Fix svace defects

Change-Id: I8777be6887041dfcb3d31fc4640a1af8fa6b5590
Signed-off-by: Minje Ahn <minje.ahn@samsung.com>

diff --git a/test/metadata_editor_test.c b/test/metadata_editor_test.c
index 76ad7e6d6e4824f699c9c1980239a4494301cf06..1f84eb3e4e06c9ac96370a880df3cf96e4abaec8 100755 (executable)
--- a/test/metadata_editor_test.c
+++ b/test/metadata_editor_test.c
@@ -18,10 +18,12 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <limits.h>
 
 #include <metadata_editor.h>
 
 #define SAFE_FREE(src)         { if (src) {free(src); src = NULL; } }
+#define FILE_NAME_SIZE 30
 
 int dummy;
 
@@ -32,6 +34,32 @@ static bool __write_tag_info(metadata_editor_h metadata);
 static bool __add_picture(metadata_editor_h metadata);
 static bool __delete_pictures(metadata_editor_h metadata);
 
+
+static int __safe_atoi(char *buffer, int *si)
+{
+       char *end = NULL;
+       errno = 0;
+       if (buffer == NULL || si == NULL)
+               return METADATA_EDITOR_ERROR_INVALID_PARAMETER;
+
+       const long sl = strtol(buffer, &end, 10);
+
+       if (end == buffer)
+               return METADATA_EDITOR_ERROR_INVALID_PARAMETER;
+       if ('\0' != *end)
+               return METADATA_EDITOR_ERROR_INVALID_PARAMETER;
+       if ((LONG_MIN == sl || LONG_MAX == sl) && (ERANGE == errno))
+               return METADATA_EDITOR_ERROR_INVALID_PARAMETER;
+       if (sl > INT_MAX)
+               return METADATA_EDITOR_ERROR_INVALID_PARAMETER;
+       if (sl < INT_MIN)
+               return METADATA_EDITOR_ERROR_INVALID_PARAMETER;
+
+       *si = (int)sl;
+
+       return METADATA_EDITOR_ERROR_NONE;
+}
+
 void __flush()
 {
        int c;
@@ -131,19 +159,27 @@ static bool __get_tag_info(metadata_editor_h metadata)
 #endif
                if (ret != METADATA_EDITOR_ERROR_NONE)          printf("Fail metadata_editor_get_metadata() at line [%d]\n", __LINE__);
                else if ((ret == METADATA_EDITOR_ERROR_NONE) && picture_index) {
-                       uint num, i;
-                       num = atoi(picture_index);
+                       int num = 0, i;
+                       ret = __safe_atoi(picture_index, &num);
+                       if (ret != METADATA_EDITOR_ERROR_NONE || num < 0)
+                               return true;
+
                        printf("Number of pictures: %u\n", num);
+
                        for (i = 0; i < num; ++i) {
                                ret = metadata_editor_get_picture(metadata, i, &picture, &picture_size, &picture_type);
                                /*__printRetValue("metadata_editor_get_picture(...)", ret); */
                                if (ret == METADATA_EDITOR_ERROR_NONE && picture) {
                                        printf("Saving picture number %u\n", i);
-                                       int size = 30;
-                                       char picture_file_name[size];
-                                       snprintf(picture_file_name, size, "outputFile_%u" , i + 1);
-                                       if (strncmp(picture_type, "image/jpeg", strlen("image/jpeg")) == 0)             strncat(picture_file_name, ".jpg", strlen(".jpg"));
-                                       else if (strncmp(picture_type, "image/png", strlen("image/jpeg")) == 0) strncat(picture_file_name, ".png", strlen(".png"));
+                                       char picture_file_name[FILE_NAME_SIZE] = {0, };
+
+                                       memset(picture_file_name, 0, sizeof(picture_file_name));
+
+                                       if (strncmp(picture_type, "image/jpeg", strlen("image/jpeg")) == 0)
+                                               snprintf(picture_file_name, FILE_NAME_SIZE, "outputFile_%u.jpg", i + 1);
+                                       else if (strncmp(picture_type, "image/png", strlen("image/png")) == 0)
+                                               snprintf(picture_file_name, FILE_NAME_SIZE, "outputFile_%u.png", i + 1);
+
                                        FILE *fout = fopen(picture_file_name, "wb");
                                        if (fout) {
                                                fwrite(picture, picture_size, 1, fout);