From: Yunjin Lee <yunjin-.lee@samsung.com>
Date: Fri, 24 Jun 2016 05:48:20 +0000 (+0900)
Subject: Fix to check return value of sqlite3_mprintf
X-Git-Tag: submit/tizen/20160624.055449^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e75fccaf4c07ddb23f2b6a3e732685152e2fd12d;p=platform%2Fcore%2Fsecurity%2Fprivilege-checker.git

Fix to check return value of sqlite3_mprintf

Change-Id: Ic9be1be50e756121cbd79128d38b19aba417e1f0
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
---

diff --git a/capi/src/privilege_db_manager.c b/capi/src/privilege_db_manager.c
index 0754d24..c50fa80 100755
--- a/capi/src/privilege_db_manager.c
+++ b/capi/src/privilege_db_manager.c
@@ -69,13 +69,16 @@ int __initialize_db(char type, sqlite3 ** db, privilege_db_manager_package_type_
 	return PRIVILEGE_DB_MANAGER_ERR_NONE;
 }
 
-void __finalize_db(sqlite3 * db, sqlite3_stmt * stmt)
+void __finalize_db(sqlite3 * db, sqlite3_stmt * stmt, char* sql)
 {
 	if (stmt != NULL)
 		sqlite3_finalize(stmt);
 
 	if (db != NULL)
 		sqlite3_close(db);
+
+	if (sql != NULL)
+		sqlite3_free(sql);
 }
 
 int __make_privilege_list_str(GList *privilege_list, char** privilege_list_str)
@@ -129,11 +132,12 @@ int privilege_db_manager_check_black_list(int uid, privilege_db_manager_package_
 	LOGD("check black list with uid = %d, package_type = %d, privilege_list = %s", uid, package_type, privilege_list_str);
 	char *sql = sqlite3_mprintf("select distinct privilege_name from black_list where privilege_name in(%s)and uid=%d and package_type=%d", privilege_list_str, uid, package_type);
 	sqlite3_free(privilege_list_str);
+	TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
 
 	ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
 	if (ret != SQLITE_OK) {
 		LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
-		sqlite3_close(db);
+		__finalize_db(db, stmt, sql);
 		return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
 	}
 
@@ -146,8 +150,7 @@ int privilege_db_manager_check_black_list(int uid, privilege_db_manager_package_
 	if (count > 0)
 		LOGE("Privilege list contains banned privileges!");
 
-	__finalize_db(db, stmt);
-	sqlite3_free(sql);
+	__finalize_db(db, stmt, sql);
 
 	return count;
 }
@@ -182,10 +185,12 @@ int privilege_db_manager_get_privilege_list(const char *api_version, privilege_d
 
 	char *sql = sqlite3_mprintf("select privilege_name, privilege_level_id, %s, api_version_issued, api_version_expired from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d", changed_to_version, PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, package_type);
 	free(changed_to_version);
+	TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
+
 	ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
 	if (ret != SQLITE_OK) {
 		LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
-		sqlite3_close(db);
+		__finalize_db(db, stmt, sql);
 		return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
 	}
 
@@ -193,7 +198,7 @@ int privilege_db_manager_get_privilege_list(const char *api_version, privilege_d
 		ret = sqlite3_step(stmt);
 		if (ret == SQLITE_ROW) {
 			privilege_info_db_row_s *privilege_info_db_row = (privilege_info_db_row_s *)malloc(sizeof(privilege_info_db_row_s));
-			TryReturn(privilege_info_db_row != NULL, free(privilege_info_db_row), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] privilege_info_db_row's malloc is failed.");
+			TryReturn(privilege_info_db_row != NULL, free(privilege_info_db_row); __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] privilege_info_db_row's malloc is failed.");
 
 			privilege_info_db_row->profile = NULL;
 			privilege_info_db_row->package_type = NULL;
@@ -211,25 +216,29 @@ int privilege_db_manager_get_privilege_list(const char *api_version, privilege_d
 
 			privilege_info_db_row->privilege_name = strdup((char *)sqlite3_column_text(stmt, 0));
 			TryReturn(privilege_info_db_row->privilege_name != NULL, free(privilege_info_db_row->privilege_name);
-					  free(privilege_info_db_row), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] privilege_name's strdup is failed.");
+					  free(privilege_info_db_row);
+					  __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] privilege_name's strdup is failed.");
 			privilege_info_db_row->privilege_level_id = sqlite3_column_int(stmt, 1);
 			privilege_info_db_row->changed_to = strdup((char *)sqlite3_column_text(stmt, 2));
 			TryReturn(privilege_info_db_row->changed_to != NULL, free(privilege_info_db_row->privilege_name);
 					  free(privilege_info_db_row->changed_to);
-					  free(privilege_info_db_row), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] changed_to's strdup is failed.");
+					  free(privilege_info_db_row);
+					  __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] changed_to's strdup is failed.");
 
 			privilege_info_db_row->issued_version = strdup((char *)sqlite3_column_text(stmt, 3));
 			TryReturn(privilege_info_db_row->issued_version != NULL, free(privilege_info_db_row->privilege_name);
 					  free(privilege_info_db_row->changed_to);
 					  free(privilege_info_db_row->issued_version);
-					  free(privilege_info_db_row), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] issued_version's strdup is failed.");
+					  free(privilege_info_db_row);
+					  __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] issued_version's strdup is failed.");
 
 			privilege_info_db_row->expired_version = strdup((char *)sqlite3_column_text(stmt, 4));
 			TryReturn(privilege_info_db_row->expired_version != NULL, free(privilege_info_db_row->privilege_name);
 					  free(privilege_info_db_row->changed_to);
 					  free(privilege_info_db_row->issued_version);
 					  free(privilege_info_db_row->expired_version);
-					  free(privilege_info_db_row), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] expired_version's strdup is failed.");
+					  free(privilege_info_db_row);
+					  __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] expired_version's strdup is failed.");
 
 			temp_privilege_list = g_list_append(temp_privilege_list, privilege_info_db_row);
 		}
@@ -237,8 +246,7 @@ int privilege_db_manager_get_privilege_list(const char *api_version, privilege_d
 
 	*privilege_list = temp_privilege_list;
 
-	__finalize_db(db, stmt);
-	sqlite3_free(sql);
+	__finalize_db(db, stmt, sql);
 
 	return PRIVILEGE_DB_MANAGER_ERR_NONE;
 }
@@ -257,15 +265,16 @@ int privilege_db_manager_get_mapped_privilege_list(const char *api_version, priv
 
 	char *privilege_list_str = NULL;
 	ret = __make_privilege_list_str(privilege_list, &privilege_list_str);
-	TryReturn(ret == 0 && privilege_list_str != NULL, , PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] making privilege_list_str for where in query is failed.");
+	TryReturn(ret == 0 && privilege_list_str != NULL, sqlite3_close(db), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] making privilege_list_str for where in query is failed.");
 
 	char *sql = sqlite3_mprintf("select distinct mapped_privilege_name from privilege_mapping where privilege_name in(%s)and(profile_id=%d or profile_id=%d)and from_api_version<=%Q and to_api_version>%Q", privilege_list_str, PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, api_version, api_version);
 	sqlite3_free(privilege_list_str);
+	TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
 
 	ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
 	if (ret != SQLITE_OK) {
 		LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
-		sqlite3_close(db);
+		__finalize_db(db, stmt, sql);
 		return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
 	}
 
@@ -279,8 +288,7 @@ int privilege_db_manager_get_mapped_privilege_list(const char *api_version, priv
 
 	*mapped_privilege_list = temp_privilege_list;
 
-	__finalize_db(db, stmt);
-	sqlite3_free(sql);
+	__finalize_db(db, stmt, sql);
 
 	return PRIVILEGE_DB_MANAGER_ERR_NONE;
 }
@@ -302,11 +310,12 @@ int privilege_db_manager_get_privilege_display(privilege_db_manager_package_type
 	} else {
 		sql = sqlite3_mprintf("select privilege_display from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q and api_version_issued<=%Q and api_version_expired>%Q", PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, package_type, privilege_name, api_version, api_version);
 	}
+	TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
 
 	ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
 	if (ret != SQLITE_OK) {
 		LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
-		sqlite3_close(db);
+		__finalize_db(db, stmt, sql);
 		return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
 	}
 
@@ -315,13 +324,13 @@ int privilege_db_manager_get_privilege_display(privilege_db_manager_package_type
 		LOGD("privilege_display = %s", (char *)sqlite3_column_text(stmt, 0));
 
 		*privilege_display = strdup((char *)sqlite3_column_text(stmt, 0));
-		TryReturn(*privilege_display != NULL, , PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] privilege_name's strdup is failed.");
-		__finalize_db(db, stmt);
+		TryReturn(*privilege_display != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] privilege_name's strdup is failed.");
+		__finalize_db(db, stmt, sql);
 		return PRIVILEGE_DB_MANAGER_ERR_NONE;
 	}
 
-	__finalize_db(db, stmt);
-	sqlite3_free(sql);
+	__finalize_db(db, stmt, sql);
+
 	return PRIVILEGE_DB_NO_EXIST_RESULT;
 }
 
@@ -340,11 +349,12 @@ int privilege_db_manager_get_privilege_description(privilege_db_manager_package_
 		sql = sqlite3_mprintf("select privilege_description from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q", PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, package_type, privilege_name);
 	else
 		sql = sqlite3_mprintf("select privilege_description from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q and api_version_issued<=%Q and api_version_expired>%Q", PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, package_type, privilege_name, api_version, api_version);
+	TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
 
 	ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
 	if (ret != SQLITE_OK) {
 		LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
-		sqlite3_close(db);
+		__finalize_db(db, stmt, sql);
 		return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
 	}
 
@@ -353,14 +363,14 @@ int privilege_db_manager_get_privilege_description(privilege_db_manager_package_
 		LOGD("privilege_description = %s", (char *)sqlite3_column_text(stmt, 0));
 
 		*privilege_description = strdup((char *)sqlite3_column_text(stmt, 0));
-		TryReturn(*privilege_description != NULL, , PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] privilege_name's strdup is failed.");
+		TryReturn(*privilege_description != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] privilege_name's strdup is failed.");
 
-		__finalize_db(db, stmt);
+		__finalize_db(db, stmt, sql);
 		return PRIVILEGE_DB_MANAGER_ERR_NONE;
 	}
 
-	__finalize_db(db, stmt);
-	sqlite3_free(sql);
+	__finalize_db(db, stmt, sql);
+
 	return PRIVILEGE_DB_NO_EXIST_RESULT;
 }
 
@@ -376,10 +386,11 @@ int privilege_db_manager_get_privilege_group_display(privilege_db_manager_packag
 	char *sql = sqlite3_mprintf("select privilege_group_id from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q and api_version_issued<=%Q",
 								PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, package_type, privilege_name, api_version, api_version);
 
+	TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
 	ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
 	if (ret != SQLITE_OK) {
 		LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
-		sqlite3_close(db);
+		__finalize_db(db, stmt, sql);
 		return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
 	}
 
@@ -388,12 +399,12 @@ int privilege_db_manager_get_privilege_group_display(privilege_db_manager_packag
 		*privilege_group_number = (int)sqlite3_column_int(stmt, 0);
 		LOGD("privilege_group_number = %d", *privilege_group_number);
 
-		__finalize_db(db, stmt);
+		__finalize_db(db, stmt, sql);
 		return PRIVILEGE_DB_MANAGER_ERR_NONE;
 	}
 
-	__finalize_db(db, stmt);
-	sqlite3_free(sql);
+	__finalize_db(db, stmt, sql);
+
 	return PRIVILEGE_DB_NO_EXIST_RESULT;
 }
 
@@ -406,8 +417,9 @@ int privilege_db_manager_is(char type, const char* privilege)
 	TryReturn(ret == PRIVILEGE_DB_MANAGER_ERR_NONE, , ret, "[PRIVILEGE_DB_MANAGER] DB INITIALIZE FAIL");
 
 	char *sql = sqlite3_mprintf("select * from valid_privilege_info where privilege_name=%Q", privilege);
+	TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
 	ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
-	TryReturn(ret == SQLITE_OK, sqlite3_close(db), -PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
+	TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), -PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
 
 	ret = sqlite3_step(stmt);
 	if (ret == SQLITE_ROW) {
@@ -432,8 +444,8 @@ int privilege_db_manager_is(char type, const char* privilege)
 		res = -1;
 	}
 
-	__finalize_db(db, stmt);
-	sqlite3_free(sql);
+	__finalize_db(db, stmt, sql);
+
 	if (res < 0)
 		return -ret;
 	else
@@ -449,11 +461,11 @@ int __privilege_db_manager_get_privacy_list(GList **privacy_list)
 		return ret;
 
 	char *sql = sqlite3_mprintf("select DISTINCT privacy_group from privilege_info where is_privacy=1 order by privacy_group");
-	ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
+	TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
 	ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
 	if (ret != SQLITE_OK) {
 		LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
-		sqlite3_close(db);
+		__finalize_db(db, stmt, sql);
 		return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
 	}
 
@@ -468,8 +480,7 @@ int __privilege_db_manager_get_privacy_list(GList **privacy_list)
 
 	*privacy_list = temp_privacy_list;
 
-	__finalize_db(db, stmt);
-	sqlite3_free(sql);
+	__finalize_db(db, stmt, sql);
 
 	return PRIVILEGE_DB_MANAGER_ERR_NONE;
 
@@ -484,10 +495,11 @@ int __privilege_db_manager_get_privilege_list_by_privacy(const char* privacy, GL
 		return ret;
 
 	char *sql = sqlite3_mprintf("select distinct privilege_name from privilege_info where is_privacy=1 and privacy_group=%Q", privacy);
+	TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
 	ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
 	if (ret != SQLITE_OK) {
 		LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
-		sqlite3_close(db);
+		__finalize_db(db, stmt, sql);
 		return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
 	}
 
@@ -502,8 +514,7 @@ int __privilege_db_manager_get_privilege_list_by_privacy(const char* privacy, GL
 
 	*privilege_list = temp_privilege_list;
 
-	__finalize_db(db, stmt);
-	sqlite3_free(sql);
+	__finalize_db(db, stmt, sql);
 
 	return PRIVILEGE_DB_MANAGER_ERR_NONE;
 
@@ -518,10 +529,11 @@ int privilege_db_manager_get_black_list(int uid, privilege_db_manager_package_ty
 		return ret;
 	LOGD("Get privilege_name from black_list where uid = %d, package_type = %d", uid, package_type);
 	char* sql = sqlite3_mprintf("select privilege_name from black_list where uid=%d and package_type=%d", uid, package_type);
+	TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
 	ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
 	if (ret != SQLITE_OK) {
 		LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
-		sqlite3_close(db);
+		__finalize_db(db, stmt, sql);
 		return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
 	}
 
@@ -539,8 +551,7 @@ int privilege_db_manager_get_black_list(int uid, privilege_db_manager_package_ty
 
 	*privilege_list = temp_privilege_list;
 
-	__finalize_db(db, stmt);
-	sqlite3_free(sql);
+	__finalize_db(db, stmt, sql);
 
 	return PRIVILEGE_DB_MANAGER_ERR_NONE;
 }
@@ -559,25 +570,26 @@ int privilege_db_manager_set_black_list(int uid, privilege_db_manager_package_ty
 		char *privilege_name = (char *)l->data;
 		LOGD("insert uid = %d, package_type = %d, privilege_name = %s", uid, package_type, privilege_name);
 		char* sql = sqlite3_mprintf("insert or ignore into black_list (uid, package_type, privilege_name) values (%d, %d, %Q)", uid, package_type, privilege_name);
+		TryReturn(sql != NULL, sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
 		ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
 		if (ret != SQLITE_OK) {
 			LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
 			sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL);
-			sqlite3_close(db);
+			__finalize_db(db, stmt, sql);
 			return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
 		}
 		ret = sqlite3_step(stmt);
 		if (ret != SQLITE_DONE) {
 			__get_db_error(ret);
 			sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL);
-			__finalize_db(db, stmt);
+			__finalize_db(db, stmt, sql);
 			return ret;
 		}
 		sqlite3_free(sql);
 	}
 
 	sqlite3_exec(db, "COMMIT TRANSACTION", NULL, NULL, NULL);
-	__finalize_db(db, stmt);
+	__finalize_db(db, stmt, NULL);
 	return PRIVILEGE_DB_MANAGER_ERR_NONE;
 }
 
@@ -595,24 +607,25 @@ int privilege_db_manager_unset_black_list(int uid, privilege_db_manager_package_
 		char *privilege_name = (char *)l->data;
 		LOGD("delete from black_list where uid = %d, package_type = %d, privilege_name = %s", uid, package_type, privilege_name);
 		char* sql = sqlite3_mprintf("delete from black_list where uid=%d and package_type=%d and privilege_name=%Q", uid, package_type, privilege_name);
+		TryReturn(sql != NULL, sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
 		ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
 		if (ret != SQLITE_OK) {
 			LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
 			sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL);
-			sqlite3_close(db);
+			__finalize_db(db, stmt, sql);
 			return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
 		}
 		ret = sqlite3_step(stmt);
 		if (ret != SQLITE_DONE) {
 			__get_db_error(ret);
 			sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL);
-			__finalize_db(db, stmt);
+			__finalize_db(db, stmt, sql);
 			return ret;
 		}
 		sqlite3_free(sql);
 	}
 
 	sqlite3_exec(db, "COMMIT TRANSACTION", NULL, NULL, NULL);
-	__finalize_db(db, stmt);
+	__finalize_db(db, stmt, NULL);
 	return PRIVILEGE_DB_MANAGER_ERR_NONE;
 }