From: Seungbae Shin <seungbae.shin@samsung.com>
Date: Tue, 18 Jul 2017 11:16:42 +0000 (+0900)
Subject: Fix possible buffer overflow using strncat
X-Git-Tag: accepted/tizen/4.0/unified/20170816.013434^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=bab7e7ba96153a95cc3db601578b2934e990507b;p=platform%2Fcore%2Fapi%2Fwav-player.git

Fix possible buffer overflow using strncat

 + Fix svace detected issue of checking range of enum value

[Version] 0.1.26
[Profile] Common
[Issue Type] Security

Change-Id: If9781777feb3d63a681a17ca6dc7eb31b9864a67
---

diff --git a/packaging/capi-media-wav-player.spec b/packaging/capi-media-wav-player.spec
index 2e600eb..019f1a2 100755
--- a/packaging/capi-media-wav-player.spec
+++ b/packaging/capi-media-wav-player.spec
@@ -1,6 +1,6 @@
 Name:       capi-media-wav-player
 Summary:    A wav player library in Tizen C API
-Version:    0.1.25
+Version:    0.1.26
 Release:    0
 Group:      Multimedia/API
 License:    Apache-2.0
diff --git a/src/wav_player.c b/src/wav_player.c
index a8f3049..5ef7529 100755
--- a/src/wav_player.c
+++ b/src/wav_player.c
@@ -47,15 +47,15 @@ int wav_player_start(const char *path, sound_type_e type, wav_player_playback_co
 	if (path == NULL)
 		return _convert_wav_player_error_code(__func__, WAV_PLAYER_ERROR_INVALID_PARAMETER);
 
-	if (type < SOUND_TYPE_SYSTEM || type >= SOUND_TYPE_NUM)
+	if (type >= SOUND_TYPE_NUM)
 		return _convert_wav_player_error_code(__func__, WAV_PLAYER_ERROR_INVALID_PARAMETER);
 
 	m_path[0] = '\0';
 	if (path[0] != '/') {
 		if (getcwd(m_path, PATH_MAX) != NULL)
-			strncat(m_path, "/", PATH_MAX-strlen(m_path));
+			strncat(m_path, "/", PATH_MAX - strlen(m_path) - 1);
 	}
-	strncat(m_path, path, PATH_MAX-strlen(m_path));
+	strncat(m_path, path, PATH_MAX - strlen(m_path) - 1);
 
 	if (cb) {
 		_completed_cb = _internal_complete_cb;
diff --git a/src/wav_player_private.c b/src/wav_player_private.c
index 4a0e649..ee918db 100755
--- a/src/wav_player_private.c
+++ b/src/wav_player_private.c
@@ -105,9 +105,9 @@ int _start_with_stream_info(const char *path, sound_stream_info_h stream_info, u
 	if (path[0] != '/') {
 
 		if (getcwd(m_path, PATH_MAX) != NULL)
-			strncat(m_path, "/", PATH_MAX-strlen(m_path));
+			strncat(m_path, "/", PATH_MAX - strlen(m_path) - 1);
 	}
-	strncat(m_path, path, PATH_MAX-strlen(m_path));
+	strncat(m_path, path, PATH_MAX - strlen(m_path) - 1);
 
 	if (callback) {
 		_completed_cb = _internal_complete_cb;