projects / platform / core / api / media-controller.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c80a951)
Fix Coverity issues 93/183493/1 accepted/tizen/unified/20180706.140659 submit/tizen/20180706.044046
authorhj kim <backto.kim@samsung.com>
Fri, 6 Jul 2018 01:41:35 +0000 (10:41 +0900)
committerhj kim <backto.kim@samsung.com>
Fri, 6 Jul 2018 04:32:35 +0000 (13:32 +0900)
Change-Id: I2e77a011e2401387a282f0768d3a5bd7b8d8ec5a

packaging/capi-media-controller.spec patch | blob | history
src/media_controller_ipc.c patch | blob | history
svc/media_controller_cynara.c patch | blob | history

diff --git a/packaging/capi-media-controller.spec b/packaging/capi-media-controller.spec
index 49a6c7c..20fd566 100755 (executable)
--- a/packaging/capi-media-controller.spec
+++ b/packaging/capi-media-controller.spec
@@ -1,6 +1,6 @@
 Name:       capi-media-controller
 Summary:    A media controller library in Tizen Native API
-Version:    0.1.63
+Version:    0.1.64
 Release:    1
 Group:      Multimedia/API
 License:    Apache-2.0
diff --git a/src/media_controller_ipc.c b/src/media_controller_ipc.c
index 6bb43f4..8d6a07b 100755 (executable)
--- a/src/media_controller_ipc.c
+++ b/src/media_controller_ipc.c
@@ -407,8 +407,10 @@ int mc_ipc_send_message_to_server(mc_msg_type_e msg_type, mc_priv_type_e priv_ty
        temp_buf = (char *)calloc(1, full_msg_size + 1);
        if (temp_buf == NULL) {
                mc_error("Error memroy allocation");
+               close(sockfd);
                return MEDIA_CONTROLLER_ERROR_OUT_OF_MEMORY;
        }
+
        memcpy(temp_buf, &send_msg, head_msg_size);
        memcpy(temp_buf + head_msg_size, request_msg, request_msg_size);
 
diff --git a/svc/media_controller_cynara.c b/svc/media_controller_cynara.c
index ab67cba..6c8848e 100755 (executable)
--- a/svc/media_controller_cynara.c
+++ b/svc/media_controller_cynara.c
@@ -89,7 +89,7 @@ int mc_cynara_receive_untrusted_message(int sockfd, mc_comm_msg_s *recv_msg, mc_
                }
        }
 
-       if (recv_msg->msg_size > 0) {
+       if ((recv_msg->msg_size > 0) && (recv_msg->msg_size <= SIZE_MAX - 1)) {
                size_t remain_size = recv_msg->msg_size;
                size_t block_size = 0;
                size_t msg_index = 0;
@@ -124,14 +124,20 @@ int mc_cynara_receive_untrusted_message(int sockfd, mc_comm_msg_s *recv_msg, mc_
                                }
                        }
 
+                       if (recv_msg_size > remain_size) {
+                               mc_error("recv_msg_size [%zu] remain_size [%zu]", recv_msg_size, remain_size);
+                               break;
+                       }
+
                        memcpy(recv_msg->msg + msg_index, recv_buf, recv_msg_size);
                        msg_index += recv_msg_size;
+
                        remain_size -= recv_msg_size;
                }
 
                MC_SAFE_FREE(recv_buf);
        } else {
-               mc_error("msg_size is zero");
+               mc_error("wrong msg_size [%zu]", recv_msg->msg_size);
                recv_msg->msg = NULL;
        }
 
Domain: Multimedia / Media Content;