From: Jeongmo Yang <jm80.yang@samsung.com>
Date: Thu, 26 Dec 2024 10:10:36 +0000 (+0900)
Subject: Fix svace issue - INTEGER_OVERFLOW
X-Git-Tag: accepted/tizen/unified/20241231.131840^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F80%2F317180%2F2;p=platform%2Fcore%2Fmultimedia%2Flibmm-camcorder.git

Fix svace issue - INTEGER_OVERFLOW

[Version] 1.3.4
[Issue Type] Svace

Change-Id: I6c4fd56ef3ee14bb4e1565c3d78deed22b57b1d6
Signed-off-by: Jeongmo Yang <jm80.yang@samsung.com>
---

diff --git a/packaging/libmm-camcorder.spec b/packaging/libmm-camcorder.spec
old mode 100755
new mode 100644
index 37602b9..425736c
--- a/packaging/libmm-camcorder.spec
+++ b/packaging/libmm-camcorder.spec
@@ -1,6 +1,6 @@
 Name:       libmm-camcorder
 Summary:    Camera and recorder library
-Version:    1.3.3
+Version:    1.3.4
 Release:    0
 Group:      Multimedia/Libraries
 License:    Apache-2.0
diff --git a/src/mm_camcorder_configure.c b/src/mm_camcorder_configure.c
index 82a11b2..08cbbcc 100644
--- a/src/mm_camcorder_configure.c
+++ b/src/mm_camcorder_configure.c
@@ -1414,17 +1414,15 @@ int _mmcamcorder_conf_add_info(MMHandleType handle, int type, conf_detail **info
 		if (value_type != CONFIGURE_VALUE_STRING && value_type != CONFIGURE_VALUE_STRING_ARRAY) {
 			token = strtok_r(NULL, delimiters, &user_ptr);
 			while (token) {
-				buffer_token[count_token] = token;
-				MMCAM_LOG_VERBOSE("token : [%s]", buffer_token[count_token]);
+				if (count_token < BUFFER_NUM_TOKEN) {
+					buffer_token[count_token] = token;
+					MMCAM_LOG_VERBOSE("token : [%s]", buffer_token[count_token]);
+				} else {
+					MMCAM_LOG_WARNING("too many token[%s]", token);
+				}
 				count_token++;
 				token = strtok_r(NULL, delimiters, &user_ptr);
 			}
-
-			if (count_token < 2) {
-				(*info)->detail_info[i] = NULL;
-				MMCAM_LOG_WARNING("Number of token is too small... check it.[%s]", buffer_details[i]);
-				continue;
-			}
 		} else { /* CONFIGURE_VALUE_STRING or CONFIGURE_VALUE_STRING_ARRAY */
 			/* skip "=" */
 			strtok_r(NULL, delimiters_sub, &user_ptr);
@@ -1432,8 +1430,12 @@ int _mmcamcorder_conf_add_info(MMHandleType handle, int type, conf_detail **info
 			if (value_type == CONFIGURE_VALUE_STRING_ARRAY) {
 				token = strtok_r(NULL, delimiters_sub, &user_ptr);
 				while (token) {
-					buffer_token[count_token] = token;
-					MMCAM_LOG_VERBOSE("token : [%s]", buffer_token[count_token]);
+					if (count_token < BUFFER_NUM_TOKEN) {
+						buffer_token[count_token] = token;
+						MMCAM_LOG_VERBOSE("token : [%s]", buffer_token[count_token]);
+					} else {
+						MMCAM_LOG_WARNING("too many token[%s]", token);
+					}
 					count_token++;
 					token = strtok_r(NULL, delimiters_sub, &user_ptr);
 				}
@@ -1446,12 +1448,12 @@ int _mmcamcorder_conf_add_info(MMHandleType handle, int type, conf_detail **info
 					count_token++;
 				}
 			}
+		}
 
-			if (count_token < 2) {
-				(*info)->detail_info[i] = NULL;
-				MMCAM_LOG_WARNING("No string value... check it.[%s]", buffer_details[i]);
-				continue;
-			}
+		if (count_token < 2 || count_token > BUFFER_NUM_TOKEN) {
+			(*info)->detail_info[i] = NULL;
+			MMCAM_LOG_WARNING("invalid token count[%d]... check it.[%s]", count_token, buffer_details[i]);
+			continue;
 		}
 
 		switch (value_type) {