From: Sangchul Lee <sc11.lee@samsung.com>
Date: Thu, 22 Apr 2021 10:48:07 +0000 (+0900)
Subject: webrtc_test: Fix untrusted conversion from string to number
X-Git-Tag: submit/tizen/20210729.023123~87
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F10%2F257310%2F3;p=platform%2Fcore%2Fapi%2Fwebrtc.git

webrtc_test: Fix untrusted conversion from string to number

Use g_ascii_strtoll() instead of atoi().

[Version] 0.1.154
[Issue Type] Improvement

Change-Id: I0e450dd2a7fc6a75bc3a70c997652745bafcdf9f
Signed-off-by: Sangchul Lee <sc11.lee@samsung.com>
---

diff --git a/packaging/capi-media-webrtc.spec b/packaging/capi-media-webrtc.spec
index 9c8f33be..0ce85501 100644
--- a/packaging/capi-media-webrtc.spec
+++ b/packaging/capi-media-webrtc.spec
@@ -1,6 +1,6 @@
 Name:       capi-media-webrtc
 Summary:    A WebRTC library in Tizen Native API
-Version:    0.1.153
+Version:    0.1.154
 Release:    0
 Group:      Multimedia/API
 License:    Apache-2.0
diff --git a/test/webrtc_test.c b/test/webrtc_test.c
index c932daac..aa1c25f1 100644
--- a/test/webrtc_test.c
+++ b/test/webrtc_test.c
@@ -160,9 +160,9 @@ typedef struct _connection_s {
 	int cnt;
 
 	/* receive data & dump file */
-	int sum_size;
+	gint64 sum_size;
 	gchar *expected_name;
-	int expected_size;
+	gint64 expected_size;
 	char* receive_buffer;
 
 	webrtc_display_type_e display_type;
@@ -909,6 +909,26 @@ end:
 		close(fd);
 }
 
+static int __convert_string_to_gint64(gchar *str, gint64 *result)
+{
+	gint64 res;
+
+	if (!str || !result) {
+		g_printerr("invalid arguments, str[%p], result[%p]\n", str, result);
+		return -1;
+	}
+
+	res = g_ascii_strtoll((const gchar *)str, NULL, 10);
+	if (res == 0) {
+		g_printerr("failed to g_ascii_strtoll() for [%s]\n", str);
+		return -1;
+	}
+
+	*result = res;
+
+	return 0;
+}
+
 static void __data_channel_message_cb(webrtc_data_channel_h channel, webrtc_data_channel_type_e type, void *message, void *user_data)
 {
 	connection_s *conn = (connection_s*)user_data;
@@ -936,11 +956,12 @@ static void __data_channel_message_cb(webrtc_data_channel_h channel, webrtc_data
 
 		} else if (g_str_has_prefix((const gchar *)message, "expected size:")) {
 			str_arr = g_strsplit((const gchar *)message, ":", 2);
-			conn->expected_size = atoi(str_arr[1]);
 
-			if (conn->receive_buffer)
-				free(conn->receive_buffer);
-			conn->receive_buffer = (char *)calloc(conn->expected_size, sizeof(char));
+			if (__convert_string_to_gint64(str_arr[1], &conn->expected_size) == 0) {
+				if (conn->receive_buffer)
+					free(conn->receive_buffer);
+				conn->receive_buffer = (char *)calloc(conn->expected_size, sizeof(char));
+			}
 		}
 
 		if (str_arr)
@@ -956,7 +977,7 @@ static void __data_channel_message_cb(webrtc_data_channel_h channel, webrtc_data
 		g_print("bytes message[%p, size:%u]\n", data_p, size);
 
 		if (conn->expected_size > 0 && conn->expected_name) {
-			g_print("downloading [%s], size[%d / %d]\n", conn->expected_name, conn->sum_size, conn->expected_size);
+			g_print("downloading [%s], size[%llu / %llu]\n", conn->expected_name, conn->sum_size, conn->expected_size);
 
 			memcpy(&conn->receive_buffer[conn->sum_size], ((uint8_t*)data_p), size);