Fix coverity issue

- change large array in stack memory to heap

Change-Id: I833d1abcd81da99923ef36d336a7f487344639a2

diff --git a/bsdiff/ss_bspatch_common.c b/bsdiff/ss_bspatch_common.c
index e7bd45e..af6e20b 100755 (executable)
--- a/bsdiff/ss_bspatch_common.c
+++ b/bsdiff/ss_bspatch_common.c
@@ -96,12 +96,23 @@ SRes Decode2(CLzmaDec *state, ISeqOutStream *outStream, ISeqInStream *inStream,
 {
        int thereIsSize = (*unpackSize != (UInt64)(Int64) - 1);
        UInt64 offset = 0;
-       Byte inBuf[IN_BUF_SIZE];
-       Byte outBuf[OUT_BUF_SIZE];
+       Byte *inBuf = NULL;
+       Byte *outBuf = NULL;
        size_t inPos = 0, inSize = 0, outPos = 0;
+       SRes res;
 
-       LzmaDec_Init(state);
+       inBuf = (Byte *)malloc(sizeof(Byte) * IN_BUF_SIZE);
+       if (!inBuf) {
+               res = SZ_ERROR_UNSUPPORTED;
+               goto clean;
+       }
+       outBuf = (Byte *)malloc(sizeof(Byte) * OUT_BUF_SIZE);
+       if (!outBuf) {
+               res = SZ_ERROR_UNSUPPORTED;
+               goto clean;
+       }
 
+       LzmaDec_Init(state);
        offset = 0;
 
        for (;;) {
@@ -111,7 +122,6 @@ SRes Decode2(CLzmaDec *state, ISeqOutStream *outStream, ISeqInStream *inStream,
                        inPos = 0;
                }
 
-               SRes res;
                SizeT inProcessed = inSize - inPos;
                SizeT outProcessed = OUT_BUF_SIZE - outPos;
                ELzmaFinishMode finishMode = LZMA_FINISH_ANY;
@@ -133,14 +143,21 @@ SRes Decode2(CLzmaDec *state, ISeqOutStream *outStream, ISeqInStream *inStream,
                outPos = 0;
 
                if ((res != SZ_OK) || (thereIsSize && *unpackSize == 0))
-                       return res;
+                       goto clean;
 
                if (inProcessed == 0 && outProcessed == 0) {
                        if (thereIsSize || status != LZMA_STATUS_FINISHED_WITH_MARK)
-                               return SZ_ERROR_DATA;
-                       return res;
+                               res = SZ_ERROR_DATA;
+                       goto clean;
                }
        }
+
+clean:
+       if (inBuf)
+               free(inBuf);
+       if (outBuf)
+               free(outBuf);
+       return res;
 }
 
 int apply_patch(const char *oldfile, unsigned char *patch_buffer, unsigned char **dest_buf, ssize_t *dest_size)

diff --git a/ss_engine/SS_FSUpdate.c b/ss_engine/SS_FSUpdate.c
index ee8c6d0..a4150b7 100755 (executable)
--- a/ss_engine/SS_FSUpdate.c
+++ b/ss_engine/SS_FSUpdate.c
@@ -134,7 +134,8 @@ SS_CopyFile(const char *strFromPath, const char *strToPath)
 {
        int fd1, fd2;
        int readCount = 0, writeCount = 0;
-       char buf[1 << 15];      // copy 32KB wise
+       char *buf;      // copy 32KB wise
+       int buf_size = (1 << 15);
        int ret = 0;
 
        char path1[MAX_PATH] = { '\0' };
@@ -160,7 +161,15 @@ SS_CopyFile(const char *strFromPath, const char *strToPath)
                return E_SS_WRITE_ERROR;
        }
 
-       while ((readCount = read(fd1, buf, sizeof(buf))) > 0) {
+       buf = (char *)malloc(sizeof(char) * buf_size);
+       if (!buf) {
+               close(fd1);
+               close(fd2);
+               LOGE("Cannot allocate buf");
+               return -1;
+       }
+
+       while ((readCount = read(fd1, buf, buf_size)) > 0) {
                writeCount = write(fd2, buf, readCount);
                if (writeCount != readCount) {
                        LOGE(" read %d, but write %d, abort.\n", readCount,
@@ -170,6 +179,7 @@ SS_CopyFile(const char *strFromPath, const char *strToPath)
                }
        }
 
+       free(buf);
        close(fd1);
        fsync(fd2);
        close(fd2);