projects / platform / core / multimedia / libmedia-service.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f76b143)
Fix buffer overflow 87/276287/2 accepted/tizen/unified/20220616.141911 submit/tizen/20220615.081536
authorminje.ahn <minje.ahn@samsung.com>
Tue, 14 Jun 2022 05:00:09 +0000 (14:00 +0900)
committerminje.ahn <minje.ahn@samsung.com>
Tue, 14 Jun 2022 08:07:26 +0000 (17:07 +0900)
Change-Id: Iaf4c4b70dc56cc63e244d5bcd4d85b860c46655e
Signed-off-by: minje.ahn <minje.ahn@samsung.com>
src/common/media-svc-util.c patch | blob | history

diff --git a/src/common/media-svc-util.c b/src/common/media-svc-util.c
index 0f754bb..3714e3b 100644 (file)
--- a/src/common/media-svc-util.c
+++ b/src/common/media-svc-util.c
@@ -1138,7 +1138,7 @@ int _media_svc_extract_media_metadata(sqlite3 *handle, bool is_direct, media_svc
        return MS_MEDIA_ERR_NONE;
 }
 
-static gchar * __media_svc_get_zipfile_data(zip_t *z, const char *fname)
+static gchar * __media_svc_get_zipfile_string(zip_t *z, const char *fname)
 {
        int err = 0;
        zip_int64_t index_num = 0;
@@ -1158,7 +1158,7 @@ static gchar * __media_svc_get_zipfile_data(zip_t *z, const char *fname)
        file = zip_fopen_index(z, index_num, ZIP_FL_UNCHANGED);
        media_svc_retvm_if(!file, NULL, "zip_fopen_index failed");
 
-       buf = g_malloc0(sb.size);
+       buf = g_malloc0(sb.size + 1);
 
        err = zip_fread(file, buf, sb.size);
        zip_fclose(file);
@@ -1252,10 +1252,9 @@ static gboolean __media_svc_get_epub_root_file(zip_t *z, char **opf_file)
        media_svc_retvm_if(!z, FALSE, "z is NULL");
        media_svc_retvm_if(!opf_file, FALSE, "opf_file is NULL");
 
-       buf = __media_svc_get_zipfile_data(z, "META-INF/container.xml");
+       buf = __media_svc_get_zipfile_string(z, "META-INF/container.xml");
        media_svc_retvm_if(!buf, FALSE, "buf is NULL");
 
-
        tmp_buf = g_strrstr(buf, ">");
        if (tmp_buf)
                *(tmp_buf + 1) = '\0';
@@ -1333,10 +1332,10 @@ static int __media_svc_get_epub_metadata(media_svc_content_info_s *content_info)
        }
 
        //3. get metadata
-       buf = __media_svc_get_zipfile_data(z, opf_path);
+       buf = __media_svc_get_zipfile_string(z, opf_path);
        xmlFree(opf_path);
        zip_close(z);
-       media_svc_retvm_if(!buf, MS_MEDIA_ERR_INTERNAL, "__media_svc_get_zipfile_data failed");
+       media_svc_retvm_if(!buf, MS_MEDIA_ERR_INTERNAL, "__media_svc_get_zipfile_string failed");
 
        if (!__media_svc_get_xml_metadata((const xmlChar *)buf, FALSE, content_info))
                media_svc_error("__media_svc_get_xml_metadata failed");
Domain: Multimedia / Media Content;