From: Jiwan Kim Date: Wed, 17 May 2017 02:20:48 +0000 (+0900) Subject: Fix svace issues X-Git-Tag: submit/tizen/20170517.080534^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F57%2F129557%2F6;p=platform%2Fcore%2Fapi%2Fzigbee.git Fix svace issues - new issues are detected related with glib Change-Id: I44d94654b30c9aa16124900c832a6e8414733812 Signed-off-by: Jiwan Kim --- diff --git a/lib/zbl_dbus.c b/lib/zbl_dbus.c index 01ef40a..de91ae9 100644 --- a/lib/zbl_dbus.c +++ b/lib/zbl_dbus.c @@ -592,20 +592,21 @@ static void _zbl_signal_handler(GDBusConnection *connection, GVariantIter *iter2 = NULL; g_variant_get(parameters, "(a(y)ya(y)q)", &iter1, &count, &iter2, &addr16); + RETM_IF(NULL == iter1, "Invalid parameter !"); + RETM_IF(NULL == iter2, "Invalid parameter !"); + while (g_variant_iter_loop(iter1, "(y)", &value)) { addr64[j] = value; j++; } - if (NULL != iter1) - g_variant_iter_free(iter1); + g_variant_iter_free(iter1); j = 0; while (g_variant_iter_loop(iter2, "(y)", &value)) { ep[j] = value; j++; } - if (NULL != iter2) - g_variant_iter_free(iter2); + g_variant_iter_free(iter2); zb_event_data_s ev; ev.data.join = calloc(1, sizeof(zb_event_join_s)); @@ -623,12 +624,13 @@ static void _zbl_signal_handler(GDBusConnection *connection, GVariantIter *iter = NULL; g_variant_get(parameters, "(a(y))", &iter); + RETM_IF(NULL == iter, "Invalid parameter !"); + while (g_variant_iter_loop(iter, "(y)", &value)) { addr64[j] = value; j++; } - if (NULL != iter) - g_variant_iter_free(iter); + g_variant_iter_free(iter); zb_event_data_s ev; memset(&ev, 0, sizeof(zb_event_data_s)); @@ -640,12 +642,13 @@ static void _zbl_signal_handler(GDBusConnection *connection, unsigned char value, status; g_variant_get(parameters, "(a(y)y)", &iter, &status); + RETM_IF(NULL == iter, "Invalid parameter !"); + while (g_variant_iter_loop(iter, "(y)", &value)) { addr64[j] = value; j++; } - if (NULL != iter) - g_variant_iter_free(iter); + g_variant_iter_free(iter); zb_event_data_s ev; ev.data.child_left = calloc(1, sizeof(zb_event_child_left_s)); @@ -718,6 +721,10 @@ static void _zbl_signal_handler(GDBusConnection *connection, g_variant_get(parameters, "(qyqaqa(y)a(y)i)", &addr16, &ep, &cluster_id, &attr_iter, &dataType_iter, &data_iter, &records_len); + RETM_IF(NULL == attr_iter, "Invalid parameter !"); + RETM_IF(NULL == dataType_iter, "Invalid parameter !"); + RETM_IF(NULL == data_iter, "Invalid parameter !"); + records = calloc(records_len, sizeof(struct attribute_report_s*)); RETM_IF(NULL == records, "calloc() Fail(%d)", errno); for (j = 0; j < records_len; j++) { @@ -726,12 +733,10 @@ static void _zbl_signal_handler(GDBusConnection *connection, for (i = 0; i < j; i++) free(records[i]); free(records); - if (NULL != attr_iter) - g_variant_iter_free(attr_iter); - if (NULL != dataType_iter) - g_variant_iter_free(dataType_iter); - if (NULL != data_iter) - g_variant_iter_free(data_iter); + + g_variant_iter_free(attr_iter); + g_variant_iter_free(dataType_iter); + g_variant_iter_free(data_iter); ERR("calloc() Fail(%d)", errno); return; @@ -748,10 +753,8 @@ static void _zbl_signal_handler(GDBusConnection *connection, DBG("AttributeId 0x%04x", records[j]->id); j++; } - if (NULL != attr_iter) - g_variant_iter_free(attr_iter); - if (NULL != dataType_iter) - g_variant_iter_free(dataType_iter); + g_variant_iter_free(attr_iter); + g_variant_iter_free(dataType_iter); j = 0; while (j < records_len) { @@ -777,8 +780,7 @@ static void _zbl_signal_handler(GDBusConnection *connection, g_variant_iter_loop(data_iter, "(y)", &value); records[j]->value[i] = value; } - if (NULL != data_iter) - g_variant_iter_free(data_iter); + g_variant_iter_free(data_iter); break; case ZB_ZCL_LONG_OCTAT_STRING: case ZB_ZCL_LONG_CHRACTER_STRING: @@ -803,12 +805,12 @@ static void _zbl_signal_handler(GDBusConnection *connection, dsizeIndex++; records[j]->value[dsizeIndex] = dSize[dsizeIndex]; dsizeIndex++; + for (i = dsizeIndex; i < data_size - 2; i++) { g_variant_iter_loop(data_iter, "(y)", &value); records[j]->value[i] = value; } - if (NULL != data_iter) - g_variant_iter_free(data_iter); + g_variant_iter_free(data_iter); break; /* Array, set and bag */ case ZB_ZCL_ARRAY: @@ -837,8 +839,7 @@ static void _zbl_signal_handler(GDBusConnection *connection, DBG("value[%d] 0x%02X", i, records[j]->value[i]); } } - if (NULL != data_iter) - g_variant_iter_free(data_iter); + g_variant_iter_free(data_iter); } DBG("DataType = 0x%02X Data Size = %d", records[j]->type, data_size); j++; @@ -1083,10 +1084,12 @@ static void _zbl_dbus_name_owner_notify(GObject *object, GParamSpec *pspec, gchar *name_owner = g_dbus_proxy_get_name_owner(proxy); zigbee_h handle = (zigbee_h)user_data; - if (name_owner) - return; + DBG("Name owner notify [%s]", name_owner); - zbl_dbus_stop(handle); + if (NULL == name_owner) + zbl_dbus_stop(handle); + + g_free(name_owner); } static void _zbl_request_cleanup(gpointer data) @@ -1473,14 +1476,15 @@ static void _zbl_response_cb(GDBusConnection *connection, GVariantIter *mac_iter = NULL; g_variant_get(parameters, "(ya(y)qyy)", &status, &mac_iter, &addr16, &num, &start_idx); + RETM_IF(NULL == mac_iter, "Invalid parameter !"); + while (g_variant_iter_loop(mac_iter, "(y)", &value)) { addr64[j] = value; j++; } + g_variant_iter_free(mac_iter); cb(status, addr64, addr16, num, start_idx, NULL, container->userdata); - if (NULL != mac_iter) - g_variant_iter_free(mac_iter); } break; case ZBL_ZDO_NWK_ADDR_EXT_REQ: { @@ -1498,12 +1502,13 @@ static void _zbl_response_cb(GDBusConnection *connection, g_variant_get(parameters, "(ya(y)qyyaq)", &status, &mac_iter, &addr16, &num, &start_idx, &assoc_iter); + RETM_IF(NULL == mac_iter, "Invalid parameter !"); + while (g_variant_iter_loop(mac_iter, "(y)", &value)) { addr64[j] = value; j++; } - if (NULL != mac_iter) - g_variant_iter_free(mac_iter); + g_variant_iter_free(mac_iter); if (NULL != assoc_iter) g_variant_iter_free(assoc_iter); @@ -1522,6 +1527,8 @@ static void _zbl_response_cb(GDBusConnection *connection, unsigned char *ep_list; g_variant_get(parameters, "(yqa(y)y)", &status, &addr16, &ep_iter, &count); + RETM_IF(NULL == ep_iter, "Invalid parameter !"); + ep_list = calloc(count+1, sizeof(unsigned char)); RETM_IF(NULL == ep_list, "calloc() Fail(%d)", errno); @@ -1529,8 +1536,7 @@ static void _zbl_response_cb(GDBusConnection *connection, ep_list[j] = value; j++; } - if (NULL != ep_iter) - g_variant_iter_free(ep_iter); + g_variant_iter_free(ep_iter); cb(status, addr16, count, ep_list, container->userdata); free(ep_list); @@ -1557,24 +1563,25 @@ static void _zbl_response_cb(GDBusConnection *connection, &records->ep, &records->profile_id, &records->device_id, &records->num_of_in_clusters, &records->num_of_out_clusters, &in_iter, &out_iter); + if (NULL == in_iter || NULL == out_iter) { + ERR("Invalid parameter !"); + free(records); + return; + } #if 0 records->in_clusters = calloc(records->num_of_in_clusters, sizeof(unsigned short)); if (NULL == records->in_clusters) { ERR("calloc() Fail(%d)", errno); - if (NULL != in_iter) - g_variant_iter_free(in_iter); - if (NULL != out_iter) - g_variant_iter_free(out_iter); + g_variant_iter_free(in_iter); + g_variant_iter_free(out_iter); return; } records->out_clusters = calloc(records->num_of_out_clusters, sizeof(unsigned short)); if (NULL == records->out_clusters) { ERR("calloc() Fail(%d)", errno); free(records->in_clusters); - if (NULL != in_iter) - g_variant_iter_free(in_iter); - if (NULL != out_iter) - g_variant_iter_free(out_iter); + g_variant_iter_free(in_iter); + g_variant_iter_free(out_iter); return; } #endif @@ -1582,16 +1589,14 @@ static void _zbl_response_cb(GDBusConnection *connection, records->in_clusters[j] = value; j++; } - if (NULL != in_iter) - g_variant_iter_free(in_iter); + g_variant_iter_free(in_iter); j = 0; while (g_variant_iter_loop(out_iter, "q", &value)) { records->out_clusters[j] = value; j++; } - if (NULL != out_iter) - g_variant_iter_free(out_iter); + g_variant_iter_free(out_iter); DBG("addr16=0x%x, count=%d, records->ep=%d, records->device_id=0x%x", addr16, count, records->ep, records->device_id); @@ -1621,6 +1626,8 @@ static void _zbl_response_cb(GDBusConnection *connection, g_variant_get(parameters, "(yqya(y))", &status, &addr16, &value, &ml_iter); match_len = value; + RETM_IF(NULL == ml_iter, "Invalid parameter !"); + if (match_len > 0) { match_list = calloc(match_len+1, sizeof(unsigned char)); RETM_IF(NULL == match_list, "calloc() Fail(%d)", errno); @@ -1629,8 +1636,6 @@ static void _zbl_response_cb(GDBusConnection *connection, DBG("match_list[i]=%d", j, match_list[j]); j++; } - if (NULL != ml_iter) - g_variant_iter_free(ml_iter); } DBG("Match count : [%d]", match_len); @@ -1695,11 +1700,12 @@ static void _zbl_response_cb(GDBusConnection *connection, unsigned char *complex_desc = NULL; g_variant_get(parameters, "(yqya(y))", &status, &addr16, &length, &comp_iter); + RETM_IF(NULL == comp_iter, "Invalid parameter !"); + if (length > 0) { complex_desc = calloc(length, sizeof(char)); if (NULL == complex_desc) { - if (NULL != comp_iter) - g_variant_iter_free(comp_iter); + g_variant_iter_free(comp_iter); ERR("calloc() Fail(%d)", errno); return; } @@ -1708,8 +1714,7 @@ static void _zbl_response_cb(GDBusConnection *connection, complex_desc[j] = value; j++; } - if (NULL != comp_iter) - g_variant_iter_free(comp_iter); + g_variant_iter_free(comp_iter); } cb(status, addr16, length, complex_desc, container->userdata); @@ -1728,20 +1733,21 @@ static void _zbl_response_cb(GDBusConnection *connection, unsigned char *complex_desc = NULL; g_variant_get(parameters, "(yqya(y))", &status, &addr16, &length, &comp_iter); + RETM_IF(NULL == comp_iter, "Invalid parameter !"); + if (length > 0) { complex_desc = calloc(length, sizeof(char)); if (NULL == complex_desc) { - if (NULL != comp_iter) - g_variant_iter_free(comp_iter); + g_variant_iter_free(comp_iter); ERR("calloc() Fail(%d)", errno); return; } + while (g_variant_iter_loop(comp_iter, "(y)", &value)) { complex_desc[j] = value; j++; } - if (NULL != comp_iter) - g_variant_iter_free(comp_iter); + g_variant_iter_free(comp_iter); } cb(status, addr16, length, complex_desc, container->userdata); @@ -1777,6 +1783,7 @@ static void _zbl_response_cb(GDBusConnection *connection, g_variant_get(parameters, "(yyyya(ayyqyqayy))", &status, &binding_table_enteries, &start_index, &binding_table_list_count, &rsp_iter); + RETM_IF(NULL == rsp_iter, "Invalid parameter !"); if (binding_table_list_count > 0) { records = calloc(binding_table_list_count, sizeof(zb_zdo_binding_table_h)); @@ -1784,34 +1791,40 @@ static void _zbl_response_cb(GDBusConnection *connection, for (i = 0; i < binding_table_list_count; i++) { records[i] = calloc(binding_table_list_count, sizeof(struct zb_zdo_binding_table_s)); if (NULL == records[i]) { - if (NULL != mac_iter) - g_variant_iter_free(mac_iter); - if (NULL != rsp_iter) - g_variant_iter_free(rsp_iter); - if (NULL != destep_iter) - g_variant_iter_free(destep_iter); + g_variant_iter_free(rsp_iter); ERR("calloc() Fail(%d)", errno); goto MGMT_NWK_BIND_REQ_OUT; } } } + for (i = 0; i < binding_table_list_count; i++) { g_variant_iter_loop(rsp_iter, "(ayyqyqayy)", &mac_iter, &records[i]->src_ep, &records[i]->cluster_id, &records[i]->dst_addr_mode, &dst_addr16, &destep_iter, &dst_ep); + if (NULL == mac_iter) { + ERR("Invalid parameter !"); + goto MGMT_NWK_BIND_REQ_OUT; + } + if (NULL == destep_iter) { + ERR("Invalid parameter !"); + goto MGMT_NWK_BIND_REQ_OUT; + } + for (j = 0; j < 8; j++) { g_variant_iter_loop(mac_iter, "y", &value); records[i]->src_addr64[j] = value; } - if (NULL != mac_iter) - g_variant_iter_free(mac_iter); + g_variant_iter_free(mac_iter); if (0x03 == records[i]->dst_addr_mode) { for (j = 0; j < 8; j++) { g_variant_iter_loop(destep_iter, "y", &value); records[i]->dst_addr64[j] = value; } + g_variant_iter_free(destep_iter); + records[i]->dst_ep = dst_ep; DBG("Destination MAC Addr : %02X:%02X:%02X:%02X:%02X:%02X:%02X:%02X", records[i]->dst_addr64[7], records[i]->dst_addr64[6], @@ -1822,11 +1835,8 @@ static void _zbl_response_cb(GDBusConnection *connection, } else if (0x01 == records[i]->dst_addr_mode) { records[i]->dst_addr16 = dst_addr16; } - if (NULL != destep_iter) - g_variant_iter_free(destep_iter); } - if (NULL != rsp_iter) - g_variant_iter_free(rsp_iter); + g_variant_iter_free(rsp_iter); cb(status, binding_table_enteries, start_index, binding_table_list_count, (void **)records, container->userdata); @@ -1857,6 +1867,7 @@ MGMT_NWK_BIND_REQ_OUT: g_variant_get(parameters, "(yyyya(ayayyqyyyyy))", &status, &neighbor_table_enteries, &start_index, &neighbor_table_list_count, &resp_iter); + RETM_IF(NULL == resp_iter, "Invalid parameter !"); if (neighbor_table_list_count > 0) { records = calloc(neighbor_table_list_count, sizeof(zb_zdo_neighbor_table_desc_h)); @@ -1876,16 +1887,17 @@ MGMT_NWK_BIND_REQ_OUT: &records[i]->rx_on_when_idle, &records[i]->relationship, &records[i]->permit_joining, &records[i]->depth, &records[i]->lqi); + RETM_IF(NULL == mac_iter, "Invalid parameter !"); + RETM_IF(NULL == mac_iter1, "Invalid parameter !"); + for (j = 0; j < 8; j++) { g_variant_iter_loop(mac_iter, "y", &value); records[i]->extended_pan_id[j] = value; g_variant_iter_loop(mac_iter1, "y", &value); records[i]->addr64[j] = value; } - if (NULL != mac_iter) - g_variant_iter_free(mac_iter); - if (NULL != mac_iter1) - g_variant_iter_free(mac_iter1); + g_variant_iter_free(mac_iter); + g_variant_iter_free(mac_iter1); DBG("ext PAN ID = %02X:%02X:%02X:%02X:%02X:%02X:%02X:%02X", records[i]->extended_pan_id[0], records[i]->extended_pan_id[1], @@ -1897,8 +1909,7 @@ MGMT_NWK_BIND_REQ_OUT: records[i]->addr64[0], records[i]->addr64[1], records[i]->addr64[2], records[i]->addr64[3], records[i]->addr64[4], records[i]->addr64[5], records[i]->addr64[6], records[i]->addr64[7]); } - if (NULL != resp_iter) - g_variant_iter_free(resp_iter); + g_variant_iter_free(resp_iter); cb(status, neighbor_table_enteries, start_index, neighbor_table_list_count, (void **)records, container->userdata); @@ -1925,6 +1936,7 @@ MGMT_LQI_REQ_OUT: g_variant_get(parameters, "(yyyya(qyyyyq))", &status, &routing_table_enteries, &start_index, &routing_table_list_count, &rsp_iter); + RETM_IF(NULL == rsp_iter, "Invalid parameter !"); if (routing_table_list_count > 0) { records = calloc(routing_table_list_count, sizeof(zb_zdo_routing_table_h)); @@ -1944,8 +1956,7 @@ MGMT_LQI_REQ_OUT: &records[i]->route_record_required, &records[i]->many_to_one, &records[i]->next_hop_addr); } - if (NULL != rsp_iter) - g_variant_iter_free(rsp_iter); + g_variant_iter_free(rsp_iter); cb(status, routing_table_enteries, start_index, routing_table_list_count, (void **)records, container->userdata); @@ -1975,6 +1986,7 @@ MGMT_NWK_RTG_REQ_OUT: g_variant_get(parameters, "(yyyya(ayyyyyyy))", &status, &nwk_count, &start_index, &nwk_list_count, &resp_iter); + RETM_IF(NULL == resp_iter, "Invalid parameter !"); struct zb_zdo_network_list_record_s **records = NULL; @@ -1994,15 +2006,18 @@ MGMT_NWK_RTG_REQ_OUT: g_variant_iter_loop(resp_iter, "(ayyyyyyy)", &mac_iter, &records[i]->logical_channel, &records[i]->stack_profile, &records[i]->zigbee_version, &records[i]->beacon_order, &records[i]->superframe_order, &records[i]->permit_joining); + if (NULL == mac_iter) { + ERR("Invalid parameter !"); + goto MGMT_NWK_DISC_REQ_OUT; + } + for (j = 0; j < 8; j++) { g_variant_iter_loop(mac_iter, "y", &value); records[i]->extended_pan_id[j] = value; } - if (NULL != mac_iter) - g_variant_iter_free(mac_iter); + g_variant_iter_free(mac_iter); } - if (NULL != resp_iter) - g_variant_iter_free(resp_iter); + g_variant_iter_free(resp_iter); } cb(status, nwk_count, start_index, nwk_list_count, (void **)records, container->userdata); @@ -2062,14 +2077,15 @@ MGMT_NWK_DISC_REQ_OUT: g_variant_get(parameters, "(qyyqqqa(y))", &addr16, &src_ep, &dst_ep, &cluster_id, &profile_id, &payload_len, &payload_iter); + RETM_IF(NULL == payload_iter, "Invalid parameter !"); if (payload_len > 0) { payload = calloc(payload_len+1, sizeof(unsigned char)); + while (g_variant_iter_loop(payload_iter, "(y)", &value)) payload[i++] = value; - if (NULL != payload_iter) - g_variant_iter_free(payload_iter); + g_variant_iter_free(payload_iter); } cb(addr16, src_ep, dst_ep, cluster_id, profile_id, payload_len, payload, @@ -2095,14 +2111,15 @@ MGMT_NWK_DISC_REQ_OUT: g_variant_get(parameters, "(qyyqqqa(y))", &addr16, &src_ep, &dst_ep, &cluster_id, &profile_id, &payload_len, &payload_iter); + RETM_IF(NULL == payload_iter, "Invalid parameter !"); if (payload_len > 0) { payload = calloc(payload_len + 1, sizeof(unsigned char)); + while (g_variant_iter_loop(payload_iter, "(y)", &value)) payload[i++] = value; - if (NULL != payload_iter) - g_variant_iter_free(payload_iter); + g_variant_iter_free(payload_iter); } cb(addr16, src_ep, dst_ep, cluster_id, profile_id, payload_len, payload, @@ -2121,14 +2138,15 @@ MGMT_NWK_DISC_REQ_OUT: int i = 0; g_variant_get(parameters, "(qa(y))", &length, &payload_iter); + RETM_IF(NULL == payload_iter, "Invalid parameter !"); if (length > 0) { data = calloc(length, sizeof(unsigned char)); + while (g_variant_iter_loop(payload_iter, "(y)", &value)) data[i++] = value; - if (NULL != payload_iter) - g_variant_iter_free(payload_iter); + g_variant_iter_free(payload_iter); } cb(length, data, container->userdata); @@ -2157,24 +2175,17 @@ MGMT_NWK_DISC_REQ_OUT: struct read_attribute_status_record_s *records = NULL; zb_global_record_data_s *data; - data = calloc(1, sizeof(zb_global_record_data_s)); - records = calloc(1, sizeof(struct read_attribute_status_record_s)); - - if (!records || !data) { - ERR("calloc() Fail(%d)", errno); - goto GLOBAL_READ_ATTRIBUTE_REQ_OUT; - } - g_variant_get(parameters, "(qya(y)qqyyqi)", &addr16, &ep, &iter, &attr_id, &cluster_id, &status, &type, &records_len, &isString); + RETM_IF(NULL == iter, "Invalid parameter !"); + if (!isString) { while (g_variant_iter_loop(iter, "(y)", &value)) { attr_value[j] = value; DBG("attr_value[%d] = 0x%02X", j, value); j++; } - if (NULL != iter) - g_variant_iter_free(iter); + g_variant_iter_free(iter); } else { while (g_variant_iter_loop(iter, "(y)", &value)) { if (j == 0) @@ -2183,8 +2194,15 @@ MGMT_NWK_DISC_REQ_OUT: DBG("attr_value[%d] = 0x%02X", j, value); j++; } - if (NULL != iter) - g_variant_iter_free(iter); + g_variant_iter_free(iter); + } + + data = calloc(1, sizeof(zb_global_record_data_s)); + records = calloc(1, sizeof(struct read_attribute_status_record_s)); + + if (!records || !data) { + ERR("calloc() Fail(%d)", errno); + goto GLOBAL_READ_ATTRIBUTE_REQ_OUT; } records->id = attr_id; @@ -2222,14 +2240,14 @@ GLOBAL_READ_ATTRIBUTE_REQ_OUT: g_variant_get(parameters, "(qya(y)aqqi)", &addr16, &ep, &stat_iter, &attr_iter, &cluster_id, &records_len); + RETM_IF(NULL == stat_iter, "Invalid parameter !"); + RETM_IF(NULL == attr_iter, "Invalid parameter !"); records = calloc(records_len, sizeof(struct write_attribute_status_record_s)); data = calloc(1, sizeof(zb_global_record_data_s)); if (!records || !data) { - if (NULL != stat_iter) - g_variant_iter_free(stat_iter); - if (NULL != attr_iter) - g_variant_iter_free(attr_iter); + g_variant_iter_free(stat_iter); + g_variant_iter_free(attr_iter); ERR("calloc() Fail(%d)", errno); goto GLOBAL_WRITE_ATTRIBUTE_REQ_OUT; } @@ -2238,8 +2256,7 @@ GLOBAL_READ_ATTRIBUTE_REQ_OUT: records[i].status = value; i++; } - if (NULL != stat_iter) - g_variant_iter_free(stat_iter); + g_variant_iter_free(stat_iter); i = 0; while (g_variant_iter_loop(attr_iter, "q", &attribute_id)) { @@ -2247,8 +2264,7 @@ GLOBAL_READ_ATTRIBUTE_REQ_OUT: DBG("Attribute Id 0x%04X", attribute_id); i++; } - if (NULL != attr_iter) - g_variant_iter_free(attr_iter); + g_variant_iter_free(attr_iter); data->type = ZB_GLOBAL_WRITE_ATTR; data->record.write_attr = (void **)&records; @@ -2277,16 +2293,16 @@ GLOBAL_WRITE_ATTRIBUTE_REQ_OUT: g_variant_get(parameters, "(a(y)aqa(y)qiqy)", &stat_iter, &attr_iter, &dir_iter, &cluster_id, &rec_len, &addr16, &ep); + RETM_IF(NULL == stat_iter, "Invalid parameter !"); + RETM_IF(NULL == attr_iter, "Invalid parameter !"); + RETM_IF(NULL == dir_iter, "Invalid parameter !"); records = calloc(rec_len, sizeof(struct reporting_configuration_response_record_s)); data = calloc(1, sizeof(zb_global_record_data_s)); if (!data || !records) { - if (NULL != stat_iter) - g_variant_iter_free(stat_iter); - if (NULL != attr_iter) - g_variant_iter_free(attr_iter); - if (NULL != dir_iter) - g_variant_iter_free(dir_iter); + g_variant_iter_free(stat_iter); + g_variant_iter_free(attr_iter); + g_variant_iter_free(dir_iter); ERR("calloc() Fail(%d)", errno); goto GLOBAL_CONFIGURE_REPORTING_REQ_OUT; } @@ -2296,24 +2312,21 @@ GLOBAL_WRITE_ATTRIBUTE_REQ_OUT: records[j].status = value; j++; } - if (NULL != stat_iter) - g_variant_iter_free(stat_iter); + g_variant_iter_free(stat_iter); while (g_variant_iter_loop(attr_iter, "q", &attIdVal)) { if (records[l].status != ZB_ZCL_SUCCESS) records[l].id = attIdVal; l++; } - if (NULL != attr_iter) - g_variant_iter_free(attr_iter); + g_variant_iter_free(attr_iter); while (g_variant_iter_loop(dir_iter, "(y)", &value)) { if (records[k].status != ZB_ZCL_SUCCESS) records[k].dir = value; k++; } - if (NULL != dir_iter) - g_variant_iter_free(dir_iter); + g_variant_iter_free(dir_iter); data->type = ZB_GLOBAL_CONFIG_REPORT; data->record.report_config_rsp = (void **)&records; @@ -2343,6 +2356,9 @@ GLOBAL_CONFIGURE_REPORTING_REQ_OUT: g_variant_get(parameters, "(qya(y)aqqii)", &addr16, &ep, &stat_iter, &attr_iter, &cluster_id, &records_len, &discovery_complete); + RETM_IF(NULL == stat_iter, "Invalid parameter !"); + RETM_IF(NULL == attr_iter, "Invalid parameter !"); + records = calloc(records_len, sizeof(discover_attr_info_record_h)); RETM_IF(NULL == records, "calloc() Fail(%d)", errno); for (j = 0; j < records_len; j++) { @@ -2352,10 +2368,8 @@ GLOBAL_CONFIGURE_REPORTING_REQ_OUT: for (l = 0; l < j; l++) free(records[l]); free(records); - if (NULL != stat_iter) - g_variant_iter_free(stat_iter); - if (NULL != attr_iter) - g_variant_iter_free(attr_iter); + g_variant_iter_free(stat_iter); + g_variant_iter_free(attr_iter); return; } } @@ -2366,16 +2380,14 @@ GLOBAL_CONFIGURE_REPORTING_REQ_OUT: DBG("Attribute Type 0x%02X", value); j++; } - if (NULL != stat_iter) - g_variant_iter_free(stat_iter); + g_variant_iter_free(stat_iter); while (g_variant_iter_loop(attr_iter, "q", &attribute_id)) { records[l]->id = attribute_id; DBG("Attribute Id 0x%04X", attribute_id); l++; } - if (NULL != attr_iter) - g_variant_iter_free(attr_iter); + g_variant_iter_free(attr_iter); cb(addr16, ep, cluster_id, discovery_complete, (void *)records, records_len, container->userdata); @@ -2406,14 +2418,14 @@ GLOBAL_CONFIGURE_REPORTING_REQ_OUT: unsigned char discoveryComplete; GVariantIter *cmd_iter = NULL; - g_variant_get(parameters, "(a(y)qqqyy)", &cmd_iter, &cluster_id, &cmd_len, + g_variant_get(parameters, "(a(y)qqqyy)", &cmd_iter, &cluster_id, &cmd_len, &addr16, &ep, &discoveryComplete); + RETM_IF(NULL == cmd_iter, "Invalid parameter !"); cmd_data = calloc(cmd_len+1, sizeof(char)); if (NULL == cmd_data) { ERR("calloc() Fail(%d)", errno); - if (NULL != cmd_iter) - g_variant_iter_free(cmd_iter); + g_variant_iter_free(cmd_iter); return; } @@ -2422,8 +2434,7 @@ GLOBAL_CONFIGURE_REPORTING_REQ_OUT: cmd_data[j] = value; j++; } - if (NULL != cmd_iter) - g_variant_iter_free(cmd_iter); + g_variant_iter_free(cmd_iter); cb(addr16, ep, cluster_id, discoveryComplete, cmd_data, cmd_len, container->userdata); free(cmd_data); @@ -2452,6 +2463,9 @@ GLOBAL_CONFIGURE_REPORTING_REQ_OUT: g_variant_get(parameters, "(aqa(y)a(y)qqqyy)", &attr_iter, &type_iter, &ac_iter, &cluster_id, &rec_len, &addr16, &ep, &discoveryComplete); + RETM_IF(NULL == attr_iter, "Invalid parameter !"); + RETM_IF(NULL == type_iter, "Invalid parameter !"); + RETM_IF(NULL == ac_iter, "Invalid parameter !"); DBG("records length 0x%04X", rec_len); @@ -2463,12 +2477,10 @@ GLOBAL_CONFIGURE_REPORTING_REQ_OUT: for (i = 0; i < j; i++) free(records[i]); free(records); - if (NULL != attr_iter) - g_variant_iter_free(attr_iter); - if (NULL != type_iter) - g_variant_iter_free(type_iter); - if (NULL != ac_iter) - g_variant_iter_free(ac_iter); + + g_variant_iter_free(attr_iter); + g_variant_iter_free(type_iter); + g_variant_iter_free(ac_iter); ERR("calloc() Fail(%d)", errno); return; @@ -2487,12 +2499,9 @@ GLOBAL_CONFIGURE_REPORTING_REQ_OUT: records[j]->acl = ac_value; j++; } - if (NULL != attr_iter) - g_variant_iter_free(attr_iter); - if (NULL != type_iter) - g_variant_iter_free(type_iter); - if (NULL != ac_iter) - g_variant_iter_free(ac_iter); + g_variant_iter_free(attr_iter); + g_variant_iter_free(type_iter); + g_variant_iter_free(ac_iter); cb(addr16, ep, cluster_id, discoveryComplete, (void *)records, rec_len, container->userdata); @@ -2522,6 +2531,7 @@ GLOBAL_CONFIGURE_REPORTING_REQ_OUT: g_variant_get(parameters, "(qyqqa(yyqyqqayq))", &addr16, &ep, &cluster_id, &record_length, &resp_iter); + RETM_IF(NULL == resp_iter, "Invalid parameter !"); records = calloc(record_length, sizeof(report_config_record_h)); for (i = 0; i < record_length; i++) { @@ -2549,6 +2559,11 @@ GLOBAL_CONFIGURE_REPORTING_REQ_OUT: g_variant_iter_loop(resp_iter, "(yyqyqqayq)", &status[i], &records[i]->dir, &records[i]->id, &records[i]->type, &records[i]->max_i, &records[i]->min_i, &data_iter, &records[i]->to); + if (NULL == data_iter) { + ERR("Invalid parameter !"); + goto GLOBAL_READ_CONFIGURE_REPORTING_REQ_OUT; + } + if (records[i]->dir != ZCL_REPORTING_DIRECTION_REPORTED && (zb_get_analog_or_discret(records[i]->type) == DATA_TYPE_ANALOG)) { data_size[i] = zb_get_data_size(records[j]->type); @@ -2558,24 +2573,22 @@ GLOBAL_CONFIGURE_REPORTING_REQ_OUT: if (!change) { ERR("calloc() Fail(%d)", errno); records[i]->change = NULL; - if (NULL != data_iter) - g_variant_iter_free(data_iter); - continue; + g_variant_iter_free(data_iter); + goto GLOBAL_READ_CONFIGURE_REPORTING_REQ_OUT; } + while (g_variant_iter_loop(data_iter, "y", &value)) { change[j] = value; j++; } - if (NULL != data_iter) - g_variant_iter_free(data_iter); + g_variant_iter_free(data_iter); records[i]->change = change; } else records[i]->change = NULL; } else records[i]->change = NULL; } - if (NULL != resp_iter) - g_variant_iter_free(resp_iter); + g_variant_iter_free(resp_iter); data->type = ZB_GLOBAL_READ_REPORT_CONFIG; data->record.report_config = (void **)records; @@ -2586,8 +2599,12 @@ GLOBAL_CONFIGURE_REPORTING_REQ_OUT: GLOBAL_READ_CONFIGURE_REPORTING_REQ_OUT: free(data_size); free(status); - for (i = 0; i < record_length; i++) - free(records[i]); + for (i = 0; i < record_length; i++) { + if (records[i] && records[i]->change) + free(records[i]->change); + if (records[i]) + free(records[i]); + } free(records); free(data); } @@ -2644,14 +2661,18 @@ GLOBAL_READ_CONFIGURE_REPORTING_REQ_OUT: GVariantIter *grpNameiter = NULL; g_variant_get(parameters, "(qyyqay)", &addr16, &ep, &status, &group_id, &grpNameiter); + if (NULL == grpNameiter) { + ERR("Invalid grpNameiter"); + goto GROUP_VIEW_GROUP_REQ_OUT; + } + g_variant_iter_loop(grpNameiter, "y", &value); /* first byte indicates the length of the string */ if ((value - '0') > 0) { DBG("Value %d ", (value - '0')); group_name = calloc((value - '0') + 1, sizeof(char)); if (NULL == group_name) { - if (NULL != grpNameiter) - g_variant_iter_free(grpNameiter); + g_variant_iter_free(grpNameiter); ERR("calloc() Fail(%d)", errno); goto GROUP_VIEW_GROUP_REQ_OUT; } @@ -2662,13 +2683,11 @@ GLOBAL_READ_CONFIGURE_REPORTING_REQ_OUT: DBG("Name %c", group_name[j]); j++; } - if (NULL != grpNameiter) - g_variant_iter_free(grpNameiter); + g_variant_iter_free(grpNameiter); } else { group_name = calloc(1, sizeof(char)); if (NULL == group_name) { - if (NULL != grpNameiter) - g_variant_iter_free(grpNameiter); + g_variant_iter_free(grpNameiter); ERR("calloc() Fail(%d)", errno); goto GROUP_VIEW_GROUP_REQ_OUT; } @@ -2680,8 +2699,10 @@ GLOBAL_READ_CONFIGURE_REPORTING_REQ_OUT: DBG("GroupName = %s", group_name); cb(addr16, ep, status, group_id, group_name, container->userdata); + GROUP_VIEW_GROUP_REQ_OUT: - free(group_name); + if (group_name) + free(group_name); } break; case ZBL_ZCL_GROUP_GET_GROUP_MEMBERSHIP_REQ: { @@ -2697,12 +2718,12 @@ GROUP_VIEW_GROUP_REQ_OUT: GVariantIter *grpListiter = NULL; g_variant_get(parameters, "(qyyyaq)", &addr16, &ep, &capacity, &group_count, &grpListiter); + RETM_IF(NULL == grpListiter, "Invalid parameter !"); if (group_count > 0) { grouplist = calloc(group_count+1, sizeof(unsigned short)); if (NULL == grouplist) { - if (NULL != grpListiter) - g_variant_iter_free(grpListiter); + g_variant_iter_free(grpListiter); ERR("calloc() Fail(%d)", errno); return; } @@ -2712,8 +2733,7 @@ GROUP_VIEW_GROUP_REQ_OUT: grouplist[j] = gl_value; j++; } - if (NULL != grpListiter) - g_variant_iter_free(grpListiter); + g_variant_iter_free(grpListiter); } cb(addr16, ep, capacity, group_count, grouplist, container->userdata); @@ -3095,6 +3115,7 @@ int zbl_get_network_info(ieee_addr addr64, nwk_addr *nodeid, nwk_addr *panid, g_variant_get(variant, "(ia(y)qqyy)", &result, &iter, &_nodeid, &_panid, &_radio_channel, &_radio_tx_power); + RETVM_IF(NULL == iter, ZIGBEE_ERROR_IO_ERROR, "Invalid parameter !"); /* Get EUI */ i = 0; @@ -3102,6 +3123,7 @@ int zbl_get_network_info(ieee_addr addr64, nwk_addr *nodeid, nwk_addr *panid, addr64[i] = value; i++; } + g_variant_iter_free(iter); DBG(" Result: [%X]", result); DBG(" EUI(%d) : %02X:%02X:%02X:%02X:%02X:%02X:%02X:%02X", i, @@ -3120,8 +3142,6 @@ int zbl_get_network_info(ieee_addr addr64, nwk_addr *nodeid, nwk_addr *panid, if (tx_power) *tx_power = _radio_tx_power; - if (iter) - g_variant_iter_free(iter); g_variant_unref(variant); return result; @@ -3155,18 +3175,18 @@ int zbl_get_controller_mac_address(ieee_addr addr64) return result; } g_variant_get(variant, "(ia(y))", &result, &iter); + RETVM_IF(NULL == iter, ZIGBEE_ERROR_IO_ERROR, "Invalid parameter !"); while (g_variant_iter_loop(iter, "(y)", &value)) { addr64[j] = value; j++; } + g_variant_iter_free(iter); DBG("IEEE ADDR 0x%02X:0x%02X:0x%02X:0x%02X:0x%02X:0x%02X:0x%02X:0x%02X, Ret=%d ", addr64[0], addr64[1], addr64[2], addr64[3], addr64[4], addr64[5], addr64[6], addr64[7], result); - if (iter) - g_variant_iter_free(iter); g_variant_unref(variant); return result; @@ -3208,6 +3228,9 @@ int zbl_get_cluster_list(ieee_addr eui64, unsigned char endpoint, if (variant) { g_variant_get(variant, "(iaqaq)", &result, &in_cluster_iter, &out_cluster_iter); + RETVM_IF(NULL == in_cluster_iter, ZIGBEE_ERROR_IO_ERROR, "Invalid parameter !"); + RETVM_IF(NULL == out_cluster_iter, ZIGBEE_ERROR_IO_ERROR, "Invalid parameter !"); + DBG("ret = [0x%x]", result); /* In clusters */ @@ -3215,6 +3238,7 @@ int zbl_get_cluster_list(ieee_addr eui64, unsigned char endpoint, DBG("In Cluster 0x%04X", cluster); in_cluster_list[i++] = cluster; } + g_variant_iter_free(in_cluster_iter); *in_cluster_count = i; if (0 == i) ERR("No In Clusters for Endpoint %0X", endpoint); @@ -3225,14 +3249,11 @@ int zbl_get_cluster_list(ieee_addr eui64, unsigned char endpoint, DBG("Out Cluster 0x%04X", cluster); out_cluster_list[i++] = cluster; } + g_variant_iter_free(out_cluster_iter); *out_cluster_count = i; if (0 == i) ERR("No Out Clusters for Endpoint %0X", endpoint); - if (NULL != in_cluster_iter) - g_variant_iter_free(in_cluster_iter); - if (NULL != out_cluster_iter) - g_variant_iter_free(out_cluster_iter); g_variant_unref(variant); } else { ERR("No In/Out Clusters for Endpoint %0X [%s]", endpoint, dbus_err->message); @@ -3283,12 +3304,16 @@ int zbl_get_endpoint_list(ieee_addr eui64, unsigned char *count, unsigned char l if (variant) { g_variant_get(variant, "(ia(y))", &result, &iter); + RETVM_IF(NULL == iter, ZIGBEE_ERROR_IO_ERROR, "Invalid parameter !"); + DBG("ret = [0x%x]", result); while (g_variant_iter_loop(iter, "(y)", &endpoint)) { DBG("Endpoint 0x%X", endpoint); list[i++] = endpoint; } + g_variant_iter_free(iter); + if (i > 0) { *count = i; DBG("Endpoint Count %d", i); @@ -3296,8 +3321,6 @@ int zbl_get_endpoint_list(ieee_addr eui64, unsigned char *count, unsigned char l ERR("No Endpoints"); *count = 0; } - if (NULL != iter) - g_variant_iter_free(iter); g_variant_unref(variant); } else { @@ -3388,6 +3411,8 @@ int zbl_get_all_device_info(zb_end_device_info_h **dev_list, unsigned char* num) if (variant) { g_variant_get(variant, "(ia(qyayyay))", &result, &iter); + RETVM_IF(NULL == iter, ZIGBEE_ERROR_IO_ERROR, "Invalid parameter !"); + DBG("ret = [0x%x]", result); list = calloc(MAX_DEVICE_LIST+1, sizeof(zb_end_device_info_h)); @@ -3395,8 +3420,10 @@ int zbl_get_all_device_info(zb_end_device_info_h **dev_list, unsigned char* num) for (i = 0; i < MAX_DEVICE_LIST && list; i++) { list[i] = calloc(1, sizeof(struct zb_end_device_info_s)); if (NULL == list[i]) { - for (j = 0; j < i; j++) - free(list[j]); + for (j = 0; j < i; j++) { + if (list[j]) + free(list[j]); + } free(list); g_variant_unref(variant); return ZIGBEE_ERROR_OUT_OF_MEMORY; @@ -3406,6 +3433,22 @@ int zbl_get_all_device_info(zb_end_device_info_h **dev_list, unsigned char* num) i = 0; while (g_variant_iter_loop(iter, "(qyayyay)", &node_id, &node_type, &mac_iter, &endpoint_cnt, &endpoint_iter)) { + if (NULL == mac_iter || NULL == endpoint_iter) { + ERR("Invalid parameter !"); + for (j = 0; j <= MAX_DEVICE_LIST; j++) { + if (list[j]) + free(list[j]); + } + free(list); + g_variant_iter_free(iter); + if (NULL != mac_iter) + g_variant_iter_free(mac_iter); + if (NULL != endpoint_iter) + g_variant_iter_free(endpoint_iter); + g_variant_unref(variant); + return ZIGBEE_ERROR_IO_ERROR; + } + j = 0; k = 0; /* Get Network Address */ @@ -3417,6 +3460,7 @@ int zbl_get_all_device_info(zb_end_device_info_h **dev_list, unsigned char* num) /* Get End-Point count */ list[i]->num_of_ep = endpoint_cnt; DBG("Endpoint Count: 0x%X", endpoint_cnt); + /* Get End-Point list */ list[i]->num_of_ep = endpoint_cnt; while (g_variant_iter_loop(endpoint_iter, "y", &value_endpoint)) { @@ -3424,26 +3468,29 @@ int zbl_get_all_device_info(zb_end_device_info_h **dev_list, unsigned char* num) DBG("Endpoint : %d", value_endpoint); k++; } + g_variant_iter_free(endpoint_iter); + /* Get IEEE address */ while (g_variant_iter_loop(mac_iter, "y", &value)) { node_mac_address[j] = value; j++; } + g_variant_iter_free(mac_iter); + memcpy(list[i]->addr64, node_mac_address, sizeof(ieee_addr)); DBG("Node MAC Addr : %02X:%02X:%02X:%02X:%02X:%02X:%02X:%02X", node_mac_address[0], node_mac_address[1], node_mac_address[2], node_mac_address[3], node_mac_address[4], node_mac_address[5], node_mac_address[6], node_mac_address[7]); i++; - } if (0 == i) ERR("No attached nodes"); *num = i; *dev_list = (void **)list; - if (NULL != iter) - g_variant_iter_free(iter); + + g_variant_iter_free(iter); g_variant_unref(variant); } else { ERR("NULL Variant [%s]", dbus_err->message);