From: Jeon Sang-Heon <sh95.jeon@samsung.com>
Date: Mon, 2 Mar 2020 08:39:48 +0000 (+0900)
Subject: Fix coverity issue
X-Git-Tag: accepted/tizen/unified/20200303.170242^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F96%2F226396%2F2;p=platform%2Fcore%2Fsystem%2Flibtota.git

Fix coverity issue

- change large array in stack memory to heap

Change-Id: I833d1abcd81da99923ef36d336a7f487344639a2
---

diff --git a/bsdiff/ss_bspatch_common.c b/bsdiff/ss_bspatch_common.c
index e7bd45e..af6e20b 100755
--- a/bsdiff/ss_bspatch_common.c
+++ b/bsdiff/ss_bspatch_common.c
@@ -96,12 +96,23 @@ SRes Decode2(CLzmaDec *state, ISeqOutStream *outStream, ISeqInStream *inStream,
 {
 	int thereIsSize = (*unpackSize != (UInt64)(Int64) - 1);
 	UInt64 offset = 0;
-	Byte inBuf[IN_BUF_SIZE];
-	Byte outBuf[OUT_BUF_SIZE];
+	Byte *inBuf = NULL;
+	Byte *outBuf = NULL;
 	size_t inPos = 0, inSize = 0, outPos = 0;
+	SRes res;
 
-	LzmaDec_Init(state);
+	inBuf = (Byte *)malloc(sizeof(Byte) * IN_BUF_SIZE);
+	if (!inBuf) {
+		res = SZ_ERROR_UNSUPPORTED;
+		goto clean;
+	}
+	outBuf = (Byte *)malloc(sizeof(Byte) * OUT_BUF_SIZE);
+	if (!outBuf) {
+		res = SZ_ERROR_UNSUPPORTED;
+		goto clean;
+	}
 
+	LzmaDec_Init(state);
 	offset = 0;
 
 	for (;;) {
@@ -111,7 +122,6 @@ SRes Decode2(CLzmaDec *state, ISeqOutStream *outStream, ISeqInStream *inStream,
 			inPos = 0;
 		}
 
-		SRes res;
 		SizeT inProcessed = inSize - inPos;
 		SizeT outProcessed = OUT_BUF_SIZE - outPos;
 		ELzmaFinishMode finishMode = LZMA_FINISH_ANY;
@@ -133,14 +143,21 @@ SRes Decode2(CLzmaDec *state, ISeqOutStream *outStream, ISeqInStream *inStream,
 		outPos = 0;
 
 		if ((res != SZ_OK) || (thereIsSize && *unpackSize == 0))
-			return res;
+			goto clean;
 
 		if (inProcessed == 0 && outProcessed == 0) {
 			if (thereIsSize || status != LZMA_STATUS_FINISHED_WITH_MARK)
-				return SZ_ERROR_DATA;
-			return res;
+				res = SZ_ERROR_DATA;
+			goto clean;
 		}
 	}
+
+clean:
+	if (inBuf)
+		free(inBuf);
+	if (outBuf)
+		free(outBuf);
+	return res;
 }
 
 int apply_patch(const char *oldfile, unsigned char *patch_buffer, unsigned char **dest_buf, ssize_t *dest_size)
diff --git a/ss_engine/SS_FSUpdate.c b/ss_engine/SS_FSUpdate.c
index ee8c6d0..a4150b7 100755
--- a/ss_engine/SS_FSUpdate.c
+++ b/ss_engine/SS_FSUpdate.c
@@ -134,7 +134,8 @@ SS_CopyFile(const char *strFromPath, const char *strToPath)
 {
 	int fd1, fd2;
 	int readCount = 0, writeCount = 0;
-	char buf[1 << 15];	// copy 32KB wise
+	char *buf;	// copy 32KB wise
+	int buf_size = (1 << 15);
 	int ret = 0;
 
 	char path1[MAX_PATH] = { '\0' };
@@ -160,7 +161,15 @@ SS_CopyFile(const char *strFromPath, const char *strToPath)
 		return E_SS_WRITE_ERROR;
 	}
 
-	while ((readCount = read(fd1, buf, sizeof(buf))) > 0) {
+	buf = (char *)malloc(sizeof(char) * buf_size);
+	if (!buf) {
+		close(fd1);
+		close(fd2);
+		LOGE("Cannot allocate buf");
+		return -1;
+	}
+
+	while ((readCount = read(fd1, buf, buf_size)) > 0) {
 		writeCount = write(fd2, buf, readCount);
 		if (writeCount != readCount) {
 			LOGE(" read %d, but write %d, abort.\n", readCount,
@@ -170,6 +179,7 @@ SS_CopyFile(const char *strFromPath, const char *strToPath)
 		}
 	}
 
+	free(buf);
 	close(fd1);
 	fsync(fd2);
 	close(fd2);