[SATIZENVUL-953] Add checker for block overflow

Change-Id: I034445bacf6254a0a15b32173e1604df803dc993
Signed-off-by: Minje Ahn <minje.ahn@samsung.com>

diff --git a/src/server/media-server-thumb.c b/src/server/media-server-thumb.c
index f8e9e9a..1ad623b 100755 (executable)
--- a/src/server/media-server-thumb.c
+++ b/src/server/media-server-thumb.c
@@ -224,7 +224,7 @@ int _ms_thumb_set_buffer(thumbMsg *req_msg, unsigned char **buf, int *buf_size)
        org_path_len = req_msg->origin_path_size;
        dst_path_len = req_msg->dest_path_size;
        data_len = req_msg->thumb_size;
-       if (org_path_len < 0 || dst_path_len < 0 || data_len < 0) {
+       if ((org_path_len < 0 || org_path_len > MAX_FILEPATH_LEN) || (dst_path_len < 0 || dst_path_len > MAX_FILEPATH_LEN) || data_len < 0) {
                MS_DBG_ERR("msg size is wrong");
                return -1;
        }