sms: fix stack corruption on 64 bit env

srclen, dstlen should be size_t (or gsize) that is 64 bit wide usigned
data type. If there is 32 bit wide data where srcLen, dstLen pointed to,
stack corruption is occured.

Change-Id: I2195c9b00dc155add427241b1ec596f83c2ec0c8
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>

diff --git a/lib/libsms/sms_tool.c b/lib/libsms/sms_tool.c
index 28b7d19..d91fabe 100644 (file)
--- a/lib/libsms/sms_tool.c
+++ b/lib/libsms/sms_tool.c
@@ -362,10 +362,10 @@ byte length of converted UCS2 characters
  */
 int MsgConvertUTF8toUCS2(unsigned char *pDestText, int maxLength, const unsigned char *pSrcText, int srcTextLen)
 {
-    int textLen;
+    size_t textLen;
     unsigned char *unicodeTemp = (unsigned char*)pDestText;
     int ucs2Length = 0;
-    int remainedBuffer = maxLength;
+    size_t remainedBuffer = maxLength;
 
 #ifdef CONVERT_DUMP
     int srcLen = srcTextLen;
@@ -397,7 +397,7 @@ int MsgConvertUTF8toUCS2(unsigned char *pDestText, int maxLength, const unsigned
 
     if (cd > 0)
     {
-        err = g_iconv(cd, (char**)&pSrcText, (gsize*)&textLen, (char**)&unicodeTemp, (gsize*)&remainedBuffer);
+        err = g_iconv(cd, (char**)&pSrcText, &textLen, (char**)&unicodeTemp, &remainedBuffer);
         if (err < 0) {
             fprintf(stderr, "g_iconv has failed\n");
             g_iconv_close(cd);
@@ -431,16 +431,16 @@ byte length of converted UTF8 characters
  */
 int MsgConvertUCS2toUTF8(unsigned char *pDestText, int maxLength, const unsigned char *pSrcText,  int srcTextLen)
 {
-    int remainedBuffer = maxLength;
+    size_t remainedBuffer = maxLength;
+    size_t srcLen = srcTextLen;
     int utf8Length;
 
 #ifdef CONVERT_DUMP
-    int srcLen = srcTextLen;
     const unsigned char * pTempSrcText = pSrcText;
 #endif
     unsigned char * pTempDestText = pDestText;
 
-    if(srcTextLen == 0 || pSrcText == NULL || pDestText ==  NULL || maxLength == 0)
+    if(srcLen == 0 || pSrcText == NULL || pDestText ==  NULL || remainedBuffer == 0)
     {
        fprintf(stderr, "UCS2 to UTF8 Failed as text length is 0\n");
        return FALSE;
@@ -453,7 +453,7 @@ int MsgConvertUCS2toUTF8(unsigned char *pDestText, int maxLength, const unsigned
 
     if (cd > 0)
     {
-        err = g_iconv(cd, (char**)&pSrcText, (gsize*)&srcTextLen, (char**)&pDestText, (gsize*)&remainedBuffer);
+        err = g_iconv(cd, (char**)&pSrcText, &srcLen, (char**)&pDestText, &remainedBuffer);
         if (err < 0) {
             fprintf(stderr, "g_iconv has failed\n");
             g_iconv_close(cd);
@@ -466,7 +466,7 @@ int MsgConvertUCS2toUTF8(unsigned char *pDestText, int maxLength, const unsigned
 
 #ifdef CONVERT_DUMP
     fprintf(stderr, "\n########## Dump UCS2 -> UTF8\n");
-    MsgConvertDumpTextToHex((unsigned char*)pTempSrcText, srcLen);
+    MsgConvertDumpTextToHex((unsigned char*)pTempSrcText, srcTextLen);
     MsgConvertDumpTextToHex((unsigned char*)pTempDestText, utf8Length);
 #endif
 

diff --git a/vmodem/server/server_tx_sms.c b/vmodem/server/server_tx_sms.c
index ee3e568..32330d7 100644 (file)
--- a/vmodem/server/server_tx_sms.c
+++ b/vmodem/server/server_tx_sms.c
@@ -70,7 +70,6 @@ static int sms_msg_hook_modify(void * data, int len)
            , tpdu_submit.udl, tpdu_submit.userData);
 
     /* decode time stamp */
-    position = DecodeSmsSubmitTpdu(&tpdu_submit, len, (char *)rawdata, 0);
     /* time value is located in (start point of user data) -1  */
     SmsUtilDecodeTimeStamp( &rawdata[(position-1)], &SCTimeStamp );
     TRACE(MSGL_VGSM_INFO, "Event Injector time [%d-%d-%d, %d:%d:%d]\n"