From 287c1a5005205fcd21ed850379fcf904c9583c75 Mon Sep 17 00:00:00 2001 From: saerome kim Date: Fri, 21 Dec 2018 10:31:38 +0900 Subject: [PATCH] Fixed coverity issue - Unchecked return value Change-Id: Id5ffd8bf28ce0184d29006b26bf2048626777d22 Signed-off-by: saerome kim (cherry picked from commit 3b0521e65e6097a95980f9ac87abfd9938d11795) --- packaging/capi-network-zigbee.spec | 2 +- src/zbl-dbus.c | 98 ++++++++++++++++++++++++++++---------- 2 files changed, 75 insertions(+), 25 deletions(-) diff --git a/packaging/capi-network-zigbee.spec b/packaging/capi-network-zigbee.spec index 22844fa..badc3eb 100644 --- a/packaging/capi-network-zigbee.spec +++ b/packaging/capi-network-zigbee.spec @@ -1,6 +1,6 @@ %define major 0 %define minor 1 -%define patchlevel 3 +%define patchlevel 4 Name: capi-network-zigbee Summary: Network Zigbee Service in Tizen CAPI diff --git a/src/zbl-dbus.c b/src/zbl-dbus.c index 5abfd81..afb2831 100644 --- a/src/zbl-dbus.c +++ b/src/zbl-dbus.c @@ -826,7 +826,10 @@ static void _zbl_signal_handler(GDBusConnection *connection, /* String */ case ZB_ZCL_OCTET_STRING: case ZB_ZCL_CHARACTER_STRING: - g_variant_iter_loop(data_iter, "(y)", &value); + if (FALSE == g_variant_iter_loop(data_iter, "(y)", &value)) { + ERR("No Data"); + goto EXIT_EVENT_HANDLER; + } data_size = value + 1; records[j]->value = calloc(data_size, sizeof(unsigned char)); if (NULL == records[j]->value) { @@ -847,16 +850,25 @@ static void _zbl_signal_handler(GDBusConnection *connection, records[j]->value[dsizeIndex] = value; dsizeIndex++; for (i = dsizeIndex; i < data_size - 2; i++) { - g_variant_iter_loop(data_iter, "(y)", &value); + if (FALSE == g_variant_iter_loop(data_iter, "(y)", &value)) { + ERR("No Data"); + goto EXIT_EVENT_HANDLER; + } records[j]->value[i] = value; } g_variant_iter_free(data_iter); break; case ZB_ZCL_LONG_OCTET_STRING: case ZB_ZCL_LONG_CHARACTER_STRING: - g_variant_iter_loop(data_iter, "(y)", &value); + if (FALSE == g_variant_iter_loop(data_iter, "(y)", &value)) { + ERR("No Data"); + goto EXIT_EVENT_HANDLER; + } dSize[0] = value; - g_variant_iter_loop(data_iter, "(y)", &value); + if (FALSE == g_variant_iter_loop(data_iter, "(y)", &value)) { + ERR("No Data"); + goto EXIT_EVENT_HANDLER; + } dSize[1] = value; data_size = dSize[1]; data_size = (data_size << 8) | dSize[0]; @@ -883,7 +895,10 @@ static void _zbl_signal_handler(GDBusConnection *connection, dsizeIndex++; for (i = dsizeIndex; i < data_size - 2; i++) { - g_variant_iter_loop(data_iter, "(y)", &value); + if (FALSE == g_variant_iter_loop(data_iter, "(y)", &value)) { + ERR("No Data"); + goto EXIT_EVENT_HANDLER; + } records[j]->value[i] = value; } g_variant_iter_free(data_iter); @@ -931,10 +946,12 @@ static void _zbl_signal_handler(GDBusConnection *connection, } if (data_size != 0xFF) { for (i = 0; i < data_size; i++) { - if (g_variant_iter_loop(data_iter, "(y)", &value)) { - records[j]->value[i] = value; - DBG("value[%d] 0x%02X", i, records[j]->value[i]); + if (FALSE == g_variant_iter_loop(data_iter, "(y)", &value)) { + ERR("No Data"); + goto EXIT_EVENT_HANDLER; } + records[j]->value[i] = value; + DBG("value[%d] 0x%02X", i, records[j]->value[i]); } } g_variant_iter_free(data_iter); @@ -2031,10 +2048,13 @@ static void __zbl_zdo_mgmt_bind_req(zbl_req_cb_s *container, GVariant *parameter } for (i = 0; i < binding_table_list_count; i++) { - g_variant_iter_loop(rsp_iter, "(ayyqyqayy)", &mac_iter, + if (FALSE == g_variant_iter_loop(rsp_iter, "(ayyqyqayy)", &mac_iter, &records[i]->src_ep, &records[i]->clusterid, &records[i]->dst_addr_mode, &dst_addr16, - &destep_iter, &dst_ep); + &destep_iter, &dst_ep)) { + ERR("No Data"); + goto MGMT_NWK_BIND_REQ_OUT; + } if (NULL == mac_iter) { ERR("Invalid parameter !"); goto MGMT_NWK_BIND_REQ_OUT; @@ -2045,14 +2065,20 @@ static void __zbl_zdo_mgmt_bind_req(zbl_req_cb_s *container, GVariant *parameter } for (j = 0; j < 8; j++) { - g_variant_iter_loop(mac_iter, "y", &value); + if (FALSE == g_variant_iter_loop(mac_iter, "y", &value)) { + ERR("No Data"); + goto MGMT_NWK_BIND_REQ_OUT; + } records[i]->src_addr64[j] = value; } g_variant_iter_free(mac_iter); if (0x03 == records[i]->dst_addr_mode) { for (j = 0; j < 8; j++) { - g_variant_iter_loop(destep_iter, "y", &value); + if (FALSE == g_variant_iter_loop(destep_iter, "y", &value)) { + ERR("No Data"); + break; + } records[i]->dst_addr64[j] = value; } g_variant_iter_free(destep_iter); @@ -2120,21 +2146,30 @@ static void __zbl_zdo_mgmt_lqi_req(zbl_req_cb_s *container, GVariant *parameters } } for (i = 0; i < neighbor_table_list_count; i++) { - g_variant_iter_loop(resp_iter, "(ayayyqyyyyy)", + if (FALSE == g_variant_iter_loop(resp_iter, "(ayayyqyyyyy)", &mac_iter, &mac_iter1, &records[i]->device_type, &records[i]->addr16, &records[i]->rx_on_when_idle, &records[i]->relationship, &records[i]->permit_joining, &records[i]->depth, - &records[i]->lqi); + &records[i]->lqi)) { + ERR("No Data"); + goto MGMT_LQI_REQ_OUT; + } if (NULL == mac_iter || NULL == mac_iter1) { ERR("Invalid parameter !"); goto MGMT_LQI_REQ_OUT; } for (j = 0; j < 8; j++) { - g_variant_iter_loop(mac_iter, "y", &value); + if (FALSE == g_variant_iter_loop(mac_iter, "y", &value)) { + ERR("No Data"); + goto MGMT_LQI_REQ_OUT; + } records[i]->extended_pan_id[j] = value; - g_variant_iter_loop(mac_iter1, "y", &value); + if (FALSE == g_variant_iter_loop(mac_iter1, "y", &value)) { + ERR("No Data"); + goto MGMT_LQI_REQ_OUT; + } records[i]->addr64[j] = value; } g_variant_iter_free(mac_iter); @@ -2202,10 +2237,13 @@ static void __zbl_zdo_mgmt_rtg_req(zbl_req_cb_s *container, GVariant *parameters } for (i = 0; i < routing_table_list_count; i++) { - g_variant_iter_loop(rsp_iter, "(qyyyyq)", &records[i]->dst_addr, + if (FALSE == g_variant_iter_loop(rsp_iter, "(qyyyyq)", &records[i]->dst_addr, &records[i]->status, &records[i]->memory_constrained, &records[i]->route_record_required, - &records[i]->many_to_one, &records[i]->next_hop_addr); + &records[i]->many_to_one, &records[i]->next_hop_addr)) { + WARN("No more data"); + break; + } } g_variant_iter_free(rsp_iter); @@ -2261,18 +2299,24 @@ static void __zbl_zdo_mgmt_nwk_disc_req(zbl_req_cb_s *container, GVariant *param } } for (i = 0; i < nwk_list_count; i++) { - g_variant_iter_loop(resp_iter, "(ayyyyyyy)", + if (FALSE == g_variant_iter_loop(resp_iter, "(ayyyyyyy)", &mac_iter, &records[i]->logical_channel, &records[i]->stack_profile, &records[i]->zigbee_version, &records[i]->beacon_order, - &records[i]->superframe_order, &records[i]->permit_joining); + &records[i]->superframe_order, &records[i]->permit_joining)) { + ERR("No Data"); + break; + } if (NULL == mac_iter) { ERR("Invalid parameter !"); goto MGMT_NWK_DISC_REQ_OUT; } for (j = 0; j < 8; j++) { - g_variant_iter_loop(mac_iter, "y", &value); + if (FALSE == g_variant_iter_loop(mac_iter, "y", &value)) { + ERR("No Data"); + break; + } records[i]->extended_pan_id[j] = value; } g_variant_iter_free(mac_iter); @@ -2865,9 +2909,12 @@ static void __zbl_zcl_global_read_config_reporting_req(zbl_req_cb_s *container, } for (i = 0; i < record_length; i++) { - g_variant_iter_loop(resp_iter, "(yyqyqqayq)", &status[i], &records[i]->dir, + if (FALSE == g_variant_iter_loop(resp_iter, "(yyqyqqayq)", &status[i], &records[i]->dir, &records[i]->id, &records[i]->type, &records[i]->max_i, &records[i]->min_i, - &data_iter, &records[i]->to); + &data_iter, &records[i]->to)) { + ERR("No Data"); + goto GLOBAL_READ_CONFIGURE_REPORTING_REQ_OUT; + } if (NULL == data_iter) { ERR("Invalid parameter !"); goto GLOBAL_READ_CONFIGURE_REPORTING_REQ_OUT; @@ -2949,7 +2996,10 @@ static void __zbl_zcl_group_view_group_req(zbl_req_cb_s *container, GVariant *pa goto GROUP_VIEW_GROUP_REQ_OUT; } - g_variant_iter_loop(grpNameiter, "y", &value); + if (FALSE == g_variant_iter_loop(grpNameiter, "y", &value)) { + ERR("No Data"); + goto GROUP_VIEW_GROUP_REQ_OUT; + } /* first byte indicates the length of the string */ if ((value - '0') > 0) { DBG("Value %d ", (value - '0')); -- 2.7.4