "%d",tempInfo[index].port);
+                snprintf(networkInfo, NETWORK_INFO_LENGTH, "%d",tempInfo[index].port);
                 callback("Port: ", networkInfo);
             }
             LOGI("Secured: %d", (tempInfo[index].flags & CA_SECURE));
@@ -985,7 +987,7 @@ void request_handler(const CAEndpoint_t* object, const CARequestInfo_t* requestI
         free(g_remoteAddress);
 
         char portInfo[PORT_LENGTH] = { 0, };
-        sprintf(portInfo, "%d", object->port);
+        snprintf(portInfo, PORT_LENGTH, "%d", object->port);
         callback("Remote Port: ", portInfo);
 
         //clone g_clientEndpoint
@@ -1076,9 +1078,10 @@ void request_handler(const CAEndpoint_t* object, const CARequestInfo_t* requestI
             if (NULL != g_responseListenerObject)
             {
                 char optionInfo[OPTION_INFO_LENGTH] = { 0, };
-                sprintf(optionInfo, "Num[%d] - ID : %d, Option Length : %d", i + 1,
-                        requestInfo->info.options[i].optionID,
-                        requestInfo->info.options[i].optionLength);
+                snprintf(optionInfo, OPTION_INFO_LENGTH,
+                         "Num[%d] - ID : %d, Option Length : %d", i + 1,
+                         requestInfo->info.options[i].optionID,
+                         requestInfo->info.options[i].optionLength);
 
                 callback("Option info: ", optionInfo);
 
@@ -1183,7 +1186,7 @@ void response_handler(const CAEndpoint_t* object, const CAResponseInfo_t* respon
         free(g_remoteAddress);
 
         char portInfo[PORT_LENGTH] = { 0, };
-        sprintf(portInfo, "%d", object->port);
+        snprintf(portInfo, PORT_LENGTH, "%d", object->port);
         callback("Remote Port: ", portInfo);
 
         if (NULL != responseInfo->info.payload && responseInfo->info.payloadSize)
@@ -1225,9 +1228,10 @@ void response_handler(const CAEndpoint_t* object, const CAResponseInfo_t* respon
             if (NULL != g_responseListenerObject)
             {
                 char optionInfo[OPTION_INFO_LENGTH] = { 0, };
-                sprintf(optionInfo, "Num[%d] - ID : %d, Option Length : %d", i + 1,
-                        responseInfo->info.options[i].optionID,
-                        responseInfo->info.options[i].optionLength);
+                snprintf(optionInfo, OPTION_INFO_LENGTH,
+                         "Num[%d] - ID : %d, Option Length : %d", i + 1,
+                         responseInfo->info.options[i].optionID,
+                         responseInfo->info.options[i].optionLength);
 
                 callback("Option info: ", optionInfo);
 
@@ -1642,6 +1646,12 @@ bool read_file(const char* name, char** bytes, size_t* length)
     // Get file length
     fseek(file, 0, SEEK_END);
     fileLen = ftell(file);
+    if (-1 == fileLen)
+    {
+        fprintf(stderr, "Failed to read file length");
+        fclose(file);
+        return false;
+    }
     fseek(file, 0, SEEK_SET);
 
     LOGI("file size: %d", fileLen);
@@ -1694,7 +1704,7 @@ void saveFile(const char *payload, size_t payloadSize)
     char* path = calloc(1, sizeof(char) * path_length);
     if (path != NULL)
     {
-        sprintf(path, RECEIVED_FILE_PATH, day, timeString);
+        snprintf(path, path_length, RECEIVED_FILE_PATH, day, timeString);
         LOGI("received file path: %s", path);
 
         FILE *fp = fopen(path, "wt");

diff --git a/resource/csdk/connectivity/samples/linux/sample_main.c b/resource/csdk/connectivity/samples/linux/sample_main.c
index 531ad31..392c5bf 100644 (file)
--- a/resource/csdk/connectivity/samples/linux/sample_main.c
+++ b/resource/csdk/connectivity/samples/linux/sample_main.c
@@ -1614,6 +1614,12 @@ bool read_file(const char* name, CAPayload_t* bytes, size_t* length)
     // Get file length
     fseek(file, 0, SEEK_END);
     fileLen = ftell(file);
+    if (-1 == fileLen)
+    {
+        fprintf(stderr, "Failed to get file length\n");
+        fclose(file);
+        return false;
+    }
     fseek(file, 0, SEEK_SET);
 
     // Allocate memory