From: Jiwan Kim Date: Thu, 11 May 2017 06:53:25 +0000 (+0900) Subject: Fix for svace issues X-Git-Tag: submit/tizen/20170512.045637^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c6bf5d3bb28a7a6081c0463a15957b747b3f005e;p=platform%2Fcore%2Fapi%2Fzigbee.git Fix for svace issues Change-Id: I99a5e00505a907f5a421c3f00138d91f8cb3206a Signed-off-by: Jiwan Kim --- diff --git a/lib/zbl_dbus.c b/lib/zbl_dbus.c index 2417a06..01ef40a 100644 --- a/lib/zbl_dbus.c +++ b/lib/zbl_dbus.c @@ -718,7 +718,7 @@ static void _zbl_signal_handler(GDBusConnection *connection, g_variant_get(parameters, "(qyqaqa(y)a(y)i)", &addr16, &ep, &cluster_id, &attr_iter, &dataType_iter, &data_iter, &records_len); - records = calloc(records_len, sizeof(struct attribute_report_s)); + records = calloc(records_len, sizeof(struct attribute_report_s*)); RETM_IF(NULL == records, "calloc() Fail(%d)", errno); for (j = 0; j < records_len; j++) { records[j] = calloc(1, sizeof(struct attribute_report_s)); @@ -852,6 +852,7 @@ static void _zbl_signal_handler(GDBusConnection *connection, free(records[j]->value); free(records[j]); } + free(records); return; } @@ -1101,6 +1102,8 @@ static void _zbl_request_cleanup(gpointer data) #ifdef ZB_FEATURE_GLOBAL_RSP_SYNC _zbl_deregister_global_req(container->handle, container); + if (container->global_cmd) + free(container->global_cmd); #endif free(container); @@ -1169,8 +1172,10 @@ static gboolean _zbl_timeout_cb(gpointer p) cb(ZB_ZDP_TIMEOUT, 0, 0, 0, (void **)records, container->userdata); - free(records[0]); - free(records); + if (records && records[0]) + free(records[0]); + if (records) + free(records); } break; case ZBL_ZDO_MGMT_LQI_REQ: { @@ -1183,8 +1188,10 @@ static gboolean _zbl_timeout_cb(gpointer p) cb(ZB_ZDP_TIMEOUT, 0, 0, 0, (void **)records, container->userdata); - free(records[0]); - free(records); + if (records && records[0]) + free(records[0]); + if (records) + free(records); } break; case ZBL_ZDO_MGMT_RTG_REQ: { @@ -1197,8 +1204,10 @@ static gboolean _zbl_timeout_cb(gpointer p) cb(ZB_ZDP_TIMEOUT, 0, 0, 0, (void **)records, container->userdata); - free(records[0]); - free(records); + if (records && records[0]) + free(records[0]); + if (records) + free(records); } break; case ZBL_ZDO_MGMT_NWK_DISC_REQ: { @@ -1209,8 +1218,11 @@ static gboolean _zbl_timeout_cb(gpointer p) records[0] = calloc(1, sizeof(struct zb_zdo_network_list_record_s)); cb(0, 0, 0, 0, (void **)records, container->userdata); - free(records[0]); - free(records); + + if (records && records[0]) + free(records[0]); + if (records) + free(records); } break; case ZBL_ZDO_MGMT_PERMIT_JOIN_REQ: { @@ -1236,6 +1248,7 @@ static gboolean _zbl_timeout_cb(gpointer p) case ZBL_ZDO_USER_DESC_REQ: { zb_zdo_user_desc_rsp cb = container->cb; cb(ZB_ZDP_TIMEOUT, 0, 0, NULL, container->userdata); + break; } case ZBL_ZDO_USER_DESC_SET_REQ: { zb_zdo_user_desc_conf cb = container->cb; @@ -1733,6 +1746,7 @@ static void _zbl_response_cb(GDBusConnection *connection, cb(status, addr16, length, complex_desc, container->userdata); free(complex_desc); + break; } case ZBL_ZDO_USER_DESC_SET_REQ: { zb_zdo_user_desc_conf cb = container->cb; @@ -4264,7 +4278,7 @@ int zbl_user_desc_set(zigbee_h handle, nwk_addr addr16, unsigned char len, RETV_IF(NULL == gdbus_conn, ZIGBEE_ERROR_IO_ERROR); RETV_IF(NULL == zdo_dev_proxy, ZIGBEE_ERROR_IO_ERROR); - RETVM_IF(len > MAX_USER_DESC_SIZE || len < 0x00, ZIGBEE_ERROR_INVALID_PARAMETER, + RETVM_IF(len > MAX_USER_DESC_SIZE, ZIGBEE_ERROR_INVALID_PARAMETER, "invalid length=%d", len); container = calloc(1, sizeof(zbl_req_cb_s)); diff --git a/lib/zbl_zcl.c b/lib/zbl_zcl.c index d15501e..b4969e3 100644 --- a/lib/zbl_zcl.c +++ b/lib/zbl_zcl.c @@ -700,12 +700,12 @@ API int zb_set_value(zb_value_h handle, unsigned char type, unsigned char *value free(h->str); } /* string size exception case */ - RETV_IF(0xff - 1 < h->str->n, ZIGBEE_ERROR_PARAMETER_OUT_OF_RANGE); + RETV_IF(0xff - 1 < count, ZIGBEE_ERROR_PARAMETER_OUT_OF_RANGE); h->str = malloc(sizeof(struct attribute_str_s)); RETV_IF(NULL == h->str, ZIGBEE_ERROR_OUT_OF_MEMORY); h->str->n = count; /* The first 1 byte indicate invalid or length of string */ - h->str->v = calloc(sizeof(unsigned char), h->str->n + sizeof(h->str->n)); + h->str->v = calloc(h->str->n + sizeof(h->str->n), sizeof(unsigned char)); RETV_IF(NULL == h->str->v, ZIGBEE_ERROR_OUT_OF_MEMORY); memcpy(h->str->v, value+sizeof(h->str->n), h->str->n); @@ -718,12 +718,12 @@ API int zb_set_value(zb_value_h handle, unsigned char type, unsigned char *value free(h->wstr); } /* 2 byte string size exception case */ - RETV_IF(0xffff - 1 < h->wstr->n, ZIGBEE_ERROR_PARAMETER_OUT_OF_RANGE); + RETV_IF(0xffff - 1 < count, ZIGBEE_ERROR_PARAMETER_OUT_OF_RANGE); h->wstr = malloc(sizeof(struct attribute_wstr_s)); RETV_IF(NULL == h->wstr, ZIGBEE_ERROR_OUT_OF_MEMORY); h->wstr->n = count; /* The first 2 byte indicate invalid or length of string */ - h->wstr->v = calloc(sizeof(unsigned char), h->wstr->n + sizeof(h->wstr->n)); + h->wstr->v = calloc(h->wstr->n + sizeof(h->wstr->n), sizeof(wchar_t)); RETV_IF(NULL == h->wstr->v, ZIGBEE_ERROR_OUT_OF_MEMORY); memcpy(h->wstr->v, value+sizeof(h->wstr->n), h->wstr->n); diff --git a/test/menu.c b/test/menu.c index 5c597f1..b06e6f9 100644 --- a/test/menu.c +++ b/test/menu.c @@ -362,7 +362,7 @@ static void _hex_dump(const char *pad, int size, const void *data) snprintf(buf, 255, "%s%04X: ", pad, 0); for (i = 0; i < size; i++) { snprintf(hex, 4, "%02X ", p[i]); - strncat(buf, hex, strlen(hex)); + strncat(buf, hex, 255 - strlen(buf) - 1); if ((i + 1) % 8 == 0) { if ((i + 1) % 16 == 0) { @@ -370,7 +370,7 @@ static void _hex_dump(const char *pad, int size, const void *data) memset(buf, 0, 255); snprintf(buf, 255, "%s%04X: ", pad, i + 1); } else { - strncat(buf, TAB_SPACE, strlen(TAB_SPACE)); + strncat(buf, TAB_SPACE, 255 - strlen(buf) - 1); } } } diff --git a/test/zcl_global_cmd.c b/test/zcl_global_cmd.c index 56331bb..be8764d 100644 --- a/test/zcl_global_cmd.c +++ b/test/zcl_global_cmd.c @@ -122,9 +122,11 @@ static void zigbee_zcl_global_read_attributes_rsp(nwk_addr addr16, msg(" value[0] = 0x%02x", buf[0]); free(buf); } - zb_destroy_value(value); } } + + if (value) + zb_destroy_value(value); } static void zigbee_zcl_global_write_attributes_rsp(nwk_addr addr16, @@ -224,7 +226,7 @@ static void zigbee_zcl_global_read_reporting_configuration_rsp(nwk_addr addr16, msg(" Msg length %d", records_len); while (i < records_len) { - msg(" records[%d] 0x%08X", i, id); + msg(" records[%d]", i); zb_get_id_from_report_config_record(records[i], &id); msg(" AttributeId 0x%04X", id); zb_get_type_from_report_config_record(records[i], &type); @@ -417,7 +419,7 @@ static int run_global_write_attr(MManager *mm, struct menu_data *menu) unsigned short cluster_id = ZB_ZCL_IDENTIFY_CLUSTER_ID; unsigned short attribute_id = ZB_ZCL_IDENTIFY_TIME_ATTRIBUTE_ID; unsigned short temp; - unsigned char attribute_value[] = {0,}; + unsigned char attribute_value[3] = {0,}; if (strlen(w_data_cluster_id)) cluster_id = (unsigned short)strtol(w_data_cluster_id, NULL, 16); @@ -530,9 +532,9 @@ static int run_global_config_report(MManager *mm, struct menu_data *menu) report_config_record_h config; unsigned short cluster_id = ZB_ZCL_ON_OFF_CLUSTER_ID; unsigned short attribute_id = ZB_ZCL_ON_OFF_ATTRIBUTE_ID; - unsigned short min_i; - unsigned short max_i; - unsigned short timeout; + unsigned short min_i = 0xA; + unsigned short max_i = 0x3C; + unsigned short timeout = 10; if (strlen(r_data_cluster_id)) cluster_id = (unsigned short)strtol(r_data_cluster_id, NULL, 16);