Fix null pointer access issue when check audio_id

- Issue:
The first time to start recording, the engine can get null audio_id from
stt engine module, if the engine app did not set audio id.

- Solution:
Because of the order of calling setter and getter of audio id, getter
can provide null pointer as audio id, but the implementation does not
check it. Thus, this patch adds null pointer checker and fix some logic
to prevent crash by accessing null pointer.

Change-Id: Id68f17f6267adf3bffadd07ad797978b4800045b
Signed-off-by: Suyeon Hwang <stom.hwang@samsung.com>

diff --git a/common/stt_defs.h b/common/stt_defs.h
index 422c339..fc6a502 100644 (file)
--- a/common/stt_defs.h
+++ b/common/stt_defs.h
@@ -107,6 +107,7 @@ extern "C" {
 #define STT_PRIVILEGE_APPLAUNCH                        "http://tizen.org/privilege/appmanager.launch"
 
 #define STT_INVALID_UID 0
+#define STT_MAX_TYPE_LENGTH 32
 
 /******************************************************************************************
 * Defines for log tag

diff --git a/common/stt_engine.c b/common/stt_engine.c
index 9da475e..7365d6e 100644 (file)
--- a/common/stt_engine.c
+++ b/common/stt_engine.c
@@ -579,34 +579,44 @@ int stt_engine_get_audio_type(char** audio_type)
 {
        RETVM_IF(NULL == audio_type, STTE_ERROR_INVALID_PARAMETER, "[Engine ERROR] Invalid Parameter");
 
-       *audio_type = strdup(g_audio_type);
-
-       SLOG(LOG_INFO, TAG_STTE, "[Engine Info] get audio type(%s)", *audio_type);
+       if (NULL != g_audio_type) {
+               *audio_type = strdup(g_audio_type);
+               SLOG(LOG_INFO, TAG_STTE, "[Engine Info] get audio type(%s)", *audio_type);
+       } else {
+               SLOG(LOG_INFO, TAG_STTE, "[Engine Info] Audio type is null");
+       }
 
-       return 0;
+       return STTE_ERROR_NONE;
 }
 
 int stt_engine_set_audio_type(const char* audio_type)
 {
-       RETVM_IF(NULL == audio_type, STTE_ERROR_INVALID_PARAMETER, "[Engine ERROR] Invalid Parameter");
-
        SLOG(LOG_INFO, TAG_STTE, "[Engine Info] set audio type (%s)", audio_type);
 
+       if (NULL != g_audio_type && NULL != audio_type && 0 == strncmp(audio_type, g_audio_type, STT_MAX_TYPE_LENGTH)) {
+               SLOG(LOG_INFO, TAG_STTE, "[Engine Info] Audio type is not changed(%s)", g_audio_type);
+               return STTE_ERROR_NONE;
+       }
+
        int ret = STTE_ERROR_NONE;
-       if (NULL != g_set_audio_type_cb) {
+       if (NULL != g_set_audio_type_cb && NULL != audio_type) {
                ret = g_set_audio_type_cb(audio_type, g_set_audio_type_user_data);
-               if (0 != ret) {
+               if (STTE_ERROR_NONE != ret) {
                        SLOG(LOG_ERROR, TAG_STTE, "[Engine ERROR] Fail to set audio type, ret(%d)", ret);
                }
-               if (NULL != g_audio_type) {
-                       free(g_audio_type);
-                       g_audio_type = NULL;
-               }
-               g_audio_type = strdup(audio_type);
        } else {
                SLOG(LOG_ERROR, TAG_STTE, "[Engine ERROR] There's no set audio function)");
        }
 
+       if (NULL != g_audio_type) {
+               free(g_audio_type);
+               g_audio_type = NULL;
+       }
+
+       if (NULL != audio_type) {
+               g_audio_type = strdup(audio_type);
+       }
+
        return ret;
 }
 

diff --git a/server/sttd_engine_agent.c b/server/sttd_engine_agent.c
index 631ff48..3c4c543 100644 (file)
--- a/server/sttd_engine_agent.c
+++ b/server/sttd_engine_agent.c
@@ -1008,11 +1008,9 @@ int sttd_engine_agent_get_audio_type(char** audio_type)
 
        SLOG(LOG_INFO, TAG_STTD, "[Server Info] Get audio type");
 
-       int ret;
-       ret = stt_engine_get_audio_type(audio_type);
-       if (0 != ret) {
-               SLOG(LOG_ERROR, TAG_STTD, "[Engine Agent ERROR] get audio type error(%d)", ret);
-       }
+       int ret = stt_engine_get_audio_type(audio_type);
+       SLOG(LOG_ERROR, TAG_STTD, "[Engine Agent] get audio type(%s). ret(%d)", *audio_type, ret);
+
        return ret;
 }
 
@@ -1024,10 +1022,8 @@ int sttd_engine_agent_set_audio_type(const char* audio_type)
 
        SLOG(LOG_INFO, TAG_STTD, "[Server Info] Set audio type(%s)", audio_type);
 
-       int ret;
-       ret = stt_engine_set_audio_type(audio_type);
-       if (0 != ret) {
-               SLOG(LOG_ERROR, TAG_STTD, "[Engine Agent ERROR] set audio type error(%d)", ret);
-       }
+       int ret = stt_engine_set_audio_type(audio_type);
+       SLOG(LOG_ERROR, TAG_STTD, "[Engine Agent] set audio type(%d)", ret);
+
        return ret;
 }

diff --git a/server/sttd_recorder.c b/server/sttd_recorder.c
index 94ea042..4b141b7 100644 (file)
--- a/server/sttd_recorder.c
+++ b/server/sttd_recorder.c
@@ -134,7 +134,7 @@ static void _bt_hid_audio_data_receive_cb(bt_hid_voice_data_s *voice_data, void
                char* audio_type = NULL;
                int ret = sttd_engine_agent_get_audio_type(&audio_type);
                if (STTD_ERROR_NONE == ret) {
-                       if (0 != strncmp(audio_type, STTE_AUDIO_ID_BLUETOOTH, strlen(audio_type))) {
+                       if (NULL == audio_type || 0 != strncmp(audio_type, STTE_AUDIO_ID_BLUETOOTH, strlen(audio_type))) {
                                SLOG(LOG_INFO, TAG_STTD, "[Recorder] BT callback is not mapped with audio_type(%s)", audio_type);
                                free(audio_type);
                                return;
@@ -199,7 +199,7 @@ static void _ffv_audio_function_cb(void* data, unsigned int length, void* user_d
        char* audio_type = NULL;
        int ret = sttd_engine_agent_get_audio_type(&audio_type);
        if (STTD_ERROR_NONE == ret) {
-               if (0 != strncmp(audio_type, STTE_AUDIO_ID_FFV, strlen(audio_type))) {
+               if (NULL == audio_type || 0 != strncmp(audio_type, STTE_AUDIO_ID_FFV, strlen(audio_type))) {
                        SLOG(LOG_INFO, TAG_STTD, "[Recorder] FFV callback is not mapped with audio_type(%s)", audio_type);
                        free(audio_type);
                        return;
@@ -651,28 +651,18 @@ int sttd_recorder_start(unsigned int uid, const char* appid)
 
        char* client_audio_id = NULL;
        int ret = sttd_client_get_audio_id(uid, &client_audio_id);
-       if (STTD_ERROR_NONE != ret) {
+       if (STTD_ERROR_NONE != ret || NULL == client_audio_id) {
                SLOG(LOG_ERROR, TAG_STTD, "[Recorder ERROR] Fail to get audio id: %d", ret);
                return ret;
        }
 
-       char* engine_audio_id = NULL;
-       ret = sttd_engine_agent_get_audio_type(&engine_audio_id);
+       ret = sttd_engine_agent_set_audio_type(client_audio_id);
        if (STTD_ERROR_NONE != ret) {
                SLOG(LOG_ERROR, TAG_STTD, "[Recorder ERROR] Fail to get audio id: %d", ret);
                free(client_audio_id);
                return ret;
        }
 
-       if (0 != strncmp(client_audio_id, engine_audio_id, strlen(client_audio_id))) {
-               ret = sttd_engine_agent_set_audio_type(client_audio_id);
-               if (STTD_ERROR_NONE != ret) {
-                       SLOG(LOG_ERROR, TAG_STTD, "[Recorder ERROR] Fail to get audio id: %d", ret);
-                       free(client_audio_id);
-                       free(engine_audio_id);
-                       return ret;
-               }
-
 #ifdef TV_FFV_MODE
                if (0 == strncmp(client_audio_id, STTE_AUDIO_ID_FFV, strlen(client_audio_id))) {
                        if (NULL != g_farfieldvoice_h) {
@@ -689,12 +679,9 @@ int sttd_recorder_start(unsigned int uid, const char* appid)
                        }
                }
 #endif
-       }
 
        free(client_audio_id);
-       free(engine_audio_id);
        client_audio_id = NULL;
-       engine_audio_id = NULL;
 
 #ifndef TV_BT_MODE
        ret = -1;