Add parameter to check buffer length

[Version] 0.3.47
[Profile] Common
[Issue Type] Bug fix
[Dependency module] capi-media-camera, capi-media-player, capi-media-recorder
[Test] [M(T) - Boot=(OK), sdb=(OK), Home=(OK), Touch=(OK), Version=tizen-unified_20180818.1]

Change-Id: I362dad469e259f963076f01928fb25656c5fdf1b
Signed-off-by: Jeongmo Yang <jm80.yang@samsung.com>

diff --git a/core/include/muse_core.h b/core/include/muse_core.h
index f8a2a20..9e59493 100644 (file)
--- a/core/include/muse_core.h
+++ b/core/include/muse_core.h
@@ -101,9 +101,9 @@ void muse_core_fd_close(int fd);
 
 /* message */
 int muse_core_msg_send(int sock_fd, const char *msg);
-int muse_core_msg_recv(int sock_fd, char *msg);
+int muse_core_msg_recv(int sock_fd, char *msg, int msg_len);
 int muse_core_msg_send_fd(int sock_fd, int *fds, const char *buf);
-int muse_core_msg_recv_fd(int sock_fd, char *buf, int *out_fd);
+int muse_core_msg_recv_fd(int sock_fd, char *buf, int buf_len, int *out_fd);
 char *muse_core_msg_new(int api, ...);
 bool muse_core_msg_deserialize(const char *key, char *buf, int *parse_len, muse_core_msg_parse_err_e *err, muse_core_msg_type_e m_type, void *data);
 void muse_core_msg_free(char *msg);

diff --git a/core/src/muse_core.c b/core/src/muse_core.c
index 0dd0a81..7f4635e 100644 (file)
--- a/core/src/muse_core.c
+++ b/core/src/muse_core.c
@@ -389,16 +389,15 @@ _MSG_SEND_DONE:
        return ret;
 }
 
-int muse_core_msg_recv(int sock_fd, char *msg)
+int muse_core_msg_recv(int sock_fd, char *msg, int msg_len)
 {
        g_return_val_if_fail(msg, MM_ERROR_INVALID_ARGUMENT);
-       return muse_core_msg_recv_fd(sock_fd, msg, NULL);
+       return muse_core_msg_recv_fd(sock_fd, msg, msg_len, NULL);
 }
 
-int muse_core_msg_recv_fd(int sock_fd, char *buf, int *out_fd)
+int muse_core_msg_recv_fd(int sock_fd, char *buf, int buf_len, int *out_fd)
 {
        int ret = 0;
-       int buf_len = 0;
        int pid;
        struct cmsghdr *cptr;
        struct msghdr msg;
@@ -418,9 +417,6 @@ int muse_core_msg_recv_fd(int sock_fd, char *buf, int *out_fd)
                return RECV_FAIL;
        }
 
-       while (!buf[buf_len] && buf_len < MUSE_MSG_MAX_LENGTH)
-               buf_len++;
-
        if (buf_len < msg_info.size && buf_len != 0) {
                LOGE("stack overflow caution !! [recv buf's length (%d) must be larger than msg' length (%d)", buf_len, msg_info.size);
                return RECV_FAIL;

diff --git a/packaging/mused.spec b/packaging/mused.spec
index fc85535..4164c8c 100644 (file)
--- a/packaging/mused.spec
+++ b/packaging/mused.spec
@@ -1,6 +1,6 @@
 Name:       mused
 Summary:    A multimedia daemon
-Version:    0.3.46
+Version:    0.3.47
 Release:    0
 Group:      System/Libraries
 License:    Apache-2.0

diff --git a/server/src/muse_server_ipc.c b/server/src/muse_server_ipc.c
index e61a0e7..914ac8a 100644 (file)
--- a/server/src/muse_server_ipc.c
+++ b/server/src/muse_server_ipc.c
@@ -100,7 +100,7 @@ static gpointer _ms_ipc_dispatch_worker(gpointer data)
 
        while (1) {
                memset(m->recv_msg, 0x00, sizeof(m->recv_msg));
-               len = muse_core_msg_recv_fd(fd, m->recv_msg, tbm_fd);
+               len = muse_core_msg_recv_fd(fd, m->recv_msg, MUSE_MSG_MAX_LENGTH, tbm_fd);
                if (len <= 0) {
                        strerror_r(errno, err_msg, MUSE_MSG_LEN_MAX);
                        LOGE("[%s] [%d] recv : %s (%d)", ms_config_get_host(m->idx), fd, err_msg, errno);

diff --git a/server/src/muse_server_private.c b/server/src/muse_server_private.c
index fca9e55..9df791a 100644 (file)
--- a/server/src/muse_server_private.c
+++ b/server/src/muse_server_private.c
@@ -230,7 +230,7 @@ static void _ms_get_module_addr(int fd, intptr_t *module_addr)
        char recv_buf[MUSE_MSG_LEN_MAX] = {'\0',};
 
        do {
-               if (muse_core_msg_recv_fd(fd, recv_buf, NULL) <= 0) {
+               if (muse_core_msg_recv_fd(fd, recv_buf, MUSE_MSG_LEN_MAX, NULL) <= 0) {
                        strerror_r(errno, err_msg, MUSE_MSG_LEN_MAX);
                        LOGE("failed to receive message for module %s", err_msg);
                        return;