webrtc_test: Fix untrusted conversion from string to number

Use g_ascii_strtoll() instead of atoi().

[Version] 0.1.154
[Issue Type] Improvement

Change-Id: I0e450dd2a7fc6a75bc3a70c997652745bafcdf9f
Signed-off-by: Sangchul Lee <sc11.lee@samsung.com>

diff --git a/packaging/capi-media-webrtc.spec b/packaging/capi-media-webrtc.spec
index 9c8f33bee9dde0d7a0d598b19824b7edb983be4b..0ce85501bf6840922bd5b820157e7506287d726c 100644 (file)
--- a/packaging/capi-media-webrtc.spec
+++ b/packaging/capi-media-webrtc.spec
@@ -1,6 +1,6 @@
 Name:       capi-media-webrtc
 Summary:    A WebRTC library in Tizen Native API
-Version:    0.1.153
+Version:    0.1.154
 Release:    0
 Group:      Multimedia/API
 License:    Apache-2.0

diff --git a/test/webrtc_test.c b/test/webrtc_test.c
index c932daacdf64d8f2554d2c5acf2798ab88b324b0..aa1c25f1141fffa49504417cd3090da709ad3c13 100644 (file)
--- a/test/webrtc_test.c
+++ b/test/webrtc_test.c
@@ -160,9 +160,9 @@ typedef struct _connection_s {
        int cnt;
 
        /* receive data & dump file */
-       int sum_size;
+       gint64 sum_size;
        gchar *expected_name;
-       int expected_size;
+       gint64 expected_size;
        char* receive_buffer;
 
        webrtc_display_type_e display_type;
@@ -909,6 +909,26 @@ end:
                close(fd);
 }
 
+static int __convert_string_to_gint64(gchar *str, gint64 *result)
+{
+       gint64 res;
+
+       if (!str || !result) {
+               g_printerr("invalid arguments, str[%p], result[%p]\n", str, result);
+               return -1;
+       }
+
+       res = g_ascii_strtoll((const gchar *)str, NULL, 10);
+       if (res == 0) {
+               g_printerr("failed to g_ascii_strtoll() for [%s]\n", str);
+               return -1;
+       }
+
+       *result = res;
+
+       return 0;
+}
+
 static void __data_channel_message_cb(webrtc_data_channel_h channel, webrtc_data_channel_type_e type, void *message, void *user_data)
 {
        connection_s *conn = (connection_s*)user_data;
@@ -936,11 +956,12 @@ static void __data_channel_message_cb(webrtc_data_channel_h channel, webrtc_data
 
                } else if (g_str_has_prefix((const gchar *)message, "expected size:")) {
                        str_arr = g_strsplit((const gchar *)message, ":", 2);
-                       conn->expected_size = atoi(str_arr[1]);
 
-                       if (conn->receive_buffer)
-                               free(conn->receive_buffer);
-                       conn->receive_buffer = (char *)calloc(conn->expected_size, sizeof(char));
+                       if (__convert_string_to_gint64(str_arr[1], &conn->expected_size) == 0) {
+                               if (conn->receive_buffer)
+                                       free(conn->receive_buffer);
+                               conn->receive_buffer = (char *)calloc(conn->expected_size, sizeof(char));
+                       }
                }
 
                if (str_arr)
@@ -956,7 +977,7 @@ static void __data_channel_message_cb(webrtc_data_channel_h channel, webrtc_data
                g_print("bytes message[%p, size:%u]\n", data_p, size);
 
                if (conn->expected_size > 0 && conn->expected_name) {
-                       g_print("downloading [%s], size[%d / %d]\n", conn->expected_name, conn->sum_size, conn->expected_size);
+                       g_print("downloading [%s], size[%llu / %llu]\n", conn->expected_name, conn->sum_size, conn->expected_size);
 
                        memcpy(&conn->receive_buffer[conn->sum_size], ((uint8_t*)data_p), size);