projects / platform / core / uifw / isf.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 52c6150)
Fix buffer overflow issue detected by static analysis tool 77/105377/1
authorJihoon Kim <jihoon48.kim@samsung.com>
Fri, 16 Dec 2016 09:59:50 +0000 (18:59 +0900)
committerJihoon Kim <jihoon48.kim@samsung.com>
Fri, 16 Dec 2016 09:59:50 +0000 (18:59 +0900)
Change-Id: I40354d7df587f9659e22431045e350e5330d1dcc
Signed-off-by: Jihoon Kim <jihoon48.kim@samsung.com>
ism/modules/panelagent/wayland/wayland_panel_agent_module.cpp patch | blob | history

diff --git a/ism/modules/panelagent/wayland/wayland_panel_agent_module.cpp b/ism/modules/panelagent/wayland/wayland_panel_agent_module.cpp
index eb2a4c5..f4d085c 100644 (file)
--- a/ism/modules/panelagent/wayland/wayland_panel_agent_module.cpp
+++ b/ism/modules/panelagent/wayland/wayland_panel_agent_module.cpp
@@ -2828,15 +2828,17 @@ public:
         } else {
             buff[len] = '\0';
             if (wsc_ctx->surrounding_text == NULL) {
-                /* Add one byte for terminating NULL character and subtract <int> byte for cursor position */
-                wsc_ctx->surrounding_text = (char*)malloc (len + 1 - sizeof(int));
-                if (wsc_ctx->surrounding_text) {
-                    memcpy(&(wsc_ctx->surrounding_cursor), buff, sizeof(int));
-                    memcpy (wsc_ctx->surrounding_text, buff + sizeof(int), len >= sizeof(int) ? (len - sizeof(int)) : 0);
-                    wsc_ctx->surrounding_text[len - sizeof(int)] = '\0';
-                    return ECORE_CALLBACK_RENEW;
-                } else {
-                    LOGE ("malloc failed");
+                if (len >= sizeof(int)) {
+                    /* Add one byte for terminating NULL character and subtract <int> byte for cursor position */
+                    wsc_ctx->surrounding_text = (char*)malloc (len + 1 - sizeof(int));
+                    if (wsc_ctx->surrounding_text) {
+                        memcpy(&(wsc_ctx->surrounding_cursor), buff, sizeof(int));
+                        memcpy (wsc_ctx->surrounding_text, buff + sizeof(int), len - sizeof(int));
+                        wsc_ctx->surrounding_text[len - sizeof(int)] = '\0';
+                        return ECORE_CALLBACK_RENEW;
+                    } else {
+                        LOGE ("malloc failed");
+                    }
                 }
             } else {
                 int old_len = strlen (wsc_ctx->surrounding_text);
Domain: UI Framework / Text Input;