From: Karol Lewandowski <k.lewandowsk@samsung.com>
Date: Wed, 16 Aug 2023 12:23:04 +0000 (+0200)
Subject: diagnostics: Fix errors found via static analysis
X-Git-Tag: accepted/tizen/unified/20230818.054622~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=91da97c2e9fcf3e5b4ce01eb9ba2892c6852166b;p=platform%2Fcore%2Fsystem%2Fcrash-worker.git

diagnostics: Fix errors found via static analysis

Change-Id: Iad3f8e31e62d5a0fe2d87a98e9fdbfe26359a4e0
---

diff --git a/packaging/crash-worker.spec b/packaging/crash-worker.spec
index dabd8f37..a3376c7b 100644
--- a/packaging/crash-worker.spec
+++ b/packaging/crash-worker.spec
@@ -16,7 +16,7 @@
 
 Name:           crash-worker
 Summary:        Coredump handler and report generator for Tizen
-Version:        8.0.0
+Version:        8.0.1
 Release:        1
 Group:          Framework/system
 License:        MIT
diff --git a/src/bugreport-service/diagnostics/diagnostics_dump.c b/src/bugreport-service/diagnostics/diagnostics_dump.c
index 0be62377..93258e33 100644
--- a/src/bugreport-service/diagnostics/diagnostics_dump.c
+++ b/src/bugreport-service/diagnostics/diagnostics_dump.c
@@ -300,14 +300,15 @@ static struct report_file *find_report_file(const char *ident, struct report_fil
 	return NULL;
 }
 
-static bool parse_pid_from_report_file(int report_fd, char *str)
+static bool parse_pid_from_report_file(int report_fd, char *str, size_t strsize)
 {
-	FILE *fp;
+	assert(str);
+	assert(strsize > 0);
+
+	FILE *fp = NULL;
 	char buff[1024];
 	int pid = -1;
-
-	if (!str)
-		return false;
+	bool ret = false;
 
 	fp = fdopen(report_fd, "r");
 	if (!fp) {
@@ -321,19 +322,29 @@ static bool parse_pid_from_report_file(int report_fd, char *str)
 	}
 	if (pid < 0) {
 		_E("There is no PID information in the report file");
-		return false;
+		goto out;
+	}
+
+	int r = snprintf(str, strsize, "%d", pid);
+	if (r < 0 || r >= strsize) {
+		_E("Internal error: Unable to store PID parsed from report file - increase pid[n] size");
+		goto out;
 	}
 
-	sprintf(str, "%d", pid);
+	ret = true;
 
-	return true;
+out:
+	if (fp)
+		fclose(fp);
+
+	return ret;
 }
 
 static bool write_pid(int fd, int in_fd)
 {
 	char pid[10];
 
-	if (!parse_pid_from_report_file(in_fd, pid)) {
+	if (!parse_pid_from_report_file(in_fd, pid, sizeof(pid))) {
 		dprintf(fd, "Internal error\n");
 		return false;
 	}