From 27d5d95f853801c518270e83f3558e66ded53e50 Mon Sep 17 00:00:00 2001
From: Sangkoo Kim <sangkoo.kim@samsung.com>
Date: Thu, 16 Jun 2016 17:33:34 +0900
Subject: [PATCH] Fix Svace issue

Change-Id: I90787dd8f14cc363989548c766b153779b9ee63c
---
 framework/storage-handler/MsgStorageMessage.cpp |  6 ++++--
 plugin/mms_plugin/MmsPluginDecode.cpp           |  4 ++--
 plugin/sms_plugin/SmsPluginCbMsgHandler.cpp     | 12 ++++++++----
 plugin/sms_plugin/SmsPluginParamCodec.cpp       | 18 ++++++++++++------
 plugin/sms_plugin/SmsPluginSetting.cpp          |  4 ++++
 utils/MsgSmil.cpp                               |  4 ++--
 6 files changed, 32 insertions(+), 16 deletions(-)

diff --git a/framework/storage-handler/MsgStorageMessage.cpp b/framework/storage-handler/MsgStorageMessage.cpp
index 853da57..0444e26 100755
--- a/framework/storage-handler/MsgStorageMessage.cpp
+++ b/framework/storage-handler/MsgStorageMessage.cpp
@@ -1120,6 +1120,7 @@ msg_error_t MsgStoDeleteAllMessageInFolder(msg_folder_id_t folderId, bool bOnlyD
 	MSG_DEBUG("pToDeleteMsgIdList->nCount [%d]", pToDeleteMsgIdList->nCount);
 
 	pToDeleteMsgIdList->msgIdList = (msg_message_id_t *)new char[sizeof(msg_message_id_t) * rowCnt];
+	memset(pToDeleteMsgIdList->msgIdList, 0x00, sizeof(msg_message_id_t) * rowCnt);
 
 	for (int i = 0; i < rowCnt; i++)
 		pToDeleteMsgIdList->msgIdList[i] = dbHandle->getColumnToInt(index++);
@@ -1308,8 +1309,9 @@ msg_error_t MsgStoDeleteAllMessageInFolder(msg_folder_id_t folderId, bool bOnlyD
 	if (pMsgIdList != NULL && pToDeleteMsgIdList->nCount > 0) {
 		pMsgIdList->nCount = pToDeleteMsgIdList->nCount;
 
-		pMsgIdList->msgIdList = (msg_message_id_t *)new char[sizeof(msg_message_id_t)*pToDeleteMsgIdList->nCount];
-		memcpy(pMsgIdList->msgIdList, pToDeleteMsgIdList->msgIdList, sizeof(msg_message_id_t)*pToDeleteMsgIdList->nCount);
+		pMsgIdList->msgIdList = (msg_message_id_t *)new char[sizeof(msg_message_id_t) * pToDeleteMsgIdList->nCount];
+		memset(pMsgIdList->msgIdList, 0x00, sizeof(msg_message_id_t) * pToDeleteMsgIdList->nCount);
+		memcpy(pMsgIdList->msgIdList, pToDeleteMsgIdList->msgIdList, sizeof(msg_message_id_t) * pToDeleteMsgIdList->nCount);
 	}
 
 	/* Create thread  for noti and phone log delete. */
diff --git a/plugin/mms_plugin/MmsPluginDecode.cpp b/plugin/mms_plugin/MmsPluginDecode.cpp
index 49e1368..db8eccb 100755
--- a/plugin/mms_plugin/MmsPluginDecode.cpp
+++ b/plugin/mms_plugin/MmsPluginDecode.cpp
@@ -1345,14 +1345,14 @@ static bool __MmsBinaryDecodeParameter(FILE *pFile, MsgType *pMsgType, int value
 							memset(pMsgType->param.szBoundary, 0, MSG_BOUNDARY_LEN + 1);
 							strncpy(pMsgType->param.szBoundary, szTypeValue, MSG_BOUNDARY_LEN);
 #ifdef FEATURE_JAVA_MMS
-						} else if (strcasecmp(szTypeString, "Application-ID") == 0) {
+						} else if (g_ascii_strcasecmp(szTypeString, "Application-ID") == 0) {
 							pMsgType->param.szApplicationID = (char*) calloc(1, textLength + 1);
 							if (pMsgType->param.szApplicationID) {
 								memset(pMsgType->param.szApplicationID, 0, textLength + 1);
 								strncpy(pMsgType->param.szApplicationID, szTypeValue, textLength);
 								MSG_SEC_DEBUG("Application-ID:%s", pMsgType->param.szApplicationID);
 							}
-						} else if (strcasecmp(szTypeString, "Reply-To-Application-ID") == 0) {
+						} else if (g_ascii_strcasecmp(szTypeString, "Reply-To-Application-ID") == 0) {
 							pMsgType->param.szReplyToApplicationID = (char*)calloc(1, textLength + 1);
 							if (pMsgType->param.szReplyToApplicationID) {
 								memset(pMsgType->param.szReplyToApplicationID, 0, textLength + 1);
diff --git a/plugin/sms_plugin/SmsPluginCbMsgHandler.cpp b/plugin/sms_plugin/SmsPluginCbMsgHandler.cpp
index 1280b65..da8f06c 100755
--- a/plugin/sms_plugin/SmsPluginCbMsgHandler.cpp
+++ b/plugin/sms_plugin/SmsPluginCbMsgHandler.cpp
@@ -454,12 +454,16 @@ void SmsPluginCbMsgHandler::Decode3gCbMsg(TelSmsCbMsg_t *pCbMsg, SMS_CBMSG_PAGE_
 		for (int i = 0; i < pCbPage->pageHeader.totalPages; ++i) {
 			if (pCbPage->pageHeader.dcs.iso639Lang[0]) {
 				dataLen = cbData[7+(i+1)*82 + i] - 2;
-				memcpy(cbMessage + offset, &cbData[7+(i*82)+ i + 2], dataLen);
-				offset += dataLen;
+				if (dataLen > 0) {
+					memcpy(cbMessage + offset, &cbData[7+(i*82)+ i + 2], dataLen);
+					offset += dataLen;
+				}
 			} else {
 				dataLen = cbData[7+(i+1)*82 + i];
-				memcpy(cbMessage + offset, &cbData[7+(i*82)+ i], dataLen);
-				offset += dataLen;
+				if (dataLen > 0) {
+					memcpy(cbMessage + offset, &cbData[7+(i*82)+ i], dataLen);
+					offset += dataLen;
+				}
 			}
 		}
 		dataLen = offset;
diff --git a/plugin/sms_plugin/SmsPluginParamCodec.cpp b/plugin/sms_plugin/SmsPluginParamCodec.cpp
index 61e4641..d605b62 100755
--- a/plugin/sms_plugin/SmsPluginParamCodec.cpp
+++ b/plugin/sms_plugin/SmsPluginParamCodec.cpp
@@ -46,31 +46,37 @@ int SmsPluginParamCodec::encodeAddress(const SMS_ADDRESS_S *pAddress, char **ppP
 
 	SMS_TON_T ton;
 
-	*ppParam = new char[MAX_ADD_PARAM_LEN];
+	char *tempParam = new char[MAX_ADD_PARAM_LEN];
+	if (tempParam == NULL)
+		return 0;
+
+	memset(tempParam, 0x00, sizeof(char)*MAX_ADD_PARAM_LEN);
 
 	/* Set Address Length */
 	if (temp[0] == '+') {
-		(*ppParam)[offset++] = strlen(temp) - 1;
+		tempParam[offset++] = strlen(temp) - 1;
 		temp++;
 
 		ton = SMS_TON_INTERNATIONAL;
 	} else {
-		(*ppParam)[offset++] = strlen(temp);
+		tempParam[offset++] = strlen(temp);
 
 		ton = pAddress->ton;
 	}
 
 	/* Set TON, NPI */
-	(*ppParam)[offset++] = 0x80 + (ton << 4) + pAddress->npi;
+	tempParam[offset++] = 0x80 + (ton << 4) + pAddress->npi;
 
-	MSG_DEBUG("Address length is %d.", (*ppParam)[0]);
+	MSG_DEBUG("Address length is %d.", tempParam[0]);
 	MSG_DEBUG("pAddress->ton : %d.", ton);
 	MSG_DEBUG("pAddress->npi : %d.", pAddress->npi);
 
-	length = convertDigitToBcd(temp, strlen(temp), (unsigned char *) &((*ppParam)[offset]));
+	length = convertDigitToBcd(temp, strlen(temp), (unsigned char *) &(tempParam[offset]));
 
 	offset += length;
 
+	*ppParam = tempParam;
+
 	return offset ;
 }
 
diff --git a/plugin/sms_plugin/SmsPluginSetting.cpp b/plugin/sms_plugin/SmsPluginSetting.cpp
index dfc38c2..56b3ea7 100755
--- a/plugin/sms_plugin/SmsPluginSetting.cpp
+++ b/plugin/sms_plugin/SmsPluginSetting.cpp
@@ -1664,9 +1664,13 @@ bool SmsPluginSetting::getMailboxInfoEvent()
 {
 	int ret = 0;
 
+	mx.lock();
+
 	bTapiResult = false;
 	ret = cv.timedwait(mx.pMsgMutex(), MAX_TAPI_SIM_API_TIMEOUT);
 
+	mx.unlock();
+
 	if (ret == ETIMEDOUT) {
 		MSG_DEBUG("WARNING: TAPI callback TIME-OUT");
 		return false;
diff --git a/utils/MsgSmil.cpp b/utils/MsgSmil.cpp
index b36737f..afd42ab 100755
--- a/utils/MsgSmil.cpp
+++ b/utils/MsgSmil.cpp
@@ -304,10 +304,10 @@ int MsgSmilGetTime(char *pValue)
 	if (strstr(pValue, "ms"))
 		bMSec = true;
 
-	pTemp = (char *)malloc(strlen(pValue) + 1);
+	pTemp = (char *)calloc(1, strlen(pValue) + 1);
 
 	if (NULL == pTemp) {
-		MSG_DEBUG("malloc for <time> attribute is failed");
+		MSG_DEBUG("calloc for <time> attribute is failed");
 		return 0;
 	}
 
-- 
2.7.4