From: jiyong.min <jiyong.min@samsung.com>
Date: Tue, 21 Jul 2020 23:23:40 +0000 (+0900)
Subject: Fix 'sql_str' memory leak if 'handle' is null or 'sql_str' is empty string
X-Git-Tag: submit/tizen_5.5/20201007.073743~4
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=ea679af309fd4b76cdab3fca347bf6ab12463c33;p=platform%2Fcore%2Fapi%2Fmedia-controller.git

Fix 'sql_str' memory leak if 'handle' is null or 'sql_str' is empty string

Change-Id: I00febeb6285b7b37c6ae3dbb991f75dcb05d7dd3
(cherry picked from commit 5c335a35d6c35c3c3170e6c1584628ceca3af150)
---

diff --git a/src/media_controller_db.c b/src/media_controller_db.c
index 309d5cc..7733706 100644
--- a/src/media_controller_db.c
+++ b/src/media_controller_db.c
@@ -27,7 +27,7 @@ static int __mc_db_update_db(mc_priv_type_e priv_type, const char *sql_str)
 	return _mc_ipc_send_message_to_server(MC_MSG_DB_UPDATE, priv_type, sql_str);
 }
 
-static int __mc_db_get_record(sqlite3 *handle, char *sql_str, sqlite3_stmt **stmt)
+static int __mc_db_get_record(sqlite3 *handle, const char *sql_str, sqlite3_stmt **stmt)
 {
 	int ret = SQLITE_OK;
 	sqlite3_stmt *statement = NULL;
@@ -37,7 +37,6 @@ static int __mc_db_get_record(sqlite3 *handle, char *sql_str, sqlite3_stmt **stm
 	mc_retvm_if(!MC_STRING_VALID(sql_str), MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "SQL string is null");
 
 	ret = sqlite3_prepare_v2(handle, sql_str, strlen(sql_str), &statement, NULL);
-	SQLITE3_SAFE_FREE(sql_str);
 	mc_retvm_if(ret != SQLITE_OK, MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "prepare error [%s]", sqlite3_errmsg(handle));
 
 	if (sqlite3_step(statement) != SQLITE_ROW) {
@@ -65,6 +64,7 @@ static int __mc_db_get_int_value(sqlite3 *handle, const char *server_name, const
 	sql_str = sqlite3_mprintf("SELECT %q FROM %q WHERE name=%Q", column, MC_DB_TABLE_SERVER_INFO, server_name);
 
 	ret = __mc_db_get_record(handle, sql_str, &stmt);
+	SQLITE3_SAFE_FREE(sql_str);
 	mc_retvm_if(ret != MEDIA_CONTROLLER_ERROR_NONE, MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "__mc_db_get_record failed [%d]", ret);
 
 	*value = sqlite3_column_int(stmt, 0);
@@ -205,6 +205,7 @@ int _mc_db_get_latest_server_info(sqlite3 *handle, char **latest_server_name, mc
 
 	sql_str = sqlite3_mprintf("SELECT name, server_state FROM %q WHERE name IN (SELECT name FROM %q)", MC_DB_TABLE_SERVER_INFO, MC_DB_TABLE_LATEST_SERVER);
 	ret = __mc_db_get_record(handle, sql_str, &stmt);
+	SQLITE3_SAFE_FREE(sql_str);
 	if (ret == MEDIA_CONTROLLER_ERROR_NONE) {
 		*latest_server_name = g_strdup((const char *)sqlite3_column_text(stmt, 0));
   		*state = sqlite3_column_int(stmt, 1);
@@ -234,6 +235,7 @@ int _mc_db_get_playback_info(sqlite3 *handle, const char *server_name, mc_playba
 		MC_DB_TABLE_SERVER_INFO, server_name);
 
 	ret = __mc_db_get_record(handle, sql_str, &stmt);
+	SQLITE3_SAFE_FREE(sql_str);
 	mc_retvm_if(ret != MEDIA_CONTROLLER_ERROR_NONE, MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "__mc_db_get_record failed [%d]", ret);
 
 	_playback = (media_controller_playback_s *)calloc(1, sizeof(media_controller_playback_s));
@@ -299,6 +301,7 @@ int _mc_db_get_metadata_info(sqlite3 *handle, const char *server_name, mc_metada
 	sql_str = sqlite3_mprintf("SELECT %s FROM %q WHERE name=%Q", META_LIST, MC_DB_TABLE_LATEST_META, server_name);
 
 	ret = __mc_db_get_record(handle, sql_str, &stmt);
+	SQLITE3_SAFE_FREE(sql_str);
 	mc_retvm_if(ret == TIZEN_ERROR_NO_DATA, MEDIA_CONTROLLER_ERROR_NONE, "no metadata info");
 	mc_retvm_if(ret != MEDIA_CONTROLLER_ERROR_NONE, ret, "__mc_db_get_record failed [%d]", ret);
 
@@ -329,6 +332,7 @@ int _mc_db_get_icon_uri(sqlite3 *handle, const char *server_name, char **uri)
 	sql_str = sqlite3_mprintf("SELECT icon_uri FROM %q WHERE name=%Q", MC_DB_TABLE_SERVER_INFO, server_name);
 
 	ret = __mc_db_get_record(handle, sql_str, &stmt);
+	SQLITE3_SAFE_FREE(sql_str);
 	mc_retvm_if(ret != MEDIA_CONTROLLER_ERROR_NONE, MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "__mc_db_get_record failed [%d]", ret);
 
 	*uri = g_strdup((const char *)sqlite3_column_text(stmt, 0));
@@ -350,6 +354,7 @@ static int __mc_db_get_ability(sqlite3 *handle, const char *server_name, unsigne
 	sql_str = sqlite3_mprintf("SELECT ability_decided, ability_supported FROM %q WHERE name=%Q", MC_DB_TABLE_SERVER_INFO, server_name);
 
 	ret = __mc_db_get_record(handle, sql_str, &stmt);
+	SQLITE3_SAFE_FREE(sql_str);
 	mc_retvm_if(ret != MEDIA_CONTROLLER_ERROR_NONE, MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "__mc_db_get_record failed [%d]", ret);
 
 	*decided = (unsigned long long)sqlite3_column_int64(stmt, 0);
@@ -481,6 +486,7 @@ int _mc_db_get_playlist_count(sqlite3 *handle, const char *server_name)
 	sql_str = sqlite3_mprintf("SELECT COUNT(DISTINCT playlist_name) FROM %q WHERE server_name = %Q", MC_DB_TABLE_PLAYLIST, server_name);
 
 	ret = __mc_db_get_record(handle, sql_str, &stmt);
+	SQLITE3_SAFE_FREE(sql_str);
 	mc_retvm_if(ret != MEDIA_CONTROLLER_ERROR_NONE, 0, "__mc_db_get_record failed [%d]", ret);
 
 	count = sqlite3_column_int(stmt, 0);
@@ -543,6 +549,7 @@ gboolean _mc_db_is_playlist_exist(sqlite3 *handle, const char *server_name, cons
 	sql_str = sqlite3_mprintf("SELECT COUNT(*) FROM %q WHERE server_name=%Q AND playlist_name=%Q", MC_DB_TABLE_PLAYLIST, server_name, playlist_name);
 
 	ret = __mc_db_get_record(handle, sql_str, &stmt);
+	SQLITE3_SAFE_FREE(sql_str);
 	mc_retvm_if(ret != MEDIA_CONTROLLER_ERROR_NONE, FALSE, "__mc_db_get_record failed [%d]", ret);
 
 	ret = sqlite3_column_int(stmt, 0);
@@ -597,6 +604,7 @@ int _mc_db_get_playlist_item_count(sqlite3 *handle, const char *server_name, cha
 	sql_str = sqlite3_mprintf("SELECT COUNT(*) FROM %q WHERE server_name=%Q AND playlist_name=%Q AND item_index IS NOT NULL", MC_DB_TABLE_PLAYLIST, server_name, playlist_name);
 
 	ret = __mc_db_get_record(handle, sql_str, &stmt);
+	SQLITE3_SAFE_FREE(sql_str);
 	mc_retvm_if(ret != MEDIA_CONTROLLER_ERROR_NONE, 0, "__mc_db_get_record failed [%d]", ret);
 
 	count = sqlite3_column_int(stmt, 0);
@@ -663,6 +671,7 @@ gboolean _mc_db_is_exist_server(sqlite3 *handle, const char *server_name)
 	sql_str = sqlite3_mprintf("SELECT COUNT(*) FROM %q WHERE name='%q'", MC_DB_TABLE_SERVER_INFO, server_name);
 
 	ret = __mc_db_get_record(handle, sql_str, &stmt);
+	SQLITE3_SAFE_FREE(sql_str);
 	mc_retvm_if(ret != MEDIA_CONTROLLER_ERROR_NONE, FALSE, "__mc_db_get_record failed [%d]", ret);
 
 	ret = sqlite3_column_int(stmt, 0);
@@ -690,6 +699,7 @@ gboolean _mc_db_is_activated_client(sqlite3 *handle, const char *client_name)
 	sql_str = sqlite3_mprintf("SELECT COUNT(*) FROM %q WHERE name='%q' AND type=%d", MC_DB_TABLE_APP_LIST, client_name, MC_PRIV_TYPE_CLIENT);
 
 	ret = __mc_db_get_record(handle, sql_str, &stmt);
+	SQLITE3_SAFE_FREE(sql_str);
 	mc_retvm_if(ret != MEDIA_CONTROLLER_ERROR_NONE, FALSE, "__mc_db_get_record failed [%d]", ret);
 
 	ret = sqlite3_column_int(stmt, 0);
@@ -717,6 +727,7 @@ gboolean _mc_db_is_activated_server(sqlite3 *handle, const char *server_name)
 	sql_str = sqlite3_mprintf("SELECT COUNT(*) FROM %q WHERE name='%q' AND type=%d", MC_DB_TABLE_APP_LIST, server_name, MC_PRIV_TYPE_SERVER);
 
 	ret = __mc_db_get_record(handle, sql_str, &stmt);
+	SQLITE3_SAFE_FREE(sql_str);
 	mc_retvm_if(ret != MEDIA_CONTROLLER_ERROR_NONE, FALSE, "__mc_db_get_record failed [%d]", ret);
 
 	ret = sqlite3_column_int(stmt, 0);
@@ -744,6 +755,7 @@ gboolean _mc_db_is_latest_server(sqlite3 *handle, const char *server_name)
 	sql_str = sqlite3_mprintf("SELECT COUNT(*) FROM %q WHERE name=%Q", MC_DB_TABLE_LATEST_SERVER, server_name);
 
 	ret = __mc_db_get_record(handle, sql_str, &stmt);
+	SQLITE3_SAFE_FREE(sql_str);
 	mc_retvm_if(ret != MEDIA_CONTROLLER_ERROR_NONE, FALSE, "__mc_db_get_record failed [%d]", ret);
 
 	ret = sqlite3_column_int(stmt, 0);