From 150dcfe22f5627a225f6f9263f462626d5a27232 Mon Sep 17 00:00:00 2001
From: Ashwini Kumar <k.ashwini@samsung.com>
Date: Thu, 3 Mar 2016 16:35:16 +0530
Subject: [PATCH] Fix static analysis issues in PM

Change-Id: I1a079333d7636b52f8ae9d4ab0609656a5395278
Signed-off-by: Ashwini Kumar <k.ashwini@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/5351
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Randeep Singh <randeep.s@samsung.com>
(cherry picked from commit ec7970e13558ba77a7df89830c95969c3155e261)
Reviewed-on: https://gerrit.iotivity.org/gerrit/5665
Tested-by: Randeep Singh <randeep.s@samsung.com>
---
 .../security/provisioning/src/provisioningdatabasemanager.c |  6 +++---
 resource/provisioning/examples/provisioningclient.cpp       | 10 ++++++++++
 resource/provisioning/src/OCProvisioningManager.cpp         | 13 +++++++++++--
 3 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c b/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c
index 907a6a2..83e7b99 100644
--- a/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c
+++ b/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c
@@ -564,7 +564,7 @@ OCStackResult PDMGetOwnedDevices(OCUuidList_t **uuidList, size_t *numOfDevices)
                               strlen(PDM_SQLITE_LIST_ALL_UUID) + 1, &stmt, NULL);
     PDM_VERIFY_SQLITE_OK(TAG, res, ERROR, OC_STACK_ERROR);
 
-    int counter  = 0;
+    size_t counter  = 0;
     while (SQLITE_ROW == sqlite3_step(stmt))
     {
         const void *ptr = sqlite3_column_blob(stmt, PDM_FIRST_INDEX);
@@ -667,7 +667,7 @@ OCStackResult PDMGetLinkedDevices(const OicUuid_t *UUID, OCUuidList_t **UUIDLIST
     res = sqlite3_bind_int(stmt, PDM_BIND_INDEX_SECOND, id);
     PDM_VERIFY_SQLITE_OK(TAG, res, ERROR, OC_STACK_ERROR);
 
-    int counter  = 0;
+    size_t counter  = 0;
     while (SQLITE_ROW == sqlite3_step(stmt))
     {
         int i1 = sqlite3_column_int(stmt, PDM_FIRST_INDEX);
@@ -717,7 +717,7 @@ OCStackResult PDMGetToBeUnlinkedDevices(OCPairList_t **staleDevList, size_t *num
     res = sqlite3_bind_int(stmt, PDM_BIND_INDEX_FIRST, PDM_STALE_STATE);
     PDM_VERIFY_SQLITE_OK(TAG, res, ERROR, OC_STACK_ERROR);
 
-    int counter  = 0;
+    size_t counter  = 0;
     while (SQLITE_ROW == sqlite3_step(stmt))
     {
         int i1 = sqlite3_column_int(stmt, PDM_FIRST_INDEX);
diff --git a/resource/provisioning/examples/provisioningclient.cpp b/resource/provisioning/examples/provisioningclient.cpp
index e3b8185..9d199ae 100644
--- a/resource/provisioning/examples/provisioningclient.cpp
+++ b/resource/provisioning/examples/provisioningclient.cpp
@@ -382,6 +382,11 @@ static int InputACL(OicSecAcl_t *acl)
     //Set Resource.
     printf("Num. of Resource : ");
     ret = scanf("%zu", &acl->resourcesLen);
+    if ((1 != ret) || (acl->resourcesLen <= 0 || acl->resourcesLen > 50))
+    {
+        printf("Error while input\n");
+        return -1;
+    }
     printf("-URI of resource\n");
     printf("ex)/oic/sh/temp/0 (Max_URI_Length: 64 Byte )\n");
     acl->resources = (char **)OICCalloc(acl->resourcesLen, sizeof(char *));
@@ -427,6 +432,11 @@ static int InputACL(OicSecAcl_t *acl)
     // Set Rowner
     printf("Num. of Rowner : ");
     ret = scanf("%zu", &acl->ownersLen);
+    if ((1 != ret) || (acl->ownersLen <= 0 || acl->ownersLen > 20))
+    {
+        printf("Error while input\n");
+        return -1;
+    }
     printf("-URN identifying the rowner\n");
     printf("ex) 1111-1111-1111-1111 (16 Numbers except to '-')\n");
     acl->owners = (OicUuid_t *)OICCalloc(acl->ownersLen, sizeof(OicUuid_t));
diff --git a/resource/provisioning/src/OCProvisioningManager.cpp b/resource/provisioning/src/OCProvisioningManager.cpp
index 8040a99..0fc4d02 100644
--- a/resource/provisioning/src/OCProvisioningManager.cpp
+++ b/resource/provisioning/src/OCProvisioningManager.cpp
@@ -142,7 +142,7 @@ namespace OC
         {
             std::lock_guard<std::recursive_mutex> lock(*cLock);
             result = OCSetOwnerTransferCallbackData(oxm, callbackData);
-            if(result == OC_STACK_OK && (OIC_RANDOM_DEVICE_PIN & oxm))
+            if(result == OC_STACK_OK && (OIC_RANDOM_DEVICE_PIN == oxm))
             {
                 SetInputPinCB(inputPin);
             }
@@ -234,7 +234,16 @@ namespace OC
         PMResultList_t *results = nullptr;
         ProvisionContext* context = static_cast<ProvisionContext*>(ctx);
 
-        results = new PMResultList_t;
+        try
+        {
+            results = new PMResultList_t;
+        }
+        catch (std::bad_alloc& e)
+        {
+            oclog() <<"Bad alloc exception";
+            return;
+        }
+
         for (int i = 0; i < nOfRes; i++)
         {
             results->push_back(arr[i]);
-- 
2.7.4