From: jh8801.jung <jh8801.jung@samsung.com>
Date: Mon, 23 Oct 2017 06:33:39 +0000 (+0900)
Subject: Fix Coverity issue
X-Git-Tag: submit/tizen/20171025.015430^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e553a94f05e3dbcf15d79af81ddb02def177a169;p=platform%2Fcore%2Fapi%2Fzigbee.git

Fix Coverity issue

- CID : 39189, 38385, 38241, 35436, 28815, 25229, 23514, 23375

Signed-off-by: jh8801.jung <jh8801.jung@samsung.com>
Change-Id: I646fe714c4e6b2f62bc3405c1e724cfd61adff57
(cherry picked from commit 0efdbf0980d899eabdc33c01bfc005250629f401)
---

diff --git a/lib/zbl_dbus.c b/lib/zbl_dbus.c
old mode 100644
new mode 100755
index 2dce7d1..925e310
--- a/lib/zbl_dbus.c
+++ b/lib/zbl_dbus.c
@@ -822,6 +822,15 @@ static void _zbl_signal_handler(GDBusConnection *connection,
 				continue;
 			default:
 				data_size = zb_get_data_size(records[j]->type);
+				if (data_size < 0) {
+					for (i = 0; i < j; i++)
+						free(records[i]->value);
+					for (i = 0; i < records_len; i++)
+						free(records[i]);
+					free(records);
+					ERR("zb_get_data_size() Fail(%d)", data_size);
+					return;
+				}
 				records[j]->value = calloc(data_size, sizeof(unsigned char));
 				if (NULL == records[j]->value) {
 					for (i = 0; i < j; i++)
@@ -2550,6 +2559,8 @@ GLOBAL_CONFIGURE_REPORTING_REQ_OUT:
 		RETM_IF(NULL == resp_iter, "Invalid parameter !");
 
 		records = calloc(record_length,	sizeof(report_config_record_h));
+		RETM_IF(NULL == records, "calloc() Fail(%d)", errno);
+
 		for (i = 0; i < record_length; i++) {
 			records[i] = calloc(1, sizeof(struct reporting_configuration_record_s));
 			if (NULL == records[i]) {
diff --git a/lib/zbl_zcl.c b/lib/zbl_zcl.c
old mode 100644
new mode 100755
index f5c99f7..7b75f10
--- a/lib/zbl_zcl.c
+++ b/lib/zbl_zcl.c
@@ -633,7 +633,7 @@ API int zb_set_value_to_read_attr_status_record(read_attr_status_record_h handle
 		RETV_IF(NULL == h->value, ZIGBEE_ERROR_OUT_OF_MEMORY);
 		h->value[0] = v->wstr->n & 0xff;
 		h->value[1] = (v->wstr->n >> 8) & 0xff ;
-		memcpy(h->value + sizeof(short), v->wstr->v + sizeof(short), v->wstr->n);
+		memcpy(h->value + sizeof(short), v->wstr->v + 2, v->wstr->n);
 	} else
 		return ZIGBEE_ERROR_NOT_SUPPORTED;
 
@@ -747,6 +747,7 @@ API int zb_get_value(zb_value_h handle, unsigned char *type, unsigned char **val
 	len = zb_get_data_size(h->type);
 	if (0 < len) {
 		s = calloc(h->size + 1 , sizeof(char));
+		RETV_IF(NULL == s, ZIGBEE_ERROR_OUT_OF_MEMORY);
 		memcpy(s, h->val, len);
 		*count = len;
 	} else if (ZB_ZCL_OCTAT_STRING == h->type || ZB_ZCL_CHRACTER_STRING == h->type) {
@@ -759,7 +760,7 @@ API int zb_get_value(zb_value_h handle, unsigned char *type, unsigned char **val
 		RETV_IF(NULL == h->wstr, ZIGBEE_ERROR_NO_DATA);
 		s = calloc(sizeof(char), h->wstr->n);
 		RETV_IF(NULL == s, ZIGBEE_ERROR_OUT_OF_MEMORY);
-		memcpy(s, h->wstr->v + sizeof(short), h->wstr->n);
+		memcpy(s, h->wstr->v + 2, h->wstr->n);
 		*count = h->wstr->n;
 	} else
 		return ZIGBEE_ERROR_NOT_SUPPORTED;
@@ -973,7 +974,7 @@ API int zb_set_value_to_write_attr_record(write_attr_record_h handle, zb_value_h
 		/* The first 2 byte indicate invalid or length of string */
 		h->value[0] = v->wstr->n & 0xff;
 		h->value[1] = (v->wstr->n >> 8) & 0xff ;
-		memcpy(h->value + sizeof(short), v->wstr->v + sizeof(short), v->wstr->n);
+		memcpy(h->value + sizeof(short), v->wstr->v + 2, v->wstr->n);
 	} else
 		return ZIGBEE_ERROR_NOT_SUPPORTED;
 
@@ -1733,7 +1734,7 @@ API int zb_set_value_to_attr_report(attr_report_h handle, zb_value_h value)
 		/* The first 2 byte indicate invalid or length of string */
 		h->value[0] = v->wstr->n & 0xff;
 		h->value[1] = (v->wstr->n >> 8) & 0xff ;
-		memcpy(h->value + sizeof(short), v->wstr->v + sizeof(short), v->wstr->n);
+		memcpy(h->value + sizeof(short), v->wstr->v + 2, v->wstr->n);
 	} else
 		return ZIGBEE_ERROR_NOT_SUPPORTED;
 
diff --git a/test/zcl_global_cmd.c b/test/zcl_global_cmd.c
old mode 100644
new mode 100755
index be8764d..ba227d6
--- a/test/zcl_global_cmd.c
+++ b/test/zcl_global_cmd.c
@@ -415,6 +415,7 @@ static int run_global_write_attr(MManager *mm, struct menu_data *menu)
 	int ret = ZIGBEE_ERROR_NONE;
 	/* Samjin Power Outlet */
 	write_attr_record_h attr;
+	int size = -1;
 
 	unsigned short cluster_id = ZB_ZCL_IDENTIFY_CLUSTER_ID;
 	unsigned short attribute_id = ZB_ZCL_IDENTIFY_TIME_ATTRIBUTE_ID;
@@ -440,8 +441,14 @@ static int run_global_write_attr(MManager *mm, struct menu_data *menu)
 	/* zb_set_id_to_write_attr_record(attr, ZB_ZCL_IDENTIFY_TIME_ATTRIBUTE_ID); */
 	zb_set_id_to_write_attr_record(attr, attribute_id);
 	zb_set_type_to_write_attr_record(attr, ZB_ZCL_UNSIGNED_16_BIT_INTEGER);
-	zb_set_buf_to_write_attr_record(attr, ZB_ZCL_UNSIGNED_16_BIT_INTEGER, attribute_value,
-			zb_get_data_size(ZB_ZCL_UNSIGNED_16_BIT_INTEGER));
+	size = zb_get_data_size(ZB_ZCL_UNSIGNED_16_BIT_INTEGER);
+	if (size < 0) {
+		zb_destroy_write_attr_record(attr);
+		msg("zb_get_data_size(%d) - FAILED!!!", size);
+		return RET_FAILURE;
+	}
+
+	zb_set_buf_to_write_attr_record(attr, ZB_ZCL_UNSIGNED_16_BIT_INTEGER, attribute_value, size);
 
 	ret = zb_zcl_global_write_attr(handle, dest_addr16, 1, sj_ep1.ep,
 			ZB_ZCL_FC_DEFAULT,
@@ -465,6 +472,7 @@ static int run_global_write_attr_undivided(MManager *mm, struct menu_data *menu)
 	unsigned char value[] = { 0x02, 0x01};
 	/* Samjin Power Outlet */
 	write_attr_record_h attr;
+	int size = -1;
 
 	ret = zb_create_write_attr_record(&attr);
 	if (ZIGBEE_ERROR_NONE != ret) {
@@ -475,8 +483,14 @@ static int run_global_write_attr_undivided(MManager *mm, struct menu_data *menu)
 
 	zb_set_id_to_write_attr_record(attr, ZB_ZCL_IDENTIFY_TIME_ATTRIBUTE_ID);
 	zb_set_type_to_write_attr_record(attr, ZB_ZCL_UNSIGNED_16_BIT_INTEGER);
-	zb_set_buf_to_write_attr_record(attr, ZB_ZCL_UNSIGNED_16_BIT_INTEGER, value,
-			zb_get_data_size(ZB_ZCL_UNSIGNED_16_BIT_INTEGER));
+	size = zb_get_data_size(ZB_ZCL_UNSIGNED_16_BIT_INTEGER);
+	if (size < 0) {
+		zb_destroy_write_attr_record(attr);
+		msg("zb_get_data_size(%d) - FAILED!!!", size);
+		return RET_FAILURE;
+	}
+
+	zb_set_buf_to_write_attr_record(attr, ZB_ZCL_UNSIGNED_16_BIT_INTEGER, value, size);
 	ret = zb_zcl_global_write_attr_undivided(handle, dest_addr16, 1,
 			sj_ep1.ep, ZB_ZCL_FC_DEFAULT, ZB_ZCL_IDENTIFY_CLUSTER_ID, &attr, 1,
 			zigbee_zcl_global_write_attributes_rsp, NULL);
@@ -498,6 +512,7 @@ static int run_global_write_attr_no_rsp(MManager *mm, struct menu_data *menu)
 	unsigned char value[] = { 0x02, 0x01};
 	/* Samjin Power Outlet */
 	write_attr_record_h attr;
+	int size = -1;
 
 	ret = zb_create_write_attr_record(&attr);
 	if (ZIGBEE_ERROR_NONE != ret) {
@@ -508,8 +523,14 @@ static int run_global_write_attr_no_rsp(MManager *mm, struct menu_data *menu)
 
 	zb_set_id_to_write_attr_record(attr, ZB_ZCL_IDENTIFY_TIME_ATTRIBUTE_ID);
 	zb_set_type_to_write_attr_record(attr, ZB_ZCL_UNSIGNED_16_BIT_INTEGER);
-	zb_set_buf_to_write_attr_record(attr, ZB_ZCL_UNSIGNED_16_BIT_INTEGER, value,
-			zb_get_data_size(ZB_ZCL_UNSIGNED_16_BIT_INTEGER));
+	size = zb_get_data_size(ZB_ZCL_UNSIGNED_16_BIT_INTEGER);
+	if (size < 0) {
+		zb_destroy_write_attr_record(attr);
+		msg("zb_get_data_size(%d) - FAILED!!!", size);
+		return RET_FAILURE;
+	}
+
+	zb_set_buf_to_write_attr_record(attr, ZB_ZCL_UNSIGNED_16_BIT_INTEGER, value, size);
 	ret = zb_zcl_global_write_attr_no_rsp(handle, dest_addr16, 1, sj_ep1.ep,
 		ZB_ZCL_FC_DEFAULT, ZB_ZCL_IDENTIFY_CLUSTER_ID, &attr, 1);
 	zb_destroy_write_attr_record(attr);