Fix svace and coverity issue

- check if failed strtoul
- change atoi to strtol and check round bound with __INT_MAX__
- add null checking with strtok_r return value

Change-Id: Ie612cd49dba87785fedc895334df68e7cfc75913

diff --git a/ss_engine/SS_UPI.c b/ss_engine/SS_UPI.c
index 9fcbcff..935906e 100755 (executable)
--- a/ss_engine/SS_UPI.c
+++ b/ss_engine/SS_UPI.c
@@ -239,12 +239,12 @@ long SS_GetUPIVersion(unsigned char *ver_str)
                return E_SS_FAILURE;
 }
 
-int SS_CalculateFileSha(char *filename, int filesize, FileInfo * file)
+int SS_CalculateFileSha(char *filename, long int filesize, FileInfo * file)
 {
 
        FILE *fp = NULL;
        int ulResult = S_SS_SUCCESS;
-       int chunk = 20*1024*1024;
+       long int chunk = 20*1024*1024;
        char buf[256];
 
        fp = fopen(filename, "rb");
@@ -312,7 +312,7 @@ int SS_verify_DELTA_image(char *filename)
        uint8_t target_sha1[SHA_DIGEST_SIZE] = { 0, };
        char cmd[512] = { 0, };
        char buf[256];
-       int udelta_size = 0;
+       long int udelta_size = 0;
        int ulResult = S_SS_SUCCESS;
 
        if (stat(filename, &file.st) != 0) {
@@ -350,10 +350,20 @@ int SS_verify_DELTA_image(char *filename)
        sha1trg = strtok_r(NULL, SS_TOEKN_COLON, &saveptr);
 
        if (signature && sha1trg && delta_size) {
-               udelta_size = atoi(delta_size);
-       if (udelta_size < 0)
-                               LOGE("Invalid udelta_size %d (%s)\n", udelta_size, delta_size);
-               LOGL(LOG_SSENGINE, "delta_size %d sha1trg %s\n", udelta_size, sha1trg);
+               udelta_size = strtol(delta_size, NULL, 10);
+
+               if (udelta_size <= 0) {
+                       LOGE("Invalid udelta_size %ld (%s)\n", udelta_size, delta_size);
+                       ulResult = E_SS_FAILURE;
+                       goto Cleanup;
+               }
+               else if (udelta_size >= __INT_MAX__) {
+                       LOGE("Too big udelta_size %ld (%s)\n", udelta_size, delta_size);
+                       ulResult = E_SS_FAILURE;
+                       goto Cleanup;
+               }
+
+               LOGL(LOG_SSENGINE, "delta_size %ld sha1trg %s\n", udelta_size, sha1trg);
        } else {
                LOGE("Could not parse signature [%s]\n", line);
                ulResult = E_SS_FAILURE;
@@ -1046,6 +1056,10 @@ SYM:NEW:system/lib/firmware/vbc_eq:/opt/system/vbc_eq
 
                        change_type = strtok_r(line, SS_TOEKN_COLON, &saveptr);
                        file_type = strtok_r(NULL, SS_TOEKN_COLON, &saveptr);
+                       if (!file_type) {
+                               LOGE("Unexpected null in strtok_r");
+                               goto CleanUp;
+                       }
 
                        if (change_type && strcmp(change_type, SS_STRING_MOVE) == 0) {   // && strcmp(file_type,"TPK") == 0){
                                source_name = strtok_r(NULL, SS_TOEKN_COLON, &saveptr);
@@ -1065,9 +1079,10 @@ SYM:NEW:system/lib/firmware/vbc_eq:/opt/system/vbc_eq
                                                                  ua_dataSS->update_delta->ua_patch_path);
                                if (retval == E_SS_FAILURE)      // ONLY test purpose, should enable this
                                        goto CleanUp;
-               if (ua_dataSS->ua_operation == UI_OP_SCOUT) {
-                               SS_UpdateUIProgress(ua_dataSS, ulPatchCount, 0);
-               }
+
+                               if (ua_dataSS->ua_operation == UI_OP_SCOUT) {
+                                       SS_UpdateUIProgress(ua_dataSS, ulPatchCount, 0);
+                               }
                        } else if (change_type && strcmp(change_type, SS_STRING_DIFF) == 0) {     // && strcmp(file_type,"TPK") == 0){
                                source_name = strtok_r(NULL, SS_TOEKN_COLON, &saveptr);
                                target_name = strtok_r(NULL, SS_TOEKN_COLON, &saveptr);
@@ -1088,9 +1103,10 @@ SYM:NEW:system/lib/firmware/vbc_eq:/opt/system/vbc_eq
                                        LOGE("File Name length Limitation Error File:[%s]\n", patch_name);
                                        goto CleanUp;
                                }
-               if (ua_dataSS->ua_operation == UI_OP_SCOUT) {
-                               SS_UpdateUIProgress(ua_dataSS, ulPatchCount, 0);
-               }
+
+                               if (ua_dataSS->ua_operation == UI_OP_SCOUT) {
+                                       SS_UpdateUIProgress(ua_dataSS, ulPatchCount, 0);
+                               }
                        } else {
                                SS_SetUpgradeState(E_SS_FSFAILEDTOPARSEDELTAINFO);
                                LOGE("Patch Name format Error File\n");
@@ -1116,6 +1132,10 @@ SYM:NEW:system/lib/firmware/vbc_eq:/opt/system/vbc_eq
                        }
 
                        change_type = strtok_r(line, SS_TOEKN_COLON, &saveptr);
+                       if (!change_type) {
+                               LOGE("Unexpected null in strtok_r");
+                               goto CleanUp;
+                       }
                        file_type = strtok_r(NULL, SS_TOEKN_COLON, &saveptr);
 
                        if (file_type && strcmp(file_type, SS_STRING_REG) == 0) {

diff --git a/ss_engine/fota_tar.c b/ss_engine/fota_tar.c
index 1ec4aae..4bb27df 100755 (executable)
--- a/ss_engine/fota_tar.c
+++ b/ss_engine/fota_tar.c
@@ -775,6 +775,10 @@ int tar_get_folder_size(char *tar, char *item)
                        LOG("size too big. (size_dec=0x%08X)\n", (unsigned int)size_dec);
                        ret = -1;
                        break;
+               } else if (size_dec == 0) {
+                       LOG("strtoul failed, size_oct is %s\n", size_oct);
+                       ret = -1;
+                       break;
                }
 
                /* check if the file is what we are looking for */