Fix SVACE issue

Change-Id: Idcbcc9c02f5ee6d89f4c4f2d6c97a4c9b36c48fd
Signed-off-by: sooyeon.kim <sooyeon.kim@samsung.com>

diff --git a/src/voice_control_webview.cpp b/src/voice_control_webview.cpp
index eaa38fe142ca46aacbe380f7b8418dbcb5290080..7df21fc33fa10deae1d0e89d43f0a953b76d257f 100755 (executable)
--- a/src/voice_control_webview.cpp
+++ b/src/voice_control_webview.cpp
@@ -132,19 +132,26 @@ char* VCWebView::vc_webview_load_script(const char* filename)
 
        FILE *f = NULL;
        char js_path[1024] = {'\0',};
+       char buf[256] = {'\0',};
+
        snprintf(js_path, 1024, "%s/%s", VC_WEBVIEW_JS_PATH, filename);
        LOGD("===path (%s)", js_path);
        f = fopen(js_path, "r");
        if (NULL == f) {
-               LOGE("Couldn't open %s - %s", filename, strerror(errno));
+               LOGE("Couldn't open %s - %s", filename, strerror_r(errno, buf, 256));
                return NULL;
        }
        fseek(f, 0, SEEK_END);
-       long int fsize = ftell(f);
+       unsigned int fsize = (unsigned int)ftell(f);
+       if (fsize > 4294967295) {
+               LOGE("Wrong file size");
+               fclose(f);
+               return NULL;
+       }
        fseek(f, 0, SEEK_SET);
 
        char *script = new char [fsize + 1];
-       long int ret = fread(script, 1, fsize, f);
+       unsigned int ret = fread(script, 1, fsize, f);
        if (ret != fsize) {
                LOGE("Couldn't read vc-webview.js file %d, %d", fsize, ret);
                fclose(f);
@@ -630,13 +637,15 @@ static void __js_script_loading_custom_cb(Evas_Object *obj, const char *javascri
        FILE *f = NULL;
        file_name = host_name + path_name + ".js";
        char js_path[1024] = {'\0',};
+       char buf[256] = {'\0',};
+
        snprintf(js_path, 1024, "%s/%s", VC_WEBVIEW_CUSTOM_PATH, file_name.c_str());
        LOGD("=== path (%s)", js_path);
 
        f = fopen(js_path, "r");
 
        if (NULL == f) {
-               LOGE("Couldn't open %s - %s", file_name.c_str(), strerror(errno));
+               LOGE("Couldn't open %s - %s", file_name.c_str(), strerror_r(errno, buf, 256));
 
                file_name = host_name + ".js";
                snprintf(js_path, 1024, "%s/%s", VC_WEBVIEW_CUSTOM_PATH, file_name.c_str());
@@ -652,18 +661,22 @@ static void __js_script_loading_custom_cb(Evas_Object *obj, const char *javascri
 
        if (m_custom_name.compare(file_name) != 0) {
                fseek(f, 0, SEEK_END);
-               long int fsize = ftell(f);
+               unsigned int fsize = (unsigned int)ftell(f);
+               if (fsize > 4294967295) {
+                       LOGE("Wrong file size");
+                       fclose(f);
+                       return;
+               }
                fseek(f, 0, SEEK_SET);
 
                char *script = new char [fsize + 1];
-               long int ret = fread(script, 1, fsize, f);
+               unsigned int ret = fread(script, 1, fsize, f);
                if (ret != fsize) {
                        LOGE("Couldn't read vc-webview.js file %d, %d", fsize, ret);
                        fclose(f);
                        delete [] script;
                        return;
                }
-               fclose(f);
                script[fsize] = '\0';
 
                delete [] m_custom_script;
@@ -672,6 +685,8 @@ static void __js_script_loading_custom_cb(Evas_Object *obj, const char *javascri
        }
 
        ewk_view_script_execute((Evas_Object*)data, m_custom_script, __js_script_loading_result_cb, (void*)"custom");
+
+       fclose(f);
 }
 
 void VCWebView::vc_webview_set_view(Evas_Object *ewk_view)
@@ -744,4 +759,4 @@ void VCWebView::vc_remove_tooltip()
        ewk_view_script_execute(m_ewk_view, execute.c_str(), __js_script_loading_result_cb, (void*)"REMOVE_TOOLTIP");
 }
 
-#endif
\ No newline at end of file
+#endif