From 5ae69c8554258b1ffd96ae597111209a6053c40c Mon Sep 17 00:00:00 2001
From: Jinhyung Jo <jinhyung.jo@samsung.com>
Date: Wed, 21 Jun 2017 20:28:48 +0900
Subject: [PATCH] source: remove integer underflow

Change-Id: Ie6987bb833fa1061409ccd3a8b4abddf4e281cc7
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
---
 src/sockets.c          | 23 +++++++++++------------
 src/transport.c        | 17 ++++++++---------
 src/usb_linux_client.c | 35 ++++++++++++++++++-----------------
 3 files changed, 37 insertions(+), 38 deletions(-)

diff --git a/src/sockets.c b/src/sockets.c
index b81d6a3..9711613 100644
--- a/src/sockets.c
+++ b/src/sockets.c
@@ -324,37 +324,36 @@ static void local_socket_event_func(int fd, unsigned ev, void *_s)
 		// sdbdìì í¨í· ë°ì´í°ë¥¼ MAX_PAYLOAD - 200ë¡ ì¡ìì ìí¸í íê²ëë©´ 
 		// ìµë MAX_PAYLOAD - 100 í¬ê¸°ì í¨í·ì ìì±íê² ë¨.
 		const size_t max_payload = asock_get_max_payload(s) - 200;
-        size_t avail = max_payload;
 #else
         const size_t max_payload = asock_get_max_payload(s);
-		size_t avail = max_payload;
 #endif
-
+        int avail = max_payload;
         int r = 0;
         int is_eof = 0;
 
-        while(avail > 0) {
+        while (avail > 0) {
             r = sdb_read(fd, x, avail);
-            D("LS(%d): post sdb_read(fd=%d,...) r=%d (errno=%d) avail=%zu\n", s->id, s->fd, r, r<0?errno:0, avail);
-            if(r > 0 && r <= avail) {
+            D("LS(%d): post sdb_read(fd=%d,...) r=%d (errno=%d) avail=%d\n",
+              s->id, s->fd, r, r < 0 ? errno : 0, avail);
+            if (r > 0 && r <= avail) {
                 avail -= r;
                 x += r;
                 continue;
             }
-            if(r < 0) {
-                if(errno == EAGAIN) break;
-                if(errno == EINTR) continue;
+            if (r < 0) {
+                if (errno == EAGAIN) break;
+                if (errno == EINTR) continue;
             }
 
-                /* r = 0 or unhandled error */
+            /* r = 0 or unhandled error */
             is_eof = 1;
             break;
         }
         D("LS(%d): fd=%d post avail loop. r=%d is_eof=%d forced_eof=%d\n",
           s->id, s->fd, r, is_eof, s->fde.force_eof);
 
-    	//ë³ê²½ë ìµë í¨í· í¬ê¸°ë¡ ì½ë ìì 
-        if((avail == max_payload) || (s->peer == 0)) {
+        //ë³ê²½ë ìµë í¨í· í¬ê¸°ë¡ ì½ë ìì 
+        if ((avail == max_payload) || (s->peer == 0)) {
             put_apacket(p);
         } else {
             p->len = max_payload >= avail ? max_payload - avail : 0;
diff --git a/src/transport.c b/src/transport.c
index 855c02d..7eb9e95 100644
--- a/src/transport.c
+++ b/src/transport.c
@@ -434,7 +434,7 @@ static int
 transport_read_action(int  fd, struct tmsg*  m)
 {
     char *p   = (char*)m;
-    size_t   len = sizeof(*m);
+    int   len = sizeof(*m);
     int   r;
 
     while (len > 0) {
@@ -872,14 +872,13 @@ int readx(int fd, void *ptr, size_t len)
 {
     char *p = ptr;
     int r;
-#if SDB_TRACE
-    size_t  len0 = len;
-#endif
+    int l = len;
+
     D("readx: fd=%d wanted=%zu\n", fd, len);
-    while(len > 0) {
+    while (l > 0) {
         r = sdb_read(fd, p, len);
-        if(r > 0 && r <= len) {
-            len -= r;
+        if (r > 0 && r <= l) {
+            l -= r;
             p += r;
         } else {
             if (r < 0) {
@@ -894,8 +893,8 @@ int readx(int fd, void *ptr, size_t len)
     }
 
 #if SDB_TRACE
-    D("readx: fd=%d wanted=%zu got=%zu\n", fd, len0, len0 - len);
-    dump_hex( ptr, len0 );
+    D("readx: fd=%d wanted=%zu got=%zu\n", fd, len, len - l);
+    dump_hex( ptr, len );
 #endif
     return 0;
 }
diff --git a/src/usb_linux_client.c b/src/usb_linux_client.c
index ea9d7e6..a4840c9 100644
--- a/src/usb_linux_client.c
+++ b/src/usb_linux_client.c
@@ -98,25 +98,26 @@ int linux_usb_write(usb_handle *h, const void *data, int len)
 
 int linux_usb_read(usb_handle *h, void *data, size_t len)
 {
-      D("about to read (fd=%d, len=%zu)\n", h->fd, len);
-        while (len > 0) {
-            /* The sdb_read does not support read larger than 4096 bytes at once.
-               Read 4096 byte block repeatedly when reading data is larger than 4096 bytes. */
-            int bytes_to_read = len < 4096 ? len : 4096;
-            int n = sdb_read(h->fd, data, bytes_to_read);
-            if(n < 0) {
-                if(errno == EINTR) {
-                    continue;
-                } else {
-                    D("ERROR: fd = %d, n = %d, errno = %d\n", h->fd, n, errno);
-                    return -1;
-                }
+    D("about to read (fd=%d, len=%zu)\n", h->fd, len);
+    int l = len;
+    while (l > 0) {
+        /* The sdb_read does not support read larger than 4096 bytes at once.
+           Read 4096 byte block repeatedly when reading data is larger than 4096 bytes. */
+        int bytes_to_read = l < 4096 ? l : 4096;
+        int n = sdb_read(h->fd, data, bytes_to_read);
+        if (n < 0) {
+            if (errno == EINTR) {
+                continue;
+            } else {
+                D("ERROR: fd = %d, n = %d, errno = %d\n", h->fd, n, errno);
+                return -1;
             }
-            len = len >= n ? len - n : 0;
-            data = ((char*) data) + n;
         }
-        D("[ done fd=%d ]\n", h->fd);
-        return 0;
+        l = (l >= n) ? l - n : 0;
+        data = ((char*)data) + n;
+    }
+    D("[ done fd=%d ]\n", h->fd);
+    return 0;
 }
 
 void linux_usb_init()
-- 
2.7.4