Fix the Svace issues

Change-Id: I0a7f4d9744b3c117b347f8b306bcee56a4b60b7e
Signed-off-by: Hyuk Lee <hyuk0512.lee@samsung.com>
Signed-off-by: DoHyun Pyun <dh79.pyun@samsung.com>

diff --git a/bt-api/bt-audio.c b/bt-api/bt-audio.c
index f0c8b98..1bd297e 100644 (file)
--- a/bt-api/bt-audio.c
+++ b/bt-api/bt-audio.c
@@ -854,7 +854,7 @@ BT_EXPORT_API int bluetooth_hf_send_xsat_cmd(int app_id, char *xsat_cmd)
 
        BT_CHECK_ENABLED(return);
 
-       strcpy(buffer, "AT+XSAT=");
+       strncpy(buffer, "AT+XSAT=\0", 200);
        snprintf(buffer + strlen(buffer), sizeof(buffer) - strlen(buffer),
                "%d,", app_id);
        strncat(buffer, xsat_cmd, (sizeof(buffer) - 1) - strlen(buffer));

diff --git a/bt-api/bt-event-handler.c b/bt-api/bt-event-handler.c
index 930cf1a..665ee0a 100644 (file)
--- a/bt-api/bt-event-handler.c
+++ b/bt-api/bt-event-handler.c
@@ -844,6 +844,8 @@ void __bt_device_event_filter(GDBusConnection *connection,
                g_variant_get(parameters, "(i&s@ay)", &result, &char_handle, &char_value_var);
 
                len = g_variant_get_size(char_value_var);
+               ret_if (char_value_var == NULL);
+
                if (len > 0)
                        value = (char *)g_variant_get_data(char_value_var);
 
@@ -856,8 +858,7 @@ void __bt_device_event_filter(GDBusConnection *connection,
                        if (char_val.char_value == NULL) {
                                BT_ERR("BLUETOOTH_ERROR_OUT_OF_MEMORY");
                                g_free(char_val.char_handle);
-                               if (char_value_var)
-                                       g_variant_unref(char_value_var);
+                               g_variant_unref(char_value_var);
                                return;
                        }
                        memcpy(char_val.char_value, value, len);
@@ -865,8 +866,7 @@ void __bt_device_event_filter(GDBusConnection *connection,
                                        result, &char_val,
                                        event_info->cb, event_info->user_data);
                        g_free(char_val.char_value);
-                       if (char_value_var)
-                               g_variant_unref(char_value_var);
+                       g_variant_unref(char_value_var);
                }
                g_free(char_val.char_handle);
        } else if (strcasecmp(signal_name, BT_DEVICE_CONNECTED) == 0) {

diff --git a/bt-api/bt-gatt-service.c b/bt-api/bt-gatt-service.c
index 7ec424c..66c0632 100644 (file)
--- a/bt-api/bt-gatt-service.c
+++ b/bt-api/bt-gatt-service.c
@@ -2521,10 +2521,13 @@ BT_EXPORT_API int bluetooth_gatt_server_set_notification(const char *char_path,
 
        if (!__bt_gatt_get_service_state(serv_path)) {
                BT_DBG("service not registered for this characteristic \n");
+               g_free(serv_path);
                g_strfreev(line_argv);
                return BLUETOOTH_ERROR_INTERNAL;
        }
 
+       g_free(serv_path);
+
        outer_builder = g_variant_builder_new(G_VARIANT_TYPE("a{sv}"));
        invalidated_builder = g_variant_builder_new(G_VARIANT_TYPE("as"));
 

diff --git a/bt-service/bt-service-adapter-le.c b/bt-service/bt-service-adapter-le.c
index fb98d57..43e8cf5 100644 (file)
--- a/bt-service/bt-service-adapter-le.c
+++ b/bt-service/bt-service-adapter-le.c
@@ -193,9 +193,14 @@ gboolean _bt_update_le_feature_support(const char *item, const char *value)
                return FALSE;
 
        if (g_strcmp0(item, "adv_inst_max") == 0) {
-               if (atoi(value) != le_feature_info.adv_inst_max) {
+               int slot_num;
+
+               slot_num = atoi(value);
+               retv_if(slot_num < 0, FALSE);
+
+               if (slot_num != le_feature_info.adv_inst_max) {
                        __bt_free_le_adv_slot();
-                       le_feature_info.adv_inst_max = atoi(value);
+                       le_feature_info.adv_inst_max = slot_num;
                        BT_INFO("Advertising instance max : %d", le_feature_info.adv_inst_max);
                        le_adv_slot = g_malloc0(sizeof(bt_adapter_le_adv_slot_t) * le_feature_info.adv_inst_max);
                }

diff --git a/bt-service/bt-service-device.c b/bt-service/bt-service-device.c
index 9a8b1e3..d98b29a 100644 (file)
--- a/bt-service/bt-service-device.c
+++ b/bt-service/bt-service-device.c
@@ -1902,6 +1902,12 @@ int _bt_connect_le_device(int req_id, const bluetooth_device_address_t *bd_addr,
        retv_if(device_proxy == NULL, BLUETOOTH_ERROR_INTERNAL);
 
        func_data = g_malloc0(sizeof(bt_function_data_t));
+       if (func_data == NULL) {
+               BT_ERR("Unable to allocate memory for address");
+               ret = BLUETOOTH_ERROR_MEMORY_ALLOCATION;
+               goto fail;
+       }
+
        func_data->address = g_strdup(device_address);
        if (func_data->address == NULL) {
                BT_ERR("Unable to allocate memory for address");
@@ -1968,6 +1974,12 @@ int _bt_disconnect_le_device(int req_id,
        retv_if(device_proxy == NULL, BLUETOOTH_ERROR_INTERNAL);
 
        func_data = g_malloc0(sizeof(bt_function_data_t));
+       if (func_data == NULL) {
+               BT_ERR("Unable to allocate memory for address");
+               ret = BLUETOOTH_ERROR_MEMORY_ALLOCATION;
+               goto fail;
+       }
+
        func_data->address = g_strdup(device_address);
        if (func_data->address == NULL) {
                BT_ERR("Unable to allocate memory for address");

diff --git a/bt-service/bt-service-event-receiver.c b/bt-service/bt-service-event-receiver.c
index b55b6c5..729ea40 100644 (file)
--- a/bt-service/bt-service-event-receiver.c
+++ b/bt-service/bt-service-event-receiver.c
@@ -251,7 +251,7 @@ static gboolean __bt_parse_interface(GVariant *msg,
                                        bt_remote_dev_info_t *dev_info)
 {
        char *path = NULL;
-       GVariant *optional_param;
+       GVariant *optional_param = NULL;
        GVariantIter iter;
        GVariant *child;
        char *interface_name = NULL;
@@ -260,6 +260,8 @@ static gboolean __bt_parse_interface(GVariant *msg,
                                        &path, &optional_param);
        g_variant_iter_init(&iter, optional_param);
 
+       retv_if(optional_param == NULL, FALSE);
+
        while ((child = g_variant_iter_next_value(&iter))) {
                g_variant_get(child, "{&s@a{sv}}", &interface_name, &inner_iter);
                if (g_strcmp0(interface_name, BT_DEVICE_INTERFACE) == 0) {
@@ -279,10 +281,10 @@ static gboolean __bt_parse_interface(GVariant *msg,
                        }
                }
                g_variant_unref(inner_iter);
-       g_variant_unref(child);
+               g_variant_unref(child);
        }
-       if (optional_param)
-               g_variant_unref(optional_param);
+
+       g_variant_unref(optional_param);
 
        return FALSE;
 }

diff --git a/bt-service/bt-service-event-sender.c b/bt-service/bt-service-event-sender.c
index f75731b..5028fa0 100644 (file)
--- a/bt-service/bt-service-event-sender.c
+++ b/bt-service/bt-service-event-sender.c
@@ -200,6 +200,7 @@ int _bt_send_event(int event_type, int event, GVariant *param)
                break;
        case BLUETOOTH_EVENT_SUPPORTED_PROFILE_TRUSTED:
                signal = BT_SUPPORTED_PROFILE_TRUSTED;
+               break;
        case BLUETOOTH_EVENT_KEYBOARD_PASSKEY_DISPLAY:
                signal = BT_KBD_PASSKEY_DISPLAY_REQ_RECEIVED;
                break;
@@ -404,6 +405,7 @@ int _bt_send_event(int event_type, int event, GVariant *param)
                break;
        case BLUETOOTH_EVENT_GATT_ATT_MTU_CHANGED:
                signal = BT_GATT_REQ_ATT_MTU_CHANGED;
+               break;
        case BLUETOOTH_EVENT_IPSP_INIT_STATE_CHANGED:
                signal = BT_IPSP_INITIALIZED;
                break;

diff --git a/bt-service/bt-service-obex-agent.c b/bt-service/bt-service-obex-agent.c
index 5d519ae..4cc2b2f 100644 (file)
--- a/bt-service/bt-service-obex-agent.c
+++ b/bt-service/bt-service-obex-agent.c
@@ -451,7 +451,7 @@ gboolean _bt_obex_setup(const char *path)
        bt_obex_agent_info *info;
        GDBusProxy *proxy;
        GDBusNodeInfo *new_conn_node;
-       GDBusNodeInfo *auth_reply_node;
+       GDBusNodeInfo *auth_reply_node = NULL;
        GError *err = NULL;
 
        info = __find_obex_agent_info((char *)path);
@@ -508,6 +508,12 @@ gboolean _bt_obex_setup(const char *path)
        }
 
        auth_reply_node = g_dbus_node_info_new_for_xml(obex_service_reply_xml3, NULL);
+
+       if (auth_reply_node == NULL) {
+               BT_ERR("Fail to create the node info for xml");
+               return FALSE;
+       }
+
        info->obex_reply_id = g_dbus_connection_register_object(auth_reply_conn, info->path,
                auth_reply_node->interfaces[0], &method_table, NULL, NULL, &err);
        g_dbus_node_info_unref(auth_reply_node);

diff --git a/bt-service/bt-service-obex-server.c b/bt-service/bt-service-obex-server.c
index a8797fa..b4c69d0 100644 (file)
--- a/bt-service/bt-service-obex-server.c
+++ b/bt-service/bt-service-obex-server.c
@@ -704,8 +704,10 @@ done:
        BT_DBG("Transfer id %d", transfer_info->transfer_id);
 
        builder = g_variant_builder_new(G_VARIANT_TYPE("ay"));
-       for (i = 0; i < 5; i++)
-               g_variant_builder_add(builder, "y", agent_info.auth_info->contact_auth_info[i]);
+       for (i = 0; i < 5; i++) {
+               if (agent_info.auth_info)
+                       g_variant_builder_add(builder, "y", agent_info.auth_info->contact_auth_info[i]);
+       }
 
        param = g_variant_new("(isssstii(ay))", result,
                                transfer_info->device_name,

diff --git a/bt-service/bt-service-pbap.c b/bt-service/bt-service-pbap.c
index 1b5aee3..681f924 100644 (file)
--- a/bt-service/bt-service-pbap.c
+++ b/bt-service/bt-service-pbap.c
@@ -876,6 +876,7 @@ int __bt_pbap_call_get_phonebook(GDBusProxy *proxy, bt_pbap_data_t *pbap_data)
 
        g_free(format_str);
        g_free(order_str);
+       g_free(target_file);
 
        BT_DBG("-");
        return BLUETOOTH_ERROR_NONE;
@@ -1024,6 +1025,7 @@ int __bt_pbap_call_get_vcard(GDBusProxy *proxy, bt_pbap_data_t *pbap_data)
 
        g_free(format_str);
        g_free(vcard_handle);
+       g_free(target_file);
 
        BT_DBG("-");
        return BLUETOOTH_ERROR_NONE;