From: Vitaliy Cherepanov <v.cherepanov@samsung.com>
Date: Wed, 15 Jun 2016 16:44:24 +0000 (+0300)
Subject: [FIX] Svace issues
X-Git-Tag: accepted/tizen/common/20160621.184415~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F29%2F74829%2F1;p=platform%2Fcore%2Fsystem%2Fswap-manager.git

[FIX] Svace issues

|-------------------------------------------------------|
| WGID  | Type                      | File              |
|-------------------------------------------------------|
| 84792 | TAINTED_INT.MIGHT         | ui_viewer_lib.c   |
| 84797 | TAINTED_INT.MIGHT         | ui_viewer_lib.c   |
|-------------------------------------------------------|

Change-Id: I04f1266b6dbd37d1b7a934df2b9354c44958503e
Signed-off-by: Vitaliy Cherepanov <v.cherepanov@samsung.com>
---

diff --git a/ui_viewer/ui_viewer_lib.c b/ui_viewer/ui_viewer_lib.c
index 0d13133..a5c9a25 100644
--- a/ui_viewer/ui_viewer_lib.c
+++ b/ui_viewer/ui_viewer_lib.c
@@ -150,6 +150,12 @@ static int createSocket(void)
 				if (recvlen > 0) {
 					char *data_buf = NULL;
 
+					if (log.length < 0 ||
+					    (unsigned int)log.length > sizeof(log.data)) {
+						PRINTERR("Too long message");
+						continue;
+					}
+
 					data_buf = malloc(log.length);
 
 					if (data_buf == NULL) {
@@ -276,7 +282,8 @@ static void *recvThread(void __unused *data)
 			if(recvlen > 0)	// recv succeed
 			{
 
-				if(log.length > 0) {
+				if (log.length > 0 &&
+				    (unsigned int)log.length <= sizeof(log.data)) {
 					data_buf = malloc(log.length);
 					if (data_buf == NULL) {
 						PRINTERR("cannot allocate buf to recv msg");