Fix null pointer access issue when check audio_id

- Issue:
The first time to start recording, the engine can get null audio_id from
stt engine module, if the engine app did not set audio id.

- Solution:
Because of the order of calling setter and getter of audio id, getter
can provide null pointer as audio id, but the implementation does not
check it. Thus, this patch adds null pointer checker and fix some logic
to prevent crash by accessing null pointer.

Change-Id: Id68f17f6267adf3bffadd07ad797978b4800045b
Signed-off-by: Suyeon Hwang <stom.hwang@samsung.com>

diff --git a/common/stt_defs.h b/common/stt_defs.h
index 422c33927dbd89303b3be419de7ac9723ac7cd5b..fc6a50270990b6343c80ecfe0e6d132faa320c6b 100644 (file)
--- a/common/stt_defs.h
+++ b/common/stt_defs.h
@@ -107,6 +107,7 @@ extern "C" {
 #define STT_PRIVILEGE_APPLAUNCH                        "http://tizen.org/privilege/appmanager.launch"
 
 #define STT_INVALID_UID 0
+#define STT_MAX_TYPE_LENGTH 32
 
 /******************************************************************************************
 * Defines for log tag

diff --git a/common/stt_engine.c b/common/stt_engine.c
index 9da475e5411dfcd1e153192c61e5de91329d95be..7365d6e0464d8c5f22417c16af4becd9d6b8576e 100644 (file)
--- a/common/stt_engine.c
+++ b/common/stt_engine.c
@@ -579,34 +579,44 @@ int stt_engine_get_audio_type(char** audio_type)
 {
        RETVM_IF(NULL == audio_type, STTE_ERROR_INVALID_PARAMETER, "[Engine ERROR] Invalid Parameter");
 
-       *audio_type = strdup(g_audio_type);
-
-       SLOG(LOG_INFO, TAG_STTE, "[Engine Info] get audio type(%s)", *audio_type);
+       if (NULL != g_audio_type) {
+               *audio_type = strdup(g_audio_type);
+               SLOG(LOG_INFO, TAG_STTE, "[Engine Info] get audio type(%s)", *audio_type);
+       } else {
+               SLOG(LOG_INFO, TAG_STTE, "[Engine Info] Audio type is null");
+       }
 
-       return 0;
+       return STTE_ERROR_NONE;
 }
 
 int stt_engine_set_audio_type(const char* audio_type)
 {
-       RETVM_IF(NULL == audio_type, STTE_ERROR_INVALID_PARAMETER, "[Engine ERROR] Invalid Parameter");
-
        SLOG(LOG_INFO, TAG_STTE, "[Engine Info] set audio type (%s)", audio_type);
 
+       if (NULL != g_audio_type && NULL != audio_type && 0 == strncmp(audio_type, g_audio_type, STT_MAX_TYPE_LENGTH)) {
+               SLOG(LOG_INFO, TAG_STTE, "[Engine Info] Audio type is not changed(%s)", g_audio_type);
+               return STTE_ERROR_NONE;
+       }
+
        int ret = STTE_ERROR_NONE;
-       if (NULL != g_set_audio_type_cb) {
+       if (NULL != g_set_audio_type_cb && NULL != audio_type) {
                ret = g_set_audio_type_cb(audio_type, g_set_audio_type_user_data);
-               if (0 != ret) {
+               if (STTE_ERROR_NONE != ret) {
                        SLOG(LOG_ERROR, TAG_STTE, "[Engine ERROR] Fail to set audio type, ret(%d)", ret);
                }
-               if (NULL != g_audio_type) {
-                       free(g_audio_type);
-                       g_audio_type = NULL;
-               }
-               g_audio_type = strdup(audio_type);
        } else {
                SLOG(LOG_ERROR, TAG_STTE, "[Engine ERROR] There's no set audio function)");
        }
 
+       if (NULL != g_audio_type) {
+               free(g_audio_type);
+               g_audio_type = NULL;
+       }
+
+       if (NULL != audio_type) {
+               g_audio_type = strdup(audio_type);
+       }
+
        return ret;
 }
 

diff --git a/server/sttd_engine_agent.c b/server/sttd_engine_agent.c
index 631ff484d5955e2d46436b9374cb39f223b42211..3c4c543fe2c44d2f0176ab5fee408f4535769580 100644 (file)
--- a/server/sttd_engine_agent.c
+++ b/server/sttd_engine_agent.c
@@ -1008,11 +1008,9 @@ int sttd_engine_agent_get_audio_type(char** audio_type)
 
        SLOG(LOG_INFO, TAG_STTD, "[Server Info] Get audio type");
 
-       int ret;
-       ret = stt_engine_get_audio_type(audio_type);
-       if (0 != ret) {
-               SLOG(LOG_ERROR, TAG_STTD, "[Engine Agent ERROR] get audio type error(%d)", ret);
-       }
+       int ret = stt_engine_get_audio_type(audio_type);
+       SLOG(LOG_ERROR, TAG_STTD, "[Engine Agent] get audio type(%s). ret(%d)", *audio_type, ret);
+
        return ret;
 }
 
@@ -1024,10 +1022,8 @@ int sttd_engine_agent_set_audio_type(const char* audio_type)
 
        SLOG(LOG_INFO, TAG_STTD, "[Server Info] Set audio type(%s)", audio_type);
 
-       int ret;
-       ret = stt_engine_set_audio_type(audio_type);
-       if (0 != ret) {
-               SLOG(LOG_ERROR, TAG_STTD, "[Engine Agent ERROR] set audio type error(%d)", ret);
-       }
+       int ret = stt_engine_set_audio_type(audio_type);
+       SLOG(LOG_ERROR, TAG_STTD, "[Engine Agent] set audio type(%d)", ret);
+
        return ret;
 }

diff --git a/server/sttd_recorder.c b/server/sttd_recorder.c
index 94ea0422283daaef497251aefa6fc6f3d6371c29..4b141b757504fea9da2cd2e6350c8a0ed855d7fa 100644 (file)
--- a/server/sttd_recorder.c
+++ b/server/sttd_recorder.c
@@ -134,7 +134,7 @@ static void _bt_hid_audio_data_receive_cb(bt_hid_voice_data_s *voice_data, void
                char* audio_type = NULL;
                int ret = sttd_engine_agent_get_audio_type(&audio_type);
                if (STTD_ERROR_NONE == ret) {
-                       if (0 != strncmp(audio_type, STTE_AUDIO_ID_BLUETOOTH, strlen(audio_type))) {
+                       if (NULL == audio_type || 0 != strncmp(audio_type, STTE_AUDIO_ID_BLUETOOTH, strlen(audio_type))) {
                                SLOG(LOG_INFO, TAG_STTD, "[Recorder] BT callback is not mapped with audio_type(%s)", audio_type);
                                free(audio_type);
                                return;
@@ -199,7 +199,7 @@ static void _ffv_audio_function_cb(void* data, unsigned int length, void* user_d
        char* audio_type = NULL;
        int ret = sttd_engine_agent_get_audio_type(&audio_type);
        if (STTD_ERROR_NONE == ret) {
-               if (0 != strncmp(audio_type, STTE_AUDIO_ID_FFV, strlen(audio_type))) {
+               if (NULL == audio_type || 0 != strncmp(audio_type, STTE_AUDIO_ID_FFV, strlen(audio_type))) {
                        SLOG(LOG_INFO, TAG_STTD, "[Recorder] FFV callback is not mapped with audio_type(%s)", audio_type);
                        free(audio_type);
                        return;
@@ -651,28 +651,18 @@ int sttd_recorder_start(unsigned int uid, const char* appid)
 
        char* client_audio_id = NULL;
        int ret = sttd_client_get_audio_id(uid, &client_audio_id);
-       if (STTD_ERROR_NONE != ret) {
+       if (STTD_ERROR_NONE != ret || NULL == client_audio_id) {
                SLOG(LOG_ERROR, TAG_STTD, "[Recorder ERROR] Fail to get audio id: %d", ret);
                return ret;
        }
 
-       char* engine_audio_id = NULL;
-       ret = sttd_engine_agent_get_audio_type(&engine_audio_id);
+       ret = sttd_engine_agent_set_audio_type(client_audio_id);
        if (STTD_ERROR_NONE != ret) {
                SLOG(LOG_ERROR, TAG_STTD, "[Recorder ERROR] Fail to get audio id: %d", ret);
                free(client_audio_id);
                return ret;
        }
 
-       if (0 != strncmp(client_audio_id, engine_audio_id, strlen(client_audio_id))) {
-               ret = sttd_engine_agent_set_audio_type(client_audio_id);
-               if (STTD_ERROR_NONE != ret) {
-                       SLOG(LOG_ERROR, TAG_STTD, "[Recorder ERROR] Fail to get audio id: %d", ret);
-                       free(client_audio_id);
-                       free(engine_audio_id);
-                       return ret;
-               }
-
 #ifdef TV_FFV_MODE
                if (0 == strncmp(client_audio_id, STTE_AUDIO_ID_FFV, strlen(client_audio_id))) {
                        if (NULL != g_farfieldvoice_h) {
@@ -689,12 +679,9 @@ int sttd_recorder_start(unsigned int uid, const char* appid)
                        }
                }
 #endif
-       }
 
        free(client_audio_id);
-       free(engine_audio_id);
        client_audio_id = NULL;
-       engine_audio_id = NULL;
 
 #ifndef TV_BT_MODE
        ret = -1;