From: Haejeong Kim Date: Thu, 13 Apr 2017 01:47:20 +0000 (+0900) Subject: Svace issue fix. change strncat to g_strlcat and some code clean up. X-Git-Tag: accepted/tizen/unified/20170413.164237~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F80%2F124880%2F2;p=platform%2Fcore%2Fmultimedia%2Flibmedia-service.git Svace issue fix. change strncat to g_strlcat and some code clean up. Change-Id: I802cd6016f8be9f3029b8d7a49fdfbfe07a92ad3 --- diff --git a/src/common/media-svc-db-utils.c b/src/common/media-svc-db-utils.c index cccd281..67b763c 100755 --- a/src/common/media-svc-db-utils.c +++ b/src/common/media-svc-db-utils.c @@ -165,12 +165,11 @@ static int __media_svc_rebuild_view_query(sqlite3 *db_handle, uid_t uid) snprintf(temp, sizeof(temp), ", playlist.%s AS p_thumbnail_path", col_ptr->name); else snprintf(temp, sizeof(temp), ", playlist.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); } else { snprintf(temp, sizeof(temp), "playlist.%s", col_ptr->name); - strncpy(table_query, temp, strlen(temp)); sflag = true; } + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } memset(temp, 0, sizeof(temp)); } @@ -182,7 +181,7 @@ static int __media_svc_rebuild_view_query(sqlite3 *db_handle, uid_t uid) snprintf(temp, sizeof(temp), ", media_count IS NOT NULL AS media_count, playlist_map.%s AS pm_id", col_ptr->name); else snprintf(temp, sizeof(temp), ", playlist_map.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } memset(temp, 0, sizeof(temp)); } @@ -192,7 +191,7 @@ static int __media_svc_rebuild_view_query(sqlite3 *db_handle, uid_t uid) col_ptr = g_slist_nth_data(column_list[MEDIA_SVC_DB_LIST_MEDIA], i); if (col_ptr->is_view) { snprintf(temp, sizeof(temp), ", media.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } memset(temp, 0, sizeof(temp)); } @@ -211,12 +210,11 @@ static int __media_svc_rebuild_view_query(sqlite3 *db_handle, uid_t uid) if (col_ptr->is_view) { if (sflag == true) { snprintf(temp, sizeof(temp), ", tag.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); } else { snprintf(temp, sizeof(temp), "tag.%s", col_ptr->name); - strncpy(table_query, temp, strlen(temp)); sflag = true; } + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } memset(temp, 0, sizeof(temp)); } @@ -228,7 +226,7 @@ static int __media_svc_rebuild_view_query(sqlite3 *db_handle, uid_t uid) snprintf(temp, sizeof(temp), ", media_count IS NOT NULL AS media_count, tag_map.%s AS tm_id", col_ptr->name); else snprintf(temp, sizeof(temp), ", tag_map.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } memset(temp, 0, sizeof(temp)); } @@ -238,7 +236,7 @@ static int __media_svc_rebuild_view_query(sqlite3 *db_handle, uid_t uid) col_ptr = g_slist_nth_data(column_list[MEDIA_SVC_DB_LIST_MEDIA], i); if (col_ptr->is_view) { snprintf(temp, sizeof(temp), ", media.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } memset(temp, 0, sizeof(temp)); } @@ -287,21 +285,19 @@ int _media_svc_make_table_query(const char *table_name, media_svc_table_slist_e if (col_ptr->has_option) { if (sflag == true) { snprintf(temp, sizeof(temp), ", %s %s %s", col_ptr->name, col_ptr->type, col_ptr->option); - strncat(table_query, temp, strlen(temp)); } else { snprintf(temp, sizeof(temp), "%s %s %s", col_ptr->name, col_ptr->type, col_ptr->option); - strncpy(table_query, temp, strlen(temp)); sflag = true; } + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } else { if (sflag == true) { snprintf(temp, sizeof(temp), ", %s %s", col_ptr->name, col_ptr->type); - strncat(table_query, temp, strlen(temp)); } else { snprintf(temp, sizeof(temp), "%s %s", col_ptr->name, col_ptr->type); - strncpy(table_query, temp, strlen(temp)); sflag = true; } + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } memset(temp, 0, sizeof(temp)); @@ -309,13 +305,11 @@ int _media_svc_make_table_query(const char *table_name, media_svc_table_slist_e if (col_ptr->is_unique) { if (table_sub_len > 0) { snprintf(temp, sizeof(temp), ", %s", col_ptr->name); - strncat(table_query_sub, temp, strlen(temp)); - table_sub_len = strlen(table_query_sub); } else { snprintf(temp, sizeof(temp), "%s", col_ptr->name); - strncpy(table_query_sub, temp, strlen(temp)); - table_sub_len = strlen(table_query_sub); } + SAFE_STRLCAT(table_query_sub, temp, sizeof(table_query_sub)); + table_sub_len = strlen(table_query_sub); } memset(temp, 0, sizeof(temp)); @@ -323,13 +317,11 @@ int _media_svc_make_table_query(const char *table_name, media_svc_table_slist_e if (col_ptr->is_index) { if (index_len > 0) { snprintf(temp, sizeof(temp), MEDIA_SVC_DB_QUERY_INDEX, col_ptr->index_name, table_name, col_ptr->name); - strncat(index_query, temp, strlen(temp)); - index_len = strlen(index_query); } else { snprintf(temp, sizeof(temp), MEDIA_SVC_DB_QUERY_INDEX, col_ptr->index_name, table_name, col_ptr->name); - strncpy(index_query, temp, strlen(temp)); - index_len = strlen(index_query); } + SAFE_STRLCAT(index_query, temp, sizeof(index_query)); + index_len = strlen(index_query); } memset(temp, 0, sizeof(temp)); @@ -337,14 +329,12 @@ int _media_svc_make_table_query(const char *table_name, media_svc_table_slist_e if (col_ptr->is_trigger) { if (STRING_VALID(tb->trigger_name)) { if (strncmp(table_name, MEDIA_SVC_DB_TABLE_ALBUM, strlen(MEDIA_SVC_DB_TABLE_ALBUM)) == 0) { - snprintf(temp, sizeof(temp), MEDIA_SVC_DB_QUERY_TRIGGER_WITH_COUNT, tb->trigger_name, tb->event_table, tb->action_table, tb->event_table, col_ptr->name, col_ptr->name, col_ptr->name, col_ptr->name); - strncpy(trigger_query, temp, strlen(temp)); - trigger_len = strlen(trigger_query); + snprintf(temp, sizeof(temp), MEDIA_SVC_DB_QUERY_TRIGGER_WITH_COUNT, tb->trigger_name, tb->event_table, tb->action_table, tb->event_table, col_ptr->name, col_ptr->name, col_ptr->name, col_ptr->name); } else { snprintf(temp, sizeof(temp), MEDIA_SVC_DB_QUERY_TRIGGER, tb->trigger_name, tb->event_table, tb->action_table, col_ptr->name, col_ptr->name); - strncpy(trigger_query, temp, strlen(temp)); - trigger_len = strlen(trigger_query); } + SAFE_STRLCAT(trigger_query, temp, sizeof(trigger_query)); + trigger_len = strlen(trigger_query); } else { media_svc_error("invalid trigger name"); } @@ -399,12 +389,11 @@ int _media_svc_make_table_query(const char *table_name, media_svc_table_slist_e snprintf(temp, sizeof(temp), ", playlist.%s AS p_thumbnail_path", col_ptr->name); else snprintf(temp, sizeof(temp), ", playlist.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); } else { snprintf(temp, sizeof(temp), "playlist.%s", col_ptr->name); - strncpy(table_query, temp, strlen(temp)); sflag = true; } + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } memset(temp, 0, sizeof(temp)); } @@ -416,7 +405,7 @@ int _media_svc_make_table_query(const char *table_name, media_svc_table_slist_e snprintf(temp, sizeof(temp), ", media_count IS NOT NULL AS media_count, playlist_map.%s AS pm_id", col_ptr->name); else snprintf(temp, sizeof(temp), ", playlist_map.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } memset(temp, 0, sizeof(temp)); } @@ -426,7 +415,7 @@ int _media_svc_make_table_query(const char *table_name, media_svc_table_slist_e col_ptr = g_slist_nth_data(column_list[MEDIA_SVC_DB_LIST_MEDIA], i); if (col_ptr->is_view) { snprintf(temp, sizeof(temp), ", media.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } memset(temp, 0, sizeof(temp)); } @@ -442,12 +431,11 @@ int _media_svc_make_table_query(const char *table_name, media_svc_table_slist_e if (col_ptr->is_view) { if (sflag == true) { snprintf(temp, sizeof(temp), ", tag.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); } else { snprintf(temp, sizeof(temp), "tag.%s", col_ptr->name); - strncpy(table_query, temp, strlen(temp)); sflag = true; } + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } memset(temp, 0, sizeof(temp)); } @@ -459,7 +447,7 @@ int _media_svc_make_table_query(const char *table_name, media_svc_table_slist_e snprintf(temp, sizeof(temp), ", media_count IS NOT NULL AS media_count, tag_map.%s AS tm_id", col_ptr->name); else snprintf(temp, sizeof(temp), ", tag_map.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } memset(temp, 0, sizeof(temp)); } @@ -469,7 +457,7 @@ int _media_svc_make_table_query(const char *table_name, media_svc_table_slist_e col_ptr = g_slist_nth_data(column_list[MEDIA_SVC_DB_LIST_MEDIA], i); if (col_ptr->is_view) { snprintf(temp, sizeof(temp), ", media.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } memset(temp, 0, sizeof(temp)); } @@ -1456,7 +1444,7 @@ int _media_svc_sql_query_list(GList **query_list, uid_t uid) /* column limit = 2000 */ } - strncat(query_bundle, sql, query_len); + SAFE_STRLCAT(query_bundle, sql, sizeof(query_bundle)); total_len += query_len; SQLITE3_SAFE_FREE(sql); @@ -1660,7 +1648,7 @@ int _media_svc_update_media_view(sqlite3 *db_handle, uid_t uid) char append_query[128] = {0, }; memset(append_query, 0x00, sizeof(append_query)); snprintf(append_query, sizeof(append_query), " UNION SELECT * from '%s'", storage_id); - strncat(view_query, append_query, strlen(append_query)); + SAFE_STRLCAT(view_query, append_query, sizeof(view_query)); } else { media_svc_error("media table not exist for storage [%s]", storage_id); } diff --git a/src/include/common/media-svc-util.h b/src/include/common/media-svc-util.h index 81d17e2..f3e195c 100755 --- a/src/include/common/media-svc-util.h +++ b/src/include/common/media-svc-util.h @@ -46,6 +46,8 @@ extern "C" { #define STRING_VALID(str) \ ((str != NULL && strlen(str) > 0) ? TRUE : FALSE) +#define SAFE_STRLCAT(dst, src, n) g_strlcat(dst, src, n); + char *_media_info_generate_uuid(void); void _strncpy_safe(char *x_dst, const char *x_src, int max_len); int _media_svc_rename_file(const char *old_name, const char *new_name);