From: YoungJun Cho <yj44.cho@samsung.com>
Date: Mon, 5 Jun 2017 06:42:00 +0000 (+0900)
Subject: tbm_drm_helper: fix Svace TAINTED_INT defect
X-Git-Tag: accepted/tizen/unified/20170608.072258~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F32%2F132432%2F1;p=platform%2Fcore%2Fuifw%2Flibtbm.git

tbm_drm_helper: fix Svace TAINTED_INT defect

This patch fixes Svace TAINTED_INT defect.

Change-Id: I88e06bbdb020ee2cae621decb1560d6cb1e4d95a
Signed-off-by: YoungJun Cho <yj44.cho@samsung.com>
---

diff --git a/src/tbm_bufmgr.c b/src/tbm_bufmgr.c
index 7d6f36a..bef7660 100644
--- a/src/tbm_bufmgr.c
+++ b/src/tbm_bufmgr.c
@@ -36,6 +36,8 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #include "tbm_bufmgr_backend.h"
 #include "list.h"
 
+#include <sys/resource.h>
+
 #ifdef DEBUG
 int bDebug;
 #endif
@@ -1710,3 +1712,14 @@ tbm_bufmgr_bind_native_display(tbm_bufmgr bufmgr, void *NativeDisplay)
 	return 1;
 }
 /* LCOV_EXCL_STOP */
+
+int tbm_bufmgr_get_fd_limit(void)
+{
+	struct rlimit lim;
+
+	if (getrlimit(RLIMIT_NOFILE, &lim))
+		return 1024;
+
+	return (int)lim.rlim_cur;
+}
+
diff --git a/src/tbm_bufmgr_int.h b/src/tbm_bufmgr_int.h
index b6fcf7d..57b73bc 100644
--- a/src/tbm_bufmgr_int.h
+++ b/src/tbm_bufmgr_int.h
@@ -336,4 +336,5 @@ tbm_user_data *user_data_create(unsigned long key,
 				tbm_data_free data_free_func);
 void user_data_delete(tbm_user_data *user_data);
 
+int tbm_bufmgr_get_fd_limit(void);
 #endif							/* _TBM_BUFMGR_INT_H_ */
diff --git a/src/tbm_drm_helper_client.c b/src/tbm_drm_helper_client.c
index 10828be..7980e1e 100644
--- a/src/tbm_drm_helper_client.c
+++ b/src/tbm_drm_helper_client.c
@@ -247,8 +247,9 @@ tbm_drm_helper_get_fd(void)
 		TBM_LOG_E("%ld less than INT_MIN\n", sl);
 		return -1;
 	} else {
+		int fd_max = tbm_bufmgr_get_fd_limit();
 		fd = (int)sl;
-		if (fd < 0) {
+		if (fd < 0 || fd > fd_max) {
 			TBM_LOG_E("%d out of fd range\n", fd);
 			return -1;
 		}
diff --git a/src/tbm_drm_helper_server.c b/src/tbm_drm_helper_server.c
index baa18d1..c96d6a7 100644
--- a/src/tbm_drm_helper_server.c
+++ b/src/tbm_drm_helper_server.c
@@ -325,8 +325,9 @@ tbm_drm_helper_get_master_fd(void)
 		TBM_LOG_E("%ld less than INT_MIN\n", sl);
 		return -1;
 	} else {
+		int fd_max = tbm_bufmgr_get_fd_limit();
 		fd = (int)sl;
-		if (fd < 0) {
+		if (fd < 0 || fd > fd_max) {
 			TBM_LOG_E("%d out of fd range\n", fd);
 			return -1;
 		}