projects / platform / core / multimedia / libmm-camcorder.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 678cf65)
Fix svace issue - INTEGER_OVERFLOW 80/317180/2 accepted/tizen_unified_x_asan accepted/tizen/unified/20241231.131840 accepted/tizen/unified/x/20250101.065001 accepted/tizen/unified/x/asan/20250113.002131
authorJeongmo Yang <jm80.yang@samsung.com>
Thu, 26 Dec 2024 10:10:36 +0000 (19:10 +0900)
committerJeongmo Yang <jm80.yang@samsung.com>
Thu, 26 Dec 2024 22:52:47 +0000 (07:52 +0900)
[Version] 1.3.4
[Issue Type] Svace

Change-Id: I6c4fd56ef3ee14bb4e1565c3d78deed22b57b1d6
Signed-off-by: Jeongmo Yang <jm80.yang@samsung.com>
packaging/libmm-camcorder.spec [changed mode: 0755->0644] patch | blob | history
src/mm_camcorder_configure.c patch | blob | history

diff --git a/packaging/libmm-camcorder.spec b/packaging/libmm-camcorder.spec
old mode 100755 (executable)
new mode 100644 (file)
index 37602b9..425736c
--- a/packaging/libmm-camcorder.spec
+++ b/packaging/libmm-camcorder.spec
@@ -1,6 +1,6 @@
 Name:       libmm-camcorder
 Summary:    Camera and recorder library
-Version:    1.3.3
+Version:    1.3.4
 Release:    0
 Group:      Multimedia/Libraries
 License:    Apache-2.0
diff --git a/src/mm_camcorder_configure.c b/src/mm_camcorder_configure.c
index 82a11b2704449f470063a02240d29c711bf92c81..08cbbcca4b4ec710987a8bc64e2505aa134f1cf6 100644 (file)
--- a/src/mm_camcorder_configure.c
+++ b/src/mm_camcorder_configure.c
@@ -1414,17 +1414,15 @@ int _mmcamcorder_conf_add_info(MMHandleType handle, int type, conf_detail **info
                if (value_type != CONFIGURE_VALUE_STRING && value_type != CONFIGURE_VALUE_STRING_ARRAY) {
                        token = strtok_r(NULL, delimiters, &user_ptr);
                        while (token) {
-                               buffer_token[count_token] = token;
-                               MMCAM_LOG_VERBOSE("token : [%s]", buffer_token[count_token]);
+                               if (count_token < BUFFER_NUM_TOKEN) {
+                                       buffer_token[count_token] = token;
+                                       MMCAM_LOG_VERBOSE("token : [%s]", buffer_token[count_token]);
+                               } else {
+                                       MMCAM_LOG_WARNING("too many token[%s]", token);
+                               }
                                count_token++;
                                token = strtok_r(NULL, delimiters, &user_ptr);
                        }
-
-                       if (count_token < 2) {
-                               (*info)->detail_info[i] = NULL;
-                               MMCAM_LOG_WARNING("Number of token is too small... check it.[%s]", buffer_details[i]);
-                               continue;
-                       }
                } else { /* CONFIGURE_VALUE_STRING or CONFIGURE_VALUE_STRING_ARRAY */
                        /* skip "=" */
                        strtok_r(NULL, delimiters_sub, &user_ptr);
@@ -1432,8 +1430,12 @@ int _mmcamcorder_conf_add_info(MMHandleType handle, int type, conf_detail **info
                        if (value_type == CONFIGURE_VALUE_STRING_ARRAY) {
                                token = strtok_r(NULL, delimiters_sub, &user_ptr);
                                while (token) {
-                                       buffer_token[count_token] = token;
-                                       MMCAM_LOG_VERBOSE("token : [%s]", buffer_token[count_token]);
+                                       if (count_token < BUFFER_NUM_TOKEN) {
+                                               buffer_token[count_token] = token;
+                                               MMCAM_LOG_VERBOSE("token : [%s]", buffer_token[count_token]);
+                                       } else {
+                                               MMCAM_LOG_WARNING("too many token[%s]", token);
+                                       }
                                        count_token++;
                                        token = strtok_r(NULL, delimiters_sub, &user_ptr);
                                }
@@ -1446,12 +1448,12 @@ int _mmcamcorder_conf_add_info(MMHandleType handle, int type, conf_detail **info
                                        count_token++;
                                }
                        }
+               }
 
-                       if (count_token < 2) {
-                               (*info)->detail_info[i] = NULL;
-                               MMCAM_LOG_WARNING("No string value... check it.[%s]", buffer_details[i]);
-                               continue;
-                       }
+               if (count_token < 2 || count_token > BUFFER_NUM_TOKEN) {
+                       (*info)->detail_info[i] = NULL;
+                       MMCAM_LOG_WARNING("invalid token count[%d]... check it.[%s]", count_token, buffer_details[i]);
+                       continue;
                }
 
                switch (value_type) {
Domain: Multimedia / Media Camera;