From 459016d587d5f538ab0a228f57cad8a179287113 Mon Sep 17 00:00:00 2001
From: "wn.jang" <wn.jang@samsung.com>
Date: Thu, 13 Oct 2022 11:16:23 +0900
Subject: [PATCH] Fix stack-buffer-overflow issue which is detected by ASAN

Cause: A buffer overflow occurs because 4 bytes access occurs
       when the value is changeed as it is converted to (int*)
       even though it is set as 1 byte pool variable.

Soluetion: Use bool* instead of int* is_system_cmd_valid.

This issue is described on code.sec.samsung.net/jira/browse/TSEVEN-2604

Change-Id: I4d8dae44234d4879b99c75296244018b45e85e69
---
 server/vcd_server.c | 2 +-
 server/vcd_server.h | 2 +-
 server/vcd_tidl.c   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/vcd_server.c b/server/vcd_server.c
index 868a681..f0b1b3c 100644
--- a/server/vcd_server.c
+++ b/server/vcd_server.c
@@ -2592,7 +2592,7 @@ int vcd_server_dialog(int pid, const char* disp_text, const char* utt_text, int
 	return VCD_ERROR_NONE;
 }
 
-int vcd_server_is_system_command_valid(int pid, int* is_sys_cmd_valid)
+int vcd_server_is_system_command_valid(int pid, bool* is_sys_cmd_valid)
 {
 	/* check if pid is valid */
 	if (false == vcd_client_is_available(pid) && false == vcd_client_widget_is_available(pid)) {
diff --git a/server/vcd_server.h b/server/vcd_server.h
index 4f1286d..999083e 100644
--- a/server/vcd_server.h
+++ b/server/vcd_server.h
@@ -107,7 +107,7 @@ int vcd_server_set_server_dialog(int pid, const char* app_id, const char* creden
 
 int vcd_server_dialog(int pid, const char* disp_text, const char* utt_text, int continuous);
 
-int vcd_server_is_system_command_valid(int pid, int* is_sys_cmd_valid);
+int vcd_server_is_system_command_valid(int pid, bool* is_sys_cmd_valid);
 
 #if 0
 int vcd_server_set_exclusive_command(int pid, bool value);
diff --git a/server/vcd_tidl.c b/server/vcd_tidl.c
index 08060ca..7d8abfe 100644
--- a/server/vcd_tidl.c
+++ b/server/vcd_tidl.c
@@ -589,7 +589,7 @@ static int __vc_is_system_command_valid_cb(rpc_port_stub_vcd_stub_vc_context_h c
 
 	int ret = VCD_ERROR_OPERATION_FAILED;
 
-	ret = vcd_server_is_system_command_valid(pid, (int*)is_sys_cmd_valid);
+	ret = vcd_server_is_system_command_valid(pid, is_sys_cmd_valid);
 	if (VCD_ERROR_NONE == ret) {
 		SLOG(LOG_INFO, TAG_VCD, "[IN] vcd check system command is valid : pid(%d), is_sys_cmd_valid(%d)", pid, *is_sys_cmd_valid);
 	} else {
-- 
2.34.1