tbm_drm_helper: fix Svace TAINTED_INT defect

This patch fixes Svace TAINTED_INT defect.

Change-Id: I88e06bbdb020ee2cae621decb1560d6cb1e4d95a
Signed-off-by: YoungJun Cho <yj44.cho@samsung.com>

diff --git a/src/tbm_bufmgr.c b/src/tbm_bufmgr.c
index 7d6f36a..bef7660 100644 (file)
--- a/src/tbm_bufmgr.c
+++ b/src/tbm_bufmgr.c
@@ -36,6 +36,8 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #include "tbm_bufmgr_backend.h"
 #include "list.h"
 
+#include <sys/resource.h>
+
 #ifdef DEBUG
 int bDebug;
 #endif
@@ -1710,3 +1712,14 @@ tbm_bufmgr_bind_native_display(tbm_bufmgr bufmgr, void *NativeDisplay)
        return 1;
 }
 /* LCOV_EXCL_STOP */
+
+int tbm_bufmgr_get_fd_limit(void)
+{
+       struct rlimit lim;
+
+       if (getrlimit(RLIMIT_NOFILE, &lim))
+               return 1024;
+
+       return (int)lim.rlim_cur;
+}
+

diff --git a/src/tbm_bufmgr_int.h b/src/tbm_bufmgr_int.h
index b6fcf7d..57b73bc 100644 (file)
--- a/src/tbm_bufmgr_int.h
+++ b/src/tbm_bufmgr_int.h
@@ -336,4 +336,5 @@ tbm_user_data *user_data_create(unsigned long key,
                                tbm_data_free data_free_func);
 void user_data_delete(tbm_user_data *user_data);
 
+int tbm_bufmgr_get_fd_limit(void);
 #endif                                                 /* _TBM_BUFMGR_INT_H_ */

diff --git a/src/tbm_drm_helper_client.c b/src/tbm_drm_helper_client.c
index 10828be..7980e1e 100644 (file)
--- a/src/tbm_drm_helper_client.c
+++ b/src/tbm_drm_helper_client.c
@@ -247,8 +247,9 @@ tbm_drm_helper_get_fd(void)
                TBM_LOG_E("%ld less than INT_MIN\n", sl);
                return -1;
        } else {
+               int fd_max = tbm_bufmgr_get_fd_limit();
                fd = (int)sl;
-               if (fd < 0) {
+               if (fd < 0 || fd > fd_max) {
                        TBM_LOG_E("%d out of fd range\n", fd);
                        return -1;
                }

diff --git a/src/tbm_drm_helper_server.c b/src/tbm_drm_helper_server.c
index baa18d1..c96d6a7 100644 (file)
--- a/src/tbm_drm_helper_server.c
+++ b/src/tbm_drm_helper_server.c
@@ -325,8 +325,9 @@ tbm_drm_helper_get_master_fd(void)
                TBM_LOG_E("%ld less than INT_MIN\n", sl);
                return -1;
        } else {
+               int fd_max = tbm_bufmgr_get_fd_limit();
                fd = (int)sl;
-               if (fd < 0) {
+               if (fd < 0 || fd > fd_max) {
                        TBM_LOG_E("%d out of fd range\n", fd);
                        return -1;
                }