Heap corruption fixed

Change-Id: I4b0f613ddc9bd7d516f8193733d4d089df2bbb79
Signed-off-by: Sudipto <sudipto.bal@samsung.com>

diff --git a/src/client/sensor_listener.cpp b/src/client/sensor_listener.cpp
index f20c3d1b2d3a2a9db12e4b458dfe10b555eb6b17..96a70764d79b2eeb955f32387557ea250d4e2d91 100644 (file)
--- a/src/client/sensor_listener.cpp
+++ b/src/client/sensor_listener.cpp
@@ -399,7 +399,7 @@ int sensor_listener::set_attribute(int attribute, const char *value, int len)
        buf->listener_id = m_id;
        buf->attribute = attribute;
 
-       memcpy(buf->value, value, len);
+       memcpy(&buf->value, value, len);
        buf->len = len;
 
        msg.enclose((char *)buf, size);

diff --git a/src/server/server_channel_handler.cpp b/src/server/server_channel_handler.cpp
index 149c32e275c7c4fbfa1dedb7ebb8747398be92b8..a62b75bd9696565788e2928ee58d8118e59fa80f 100644 (file)
--- a/src/server/server_channel_handler.cpp
+++ b/src/server/server_channel_handler.cpp
@@ -265,7 +265,7 @@ int server_channel_handler::listener_attr_str(channel *ch, message &msg)
                return -EACCES;
        }
 
-       int ret = m_listeners[id]->set_attribute(buf->attribute, buf->value, buf->len);
+       int ret = m_listeners[id]->set_attribute(buf->attribute, (char *)&buf->value, buf->len);
        if (ret < 0) {
                delete [] buf;
                return ret;

diff --git a/src/shared/command_types.h b/src/shared/command_types.h
index d28107da783fccbaaf2cff6034b4dee3e499e4bf..34cb5fc1f1b823ca5164ff8d5006f53d5e6fb79f 100644 (file)
--- a/src/shared/command_types.h
+++ b/src/shared/command_types.h
@@ -88,7 +88,7 @@ typedef struct  {
        int listener_id;
        int attribute;
        int len;
-       char *value;
+       char value[0];
 } cmd_listener_attr_str_t;
 
 typedef struct {