From: Adam Michalski <a.michalski2@partner.samsung.com>
Date: Fri, 29 Nov 2024 13:06:48 +0000 (+0100)
Subject: Fix SVACE issues
X-Git-Tag: accepted/tizen/9.0/unified/20241216.142727~1^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=2d5b2b6fc3a1a9cb45976a47565a03b3f6d6e515;p=platform%2Fcore%2Fsystem%2Fupgrade.git

Fix SVACE issues

WID: 12150987 Unsafe conversion of expression 'dwPosition' with type
'SS-UINT32' to type __off64_t.

Change-Id: Ie1fbc1222bc238665ce3767f2909949a2c316177
---

diff --git a/src/upgrade-apply-deltafs/engine/SS_FSUpdate.c b/src/upgrade-apply-deltafs/engine/SS_FSUpdate.c
index db4b661..6ecdf6d 100644
--- a/src/upgrade-apply-deltafs/engine/SS_FSUpdate.c
+++ b/src/upgrade-apply-deltafs/engine/SS_FSUpdate.c
@@ -30,6 +30,7 @@
 #include <string.h>
 #include <strings.h>
 #include <sys/wait.h>
+#include <stdint.h>
 
 #include <ftw.h>
 #include <sys/xattr.h>
@@ -385,8 +386,12 @@ SS_WriteFile(long wHandle,
 
 	LOGL(LOG_SSENGINE, "Handle:%ld , Pos:%u , Size: %u\n", wHandle,
 			dwPosition, dwSize);
-
-	ret = lseek(wHandle, dwPosition, SEEK_SET);
+	if (dwPosition > INT64_MAX) {
+		LOGE("Position value exceeds 64-bit signed range: %u", dwPosition);
+		return E_SS_WRITE_ERROR;
+	}
+	__off64_t position = (__off64_t)dwPosition;
+	ret = lseek(wHandle, position, SEEK_SET);
 	if (ret < 0) {
 		LOGE(" lseek failed with return value: %d\n", ret);
 		LOGL(LOG_SSENGINE, "lseek errno=%d\n", errno);
@@ -469,7 +474,12 @@ SS_ReadFile(long wHandle,
 	LOG(" %s: Handle:%ld , Pos:%u , Size: %u", __func__, wHandle,
 	       dwPosition, dwSize);
 #endif
-	ret = lseek(wHandle, dwPosition, SEEK_SET);
+	if (dwPosition > INT64_MAX) {
+		LOGE("Position value exceeds 64-bit signed range: %u", dwPosition);
+		return E_SS_WRITE_ERROR;
+	}
+	__off64_t position = (__off64_t)dwPosition;
+	ret = lseek(wHandle, position, SEEK_SET);
 	if (ret < 0) {
 		LOGE("Handle:%ld , Pos:%u , Size: %u\n", wHandle, dwPosition,
 		     dwSize);