Fix defect 08/61008/1 accepted/tizen/common/20160304.195128 accepted/tizen/ivi/20160305.091906 accepted/tizen/mobile/20160305.091819 accepted/tizen/tv/20160305.091834 accepted/tizen/wearable/20160305.091851 submit/tizen/20160304.005000
authorHyunho Kang <hhstark.kang@samsung.com>
Thu, 3 Mar 2016 08:20:57 +0000 (17:20 +0900)
committerHyunho Kang <hhstark.kang@samsung.com>
Thu, 3 Mar 2016 08:28:02 +0000 (17:28 +0900)
- Memory leak
- Tainted int
- Fall through

Change-Id: I808e9f0fe38f8cbd2181bfaadce84b87b7027c95
Signed-off-by: Hyunho Kang <hhstark.kang@samsung.com>
src/data-control-map.c
src/data-control-provider.c
src/data-control-sql.c

index 31581629411b8a6c2fc39e174c1d22c80b0e5400..cb1036add2f3b98fbf4321d2a3fd3acf87853221 100755 (executable)
@@ -333,6 +333,14 @@ static gboolean __recv_map_message(GIOChannel *channel,
                GIOCondition cond,
                gpointer data)
 {
+       char *buf = NULL;
+       int nbytes;
+       guint nb;
+       int request_type = 0;
+       const char *request_code = NULL;
+       const char *p = NULL;
+       int request_id = -1;
+       bundle *kb = NULL;
        gint fd = g_io_channel_unix_get_fd(channel);
        LOGI("__recv_map_message: ...from %d:%s%s%s%s\n", fd,
                        (cond & G_IO_ERR) ? " ERR" : "",
@@ -344,13 +352,6 @@ static gboolean __recv_map_message(GIOChannel *channel,
                goto error;
 
        if (cond & G_IO_IN) {
-               char *buf;
-               int nbytes;
-               guint nb;
-               int request_type = 0;
-               const char *request_code = NULL;
-               const char *p = NULL;
-               int request_id = -1;
 
                if (_read_socket(fd, (char *)&nbytes, sizeof(nbytes), &nb)) {
                        LOGE("Fail to read nbytes from socket");
@@ -365,7 +366,6 @@ static gboolean __recv_map_message(GIOChannel *channel,
 
                LOGI("__recv_map_message: ...from %d: %d bytes\n", fd, nbytes);
                if (nbytes > 0) {
-                       bundle *kb = NULL;
 
                        buf = (char *) calloc(nbytes + 1, sizeof(char));
                        if (buf == NULL) {
@@ -373,20 +373,17 @@ static gboolean __recv_map_message(GIOChannel *channel,
                                goto error;
                        }
                        if (_read_socket(fd, buf, nbytes, &nb)) {
-                               free(buf);
                                LOGE("Fail to read buf from socket");
                                goto error;
                        }
 
                        if (nb == 0) {
-                               free(buf);
                                LOGE("__recv_map_message: ...from %d: socket closed\n", fd);
                                goto error;
                        }
 
                        kb = bundle_decode_raw((bundle_raw *)buf, nbytes);
                        if (kb == NULL) {
-                               free(buf);
                                LOGE("__recv_map_message: Unable to decode the bundle\n");
                                goto error;
                        }
@@ -407,31 +404,32 @@ static gboolean __recv_map_message(GIOChannel *channel,
                                request_code = bundle_get_val(kb, OSP_K_DATACONTROL_REQUEST_TYPE);
                                if (!request_code) {
                                        LOGE("Invalid Bundle: data-control request type is null");
-                                       free(buf);
-                                       bundle_free(kb);
                                        goto error;
                                }
                                request_type = atoi(request_code);
 
-                               if (__map_handle_cb(fd, kb, request_type, request_id, 0, data) != DATACONTROL_ERROR_NONE) {
-                                       free(buf);
-                                       bundle_free(kb);
+                               if (__map_handle_cb(fd, kb, request_type, request_id, 0, data) != DATACONTROL_ERROR_NONE)
                                        goto error;
-                               }
 
                        } else {
                                LOGE("error: listener information is null");
-                               free(buf);
-                               bundle_free(kb);
                                goto error;
                        }
                        __remove_map_request_info(request_id, data);
-                       free(buf);
-                       bundle_free(kb);
+
+                       if (kb)
+                               bundle_free(kb);
+                       if (buf)
+                               free(buf);
                }
        }
        return TRUE;
 error:
+       if (kb)
+               bundle_free(kb);
+       if (buf)
+               free(buf);
+
        if (((map_response_cb_s *)data) != NULL) {
 
                map_response_cb_s *map_dc = (map_response_cb_s *)data;
index 15b14104b14caf535a1142296ba347a355d7e154..5e3a80952c8eb6781a74d16f816bbec28c0b1fff 100755 (executable)
@@ -324,6 +324,23 @@ static int __send_select_result(int fd, bundle *b, void *data)
        return DATACONTROL_ERROR_NONE;
 }
 
+static int _get_int_from_str(const char *str)
+{
+       int result = 0;
+       char *pend;
+       errno = 0;
+       result = strtol(str, &pend, 10);
+       if ((result == LONG_MIN || result == LONG_MAX)
+               && errno != 0) {
+               result = 0;
+       }
+
+       if (*pend != '\0')
+               result = 0;
+
+       return result;
+}
+
 static int __send_get_value_result(int fd, bundle *b, void *data)
 {
 
@@ -336,13 +353,19 @@ static int __send_get_value_result(int fd, bundle *b, void *data)
 
        LOGI("page num: %s, count_per_page: %s, value_count %s", page_num_str, count_per_page_str, value_count_str);
 
-       int page_number = atoi(page_num_str);
-       int count_per_page = atoi(count_per_page_str);
-       int value_count = atoi(value_count_str);
-       int current_offset = (page_number - 1) * count_per_page;
-       int remain_count = value_count - current_offset;
+       int page_number = 0;
+       int count_per_page = 0;
+       int value_count = 0;
+       int current_offset = 0;
+       int remain_count = 0;
        unsigned int nb;
 
+       page_number = _get_int_from_str(page_num_str);
+       count_per_page = _get_int_from_str(count_per_page_str);
+       value_count = _get_int_from_str(value_count_str);
+
+       current_offset = (page_number - 1) * count_per_page;
+       remain_count = value_count - current_offset;
        remain_count = (remain_count > 0) ? remain_count : 0;   /* round off to zero if the negative num is found */
 
        int add_value_count = (count_per_page > remain_count) ? remain_count : count_per_page;
index da3ea8884cc68c43dae3cdea71f639b378428783..520519ae9c2c4eeb2796ea3e98a2b36e04c0ea4d 100755 (executable)
@@ -222,6 +222,7 @@ static int __sql_handle_cb(bundle *b, void *data, int fd, int request_id)
                                                != DATACONTROL_ERROR_NONE)
                                        return DATACONTROL_ERROR_IO_ERROR;
                        }
+                       break;
                }
                case DATACONTROL_TYPE_SQL_INSERT:
                {