Fix memory leak and NULL dereference issue

Change-Id: I59521afe6aef9c3ec96c1ad294301c322a70539e

diff --git a/packaging/capi-network-bluetooth.spec b/packaging/capi-network-bluetooth.spec
index e1cbb08..672efcd 100644 (file)
--- a/packaging/capi-network-bluetooth.spec
+++ b/packaging/capi-network-bluetooth.spec
@@ -1,6 +1,6 @@
 Name:       capi-network-bluetooth
 Summary:    Network Bluetooth Framework
-Version:    0.5.2
+Version:    0.5.3
 Release:    1
 Group:      Connectivity/API
 License:    Apache-2.0

diff --git a/src/bluetooth-adapter.c b/src/bluetooth-adapter.c
index d4c4507..811e96f 100644 (file)
--- a/src/bluetooth-adapter.c
+++ b/src/bluetooth-adapter.c
@@ -626,6 +626,7 @@ int bt_adapter_foreach_bonded_device(bt_adapter_bonded_device_cb foreach_cb,
        if (ret != BT_ERROR_NONE) {
                BT_ERR("%s(0x%08x) : Failed to get bonded device list", /* LCOV_EXCL_LINE */
                _bt_convert_error_to_string(ret), ret); /* LCOV_EXCL_LINE */
+               g_ptr_array_free(dev_list, TRUE);
                return ret;
        }
 
@@ -770,6 +771,7 @@ int bt_adapter_foreach_profile_connected_devices(const char *profile_uuid,
        if (ret != BT_ERROR_NONE) {
                BT_ERR("%s(0x%08x) : Failed to get profile connected device list",
                                _bt_convert_error_to_string(ret), ret);
+               g_ptr_array_free(addr_list, TRUE);
                return ret;
        }
 

diff --git a/src/bluetooth-common.c b/src/bluetooth-common.c
index c5cc8d4..6fb1bfb 100644 (file)
--- a/src/bluetooth-common.c
+++ b/src/bluetooth-common.c
@@ -2265,6 +2265,8 @@ static void __bt_event_proxy(int event, bluetooth_event_param_t *param, void *us
                        /* Free Data */
                        if (val != NULL)
                                g_free(val);
+                       if (device_addr != NULL)
+                               free(device_addr);
                        return;
                }
 

diff --git a/src/bluetooth-gatt.c b/src/bluetooth-gatt.c
index 5761e17..e493214 100644 (file)
--- a/src/bluetooth-gatt.c
+++ b/src/bluetooth-gatt.c
@@ -116,11 +116,6 @@ static int __get_gatt_handle_by_uuid(GSList *list, const char *uuid,
                bt_get_uuid_name(uuid, &name);
                BT_INFO("Find uuid : %s [%s]", uuid, name);
                g_free(name);
-               for (l = list; l; l = g_slist_next(l)) {
-                       bt_gatt_common_s *common = (bt_gatt_common_s *)l->data;
-                       bt_get_uuid_name(common->uuid, &name);
-                       g_free(name);
-               }
                return BT_ERROR_NO_DATA;
        }
 
@@ -1472,15 +1467,21 @@ int bt_gatt_set_int_value(bt_gatt_h gatt_handle, bt_data_type_int_e type,
        fmt_size = __get_data_type_int_size(type);
        if (*val == NULL) {
                *val = g_malloc0(fmt_size);
+               if (*val == NULL)
+                       return BT_ERROR_OUT_OF_MEMORY;
                *val_len = fmt_size;
        } else if (*val_len == offset) { /* Added */
                tmp = g_malloc0(*val_len + fmt_size);
+               if (tmp == NULL)
+                       return BT_ERROR_OUT_OF_MEMORY;
                memcpy(tmp, *val, *val_len);
                g_free(*val);
                *val = tmp;
                *val_len += fmt_size;
        } else if (*val_len < offset + fmt_size) {/* Overlapped */
                tmp = g_malloc0(offset + fmt_size);
+               if (tmp == NULL)
+                       return BT_ERROR_OUT_OF_MEMORY;
                memcpy(tmp, *val, *val_len);
                g_free(*val);
                *val = tmp;
@@ -1490,44 +1491,34 @@ int bt_gatt_set_int_value(bt_gatt_h gatt_handle, bt_data_type_int_e type,
        switch (type) {
        case BT_DATA_TYPE_SINT8:
                value = __convert_int_to_signed_bits(value, 8);
-               if (*val)
-                       (*val)[idx] = (char)(value & 0xFF);
+               (*val)[idx] = (char)(value & 0xFF);
                break;
        case BT_DATA_TYPE_UINT8:
-               if (*val)
-                       (*val)[idx] = (char)(value & 0xFF);
+               (*val)[idx] = (char)(value & 0xFF);
                break;
 
        case BT_DATA_TYPE_SINT16:
                value = __convert_int_to_signed_bits(value, 16);
-               if (*val) {
-                        (*val)[idx++] = (char)(value & 0xFF);
-                        (*val)[idx] = (char)((value >> 8) & 0xFF);
-               }
+                (*val)[idx++] = (char)(value & 0xFF);
+                (*val)[idx] = (char)((value >> 8) & 0xFF);
                break;
        case BT_DATA_TYPE_UINT16:
-               if (*val) {
-                        (*val)[idx++] = (char)(value & 0xFF);
-                        (*val)[idx] = (char)((value >> 8) & 0xFF);
-               }
+                (*val)[idx++] = (char)(value & 0xFF);
+                (*val)[idx] = (char)((value >> 8) & 0xFF);
                break;
 
        case BT_DATA_TYPE_SINT32:
                value = __convert_int_to_signed_bits(value, 32);
-               if (*val) {
-                       (*val)[idx++] = (char)(value & 0xFF);
-                       (*val)[idx++] = (char)((value >> 8) & 0xFF);
-                       (*val)[idx++] = (char)((value >> 16) & 0xFF);
-                       (*val)[idx] = (char)((value >> 24) & 0xFF);
-               }
+               (*val)[idx++] = (char)(value & 0xFF);
+               (*val)[idx++] = (char)((value >> 8) & 0xFF);
+               (*val)[idx++] = (char)((value >> 16) & 0xFF);
+               (*val)[idx] = (char)((value >> 24) & 0xFF);
                break;
        case BT_DATA_TYPE_UINT32:
-               if (*val) {
-                       (*val)[idx++] = (char)(value & 0xFF);
-                       (*val)[idx++] = (char)((value >> 8) & 0xFF);
-                       (*val)[idx++] = (char)((value >> 16) & 0xFF);
-                       (*val)[idx] = (char)((value >> 24) & 0xFF);
-               }
+               (*val)[idx++] = (char)(value & 0xFF);
+               (*val)[idx++] = (char)((value >> 8) & 0xFF);
+               (*val)[idx++] = (char)((value >> 16) & 0xFF);
+               (*val)[idx] = (char)((value >> 24) & 0xFF);
                break;
 
        default:

diff --git a/test/bt_unit_test.c b/test/bt_unit_test.c
index 2da961a..8b296bb 100644 (file)
--- a/test/bt_unit_test.c
+++ b/test/bt_unit_test.c
@@ -1584,6 +1584,7 @@ static bool __bt_adapter_bonded_device_cb(bt_device_info_s *device_info,
                        TC_PRT("[%d / %d] %s (%s)", i, device_info->service_count,
                                str ? str : "Unknown", device_info->service_uuid[i]);
                        g_free(str);
+                       str = NULL;
                }
        }