Fix coverity issues(overflow, missing unlock)

CID-108574, 107120, 106975, 106736

Change-Id: I81b1f8d532e4048ec1edc48164a576563e41e923

diff --git a/provider-interface/download-provider-interface.c b/provider-interface/download-provider-interface.c
index fd0dc50..4741c65 100755 (executable)
--- a/provider-interface/download-provider-interface.c
+++ b/provider-interface/download-provider-interface.c
@@ -15,6 +15,7 @@
  */
 
 #include <stdio.h>
+#include <stdint.h>
 #include <stdlib.h>
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -63,6 +64,10 @@
 
 #define DOWNLOAD_FILENAME_MAX 256
 
+#ifndef SIZE_MAX
+#define SIZE_MAX ((size_t) -1)
+#endif
+
 // define type
 typedef struct {
        int channel; // query & response
@@ -595,7 +600,7 @@ static int __dp_ipc_get_string(const int id, const unsigned property,
                size_t string_length = 0;
                *string = NULL;
                errorcode = __dp_ipc_response(sock, id, DP_SEC_GET, property, &string_length);
-               if (errorcode == DP_ERROR_NONE) {
+               if (errorcode == DP_ERROR_NONE && string_length < SIZE_MAX) {
                        if (string_length > 0) {
                                char *recv_str = (char *)calloc((string_length + (size_t)1), sizeof(char));
                                if (recv_str == NULL) {
@@ -1471,7 +1476,7 @@ int dp_interface_get_http_header_field(const int id, const char *field,
                        size_t string_length = 0;
                        *value = NULL;
                        errorcode = __dp_ipc_response(sock, id, section, property, &string_length);
-                       if (errorcode == DP_ERROR_NONE) {
+                       if (errorcode == DP_ERROR_NONE && string_length < SIZE_MAX) {
                                if (string_length > 0) {
                                        char *recv_str = (char *)calloc((string_length + (size_t)1), sizeof(char));
                                        if (recv_str == NULL) {
@@ -1553,7 +1558,7 @@ int dp_interface_get_http_header_field_list(const int id, char ***fields,
                                                                size_t string_length = 0;
                                                                errorcode = __dp_ipc_response(sock, id, section, property, &string_length);
                                                                recv_strings[i] = NULL;
-                                                               if (errorcode == DP_ERROR_NONE && string_length > 0) {
+                                                               if (errorcode == DP_ERROR_NONE && string_length > 0 && string_length < SIZE_MAX) {
                                                                        char *recv_str = (char *)calloc((string_length + (size_t)1), sizeof(char));
                                                                        if (recv_str == NULL) {
                                                                                TRACE_ERROR("check memory length:%d", string_length * sizeof(char));

diff --git a/provider/download-provider-plugin-download-agent.c b/provider/download-provider-plugin-download-agent.c
index 52962d1..373cbb5 100755 (executable)
--- a/provider/download-provider-plugin-download-agent.c
+++ b/provider/download-provider-plugin-download-agent.c
@@ -504,6 +504,7 @@ static void __progress_cb(int download_id, unsigned long long received_size,
                struct tm localTime ;
                if (localtime_r(&tt, &localTime) == NULL) {
                        TRACE_ERROR("Error localtime_r");
+                       CLIENT_MUTEX_UNLOCK(&slot->mutex);
                        return;
                }
                // send event every 1 second.