core: common: Fix defects including integer overflow case

This patch fixes the following code-level defects according to static
program analysis result:

1. NONTERMINATED_STRING: Copying from string to a buffer without null
termination by calling function 'strncpy'.
2. INTEGER_OVERFLOW: Possible integer overflow.

Change-Id: Iee3ed333393fa44cd0c2f4c38431fc833898b30c
Signed-off-by: Wook Song <wook16.song@samsung.com>
Reviewed-by: Chanwoo Choi <cw00.choi@samsung.com>

diff --git a/src/core/common.c b/src/core/common.c
index 0dfc10f4bc1a894a79bb137790eb4d03ce180c2c..333c8731f95b21030b19aba4e4a9738b8660bf78 100644 (file)
--- a/src/core/common.c
+++ b/src/core/common.c
@@ -46,6 +46,9 @@ int get_cmdline_name(pid_t pid, char *cmdline, size_t cmdline_size)
        char buf[PATH_MAX + 1];
        char *filename;
 
+       if (!cmdline_size)
+               return -1;
+
        snprintf(buf, sizeof(buf), "/proc/%d/cmdline", pid);
        fd = open(buf, O_RDONLY);
        if (fd < 0) {
@@ -58,15 +61,13 @@ int get_cmdline_name(pid_t pid, char *cmdline, size_t cmdline_size)
        if (ret < 0)
                return -1;
 
-       buf[PATH_MAX] = '\0';
-
        filename = strrchr(buf, '/');
        if (filename == NULL)
                filename = buf;
        else
                filename = filename + 1;
 
-       if (cmdline_size < strlen(filename) + 1) {
+       if ((cmdline_size - 1) < strlen(filename)) {
                errno = EOVERFLOW;
                return -1;
        }
@@ -166,7 +167,7 @@ int sys_get_str(char *fname, char *str)
        char buf[BUFF_MAX] = {0};
 
        if (sys_read_buf(fname, buf) == 0) {
-               strncpy(str, buf, strlen(buf));
+               snprintf(str, strlen(buf) + 1, "%s", buf);
                return 0;
        }