Received message is at risk for corruption with previous message.

So '\0' char is added at end of tokenized message.

[Version] 0.2.40
[Profile] Common
[Issue Type] New function
[Dependency module] N/A
[Dependency commit] N/A
[Test] [M(T) - Boot=(OK), sdb=(OK), Home=(OK), Touch=(OK), Version=tizen-mobile_20161005.3]

Change-Id: I8ea1542f33bdab44c1916668101687b285234870
Signed-off-by: Haesu Gwon <haesu.gwon@samsung.com>

diff --git a/include/recorder_private.h b/include/recorder_private.h
index 6d29b75..a214032 100644 (file)
--- a/include/recorder_private.h
+++ b/include/recorder_private.h
@@ -26,8 +26,7 @@
 extern "C" {
 #endif
 
-#define RECORDER_PARSE_STRING_SIZE 30
-#define RECORDER_MSG_LENGTH_MAX    5120
+#define RECORDER_PARSED_STRING_NUM_MAX 20
 #define RECORDER_CB_TIMEOUT        5
 #define RECORDER_FILENAME_MAX      256
 
@@ -83,7 +82,7 @@ typedef struct _recorder_cb_info_s {
        /* message receive thread */
        GThread *msg_recv_thread;
        gint msg_recv_running;
-       gchar recv_msg[RECORDER_MSG_LENGTH_MAX];
+       gchar recv_msg[MUSE_RECORDER_MSG_MAX_LENGTH * RECORDER_PARSED_STRING_NUM_MAX];
        GCond api_cond[MUSE_RECORDER_API_MAX];
        GMutex api_mutex[MUSE_RECORDER_API_MAX];
        gint api_activating[MUSE_RECORDER_API_MAX];

diff --git a/packaging/capi-media-recorder.spec b/packaging/capi-media-recorder.spec
index aad428f..3a2229d 100644 (file)
--- a/packaging/capi-media-recorder.spec
+++ b/packaging/capi-media-recorder.spec
@@ -1,6 +1,6 @@
 Name:       capi-media-recorder
 Summary:    A Recorder API
-Version:    0.2.39
+Version:    0.2.40
 Release:    0
 Group:      Multimedia/API
 License:    Apache-2.0

diff --git a/src/recorder.c b/src/recorder.c
index 869ccd1..d92643f 100644 (file)
--- a/src/recorder.c
+++ b/src/recorder.c
@@ -791,6 +791,7 @@ static void *_recorder_msg_recv_func(gpointer data)
        int num_token = 0;
        int str_pos = 0;
        int prev_pos = 0;
+       int msg_length = 0;
        char *recv_msg = NULL;
        char *error_msg = NULL;
        char **parse_str = NULL;
@@ -803,13 +804,13 @@ static void *_recorder_msg_recv_func(gpointer data)
 
        LOGD("start");
 
-       parse_str = (char **)malloc(sizeof(char *) * RECORDER_PARSE_STRING_SIZE);
+       parse_str = (char **)malloc(sizeof(char *) * RECORDER_PARSED_STRING_NUM_MAX);
        if (parse_str == NULL) {
                LOGE("parse_str malloc failed");
                return NULL;
        }
 
-       for (i = 0 ; i < RECORDER_PARSE_STRING_SIZE ; i++) {
+       for (i = 0 ; i < RECORDER_PARSED_STRING_NUM_MAX ; i++) {
                parse_str[i] = (char *)malloc(sizeof(char) * MUSE_RECORDER_MSG_MAX_LENGTH);
                if (parse_str[i] == NULL) {
                        LOGE("parse_str[%d] malloc failed", i);
@@ -836,13 +837,26 @@ static void *_recorder_msg_recv_func(gpointer data)
                /*LOGD("recvMSg : %s, length : %d", recv_msg, ret);*/
 
                /* Need to split the combined entering msgs.
-                   This module supports up to 200 combined msgs. */
+                   This module supports up to 20 combined msgs. */
                for (str_pos = 0; str_pos < ret; str_pos++) {
                        if (recv_msg[str_pos] == '}') {
-                               strncpy(parse_str[num_token], recv_msg + prev_pos, str_pos - prev_pos + 1);
-                               /*LOGD("splitted msg : [%s], Index : %d", parse_str[num_token], num_token);*/
-                               prev_pos = str_pos+1;
-                               num_token++;
+                               msg_length = str_pos - prev_pos + 1;
+
+                               if (msg_length < MUSE_RECORDER_MSG_MAX_LENGTH) {
+                                       strncpy(parse_str[num_token], recv_msg + prev_pos, msg_length);
+                                       parse_str[num_token][msg_length] = '\0';
+                                       num_token++;
+                                       /*LOGD("splitted msg : [%s], Index : %d", parse_str[num_token], num_token);*/
+                               } else {
+                                       LOGW("too long message : length %d [%s]", msg_length, recv_msg + prev_pos);
+                               }
+
+                               prev_pos = str_pos + 1;
+
+                               if (num_token >= RECORDER_PARSED_STRING_NUM_MAX) {
+                                       LOGE("There's too many tokens. Remained msg : %s", recv_msg[++str_pos]);
+                                       break;
+                               }
                        }
                }
 
@@ -850,7 +864,7 @@ static void *_recorder_msg_recv_func(gpointer data)
 
                /* Re-construct to the useful single msg. */
                for (i = 0; i < num_token; i++) {
-                       if (i >= RECORDER_PARSE_STRING_SIZE) {
+                       if (i >= RECORDER_PARSED_STRING_NUM_MAX) {
                                LOGE("invalid token index %d", i);
                                break;
                        }
@@ -955,7 +969,7 @@ static void *_recorder_msg_recv_func(gpointer data)
 
 CB_HANDLER_EXIT:
        if (parse_str) {
-               for (i = 0 ; i < RECORDER_PARSE_STRING_SIZE ; i++) {
+               for (i = 0 ; i < RECORDER_PARSED_STRING_NUM_MAX ; i++) {
                        if (parse_str[i]) {
                                free(parse_str[i]);
                                parse_str[i] = NULL;