From: Wootak Jung <wootak.jung@samsung.com>
Date: Thu, 23 Mar 2023 02:21:35 +0000 (+0900)
Subject: Fix svace issue
X-Git-Tag: accepted/tizen/7.0/unified/20230502.051235^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F55%2F292055%2F1;p=platform%2Fcore%2Fapi%2Fbluetooth.git

Fix svace issue

Change-Id: I16316b95bf29536d36a0d2f81bb7996948ca560b
Signed-off-by: Wootak Jung <wootak.jung@samsung.com>
---

diff --git a/src/bluetooth-adapter.c b/src/bluetooth-adapter.c
index 9b5896d..abf8cce 100644
--- a/src/bluetooth-adapter.c
+++ b/src/bluetooth-adapter.c
@@ -1831,13 +1831,21 @@ static int __bt_remove_ad_data_by_type(char **in_data, unsigned int *in_len, cha
 				return BT_ERROR_NONE;
 			}
 
-			*in_data = realloc(*in_data, sizeof(char) * (data_len - ad_len));
+			char *new_p;
+			new_p = realloc(*in_data, sizeof(char) * (data_len - ad_len));
+			if (new_p == NULL) {
+				g_free(data);
+				return BT_ERROR_OUT_OF_MEMORY;
+			}
+
 			if (i + ad_len + 1 == data_len) /* ad data is added in last position */
-				memcpy(*in_data, data, data_len - ad_len - 1);
+				memcpy(new_p, data, data_len - ad_len - 1);
 			else /* ad data is added in first/middle position */
-				memcpy(*in_data + i, data + i + ad_len + 1, data_len - i - ad_len - 1);
+				memcpy(new_p + i, data + i + ad_len + 1, data_len - i - ad_len - 1);
 			*in_len = *in_len - ad_len - 1;
+			*in_data = new_p;
 			BT_DBG("Removed ad_type(0x%02x) data", ad_type);
+
 			g_free(data);
 			return BT_ERROR_NONE;
 		} else {
@@ -2518,6 +2526,9 @@ int bt_adapter_le_add_advertising_custom_name(bt_advertiser_h advertiser,
 	if (*len + 2 + name_len > ADV_DATA_LEN_MAX) {
 		char *new_p;
 		new_p = realloc(*p, sizeof(char) * ADV_DATA_LEN_MAX);
+		if (new_p == NULL)
+			return BT_ERROR_OUT_OF_MEMORY;
+
 		new_p[*len] = ADV_DATA_LEN_MAX - *len - 1;
 		new_p[*len + 1] = BT_ADAPTER_LE_ADVERTISING_DATA_LOCAL_NAME;
 		memcpy(new_p + *len + 2, name, ADV_DATA_LEN_MAX - *len - 2);
@@ -2527,6 +2538,9 @@ int bt_adapter_le_add_advertising_custom_name(bt_advertiser_h advertiser,
 	} else {
 		char *new_p;
 		new_p = realloc(*p, sizeof(char) * (*len + name_len + 2));
+		if (new_p == NULL)
+			return BT_ERROR_OUT_OF_MEMORY;
+
 		new_p[*len] = name_len + 1;
 		new_p[*len + 1] = BT_ADAPTER_LE_ADVERTISING_DATA_LOCAL_NAME;
 		memcpy(new_p + *len + 2, name, name_len);