From 5e905976d27124a816ce99bf2305cb3cebef53e5 Mon Sep 17 00:00:00 2001
From: Sudipto <sudipto.bal@samsung.com>
Date: Thu, 25 Oct 2018 22:16:53 +0530
Subject: [PATCH] Heap corruption fixed

Change-Id: I4b0f613ddc9bd7d516f8193733d4d089df2bbb79
Signed-off-by: Sudipto <sudipto.bal@samsung.com>
---
 src/client/sensor_listener.cpp        | 2 +-
 src/server/server_channel_handler.cpp | 2 +-
 src/shared/command_types.h            | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/client/sensor_listener.cpp b/src/client/sensor_listener.cpp
index f20c3d1..96a7076 100644
--- a/src/client/sensor_listener.cpp
+++ b/src/client/sensor_listener.cpp
@@ -399,7 +399,7 @@ int sensor_listener::set_attribute(int attribute, const char *value, int len)
 	buf->listener_id = m_id;
 	buf->attribute = attribute;
 
-	memcpy(buf->value, value, len);
+	memcpy(&buf->value, value, len);
 	buf->len = len;
 
 	msg.enclose((char *)buf, size);
diff --git a/src/server/server_channel_handler.cpp b/src/server/server_channel_handler.cpp
index 149c32e..a62b75b 100644
--- a/src/server/server_channel_handler.cpp
+++ b/src/server/server_channel_handler.cpp
@@ -265,7 +265,7 @@ int server_channel_handler::listener_attr_str(channel *ch, message &msg)
 		return -EACCES;
 	}
 
-	int ret = m_listeners[id]->set_attribute(buf->attribute, buf->value, buf->len);
+	int ret = m_listeners[id]->set_attribute(buf->attribute, (char *)&buf->value, buf->len);
 	if (ret < 0) {
 		delete [] buf;
 		return ret;
diff --git a/src/shared/command_types.h b/src/shared/command_types.h
index d28107d..34cb5fc 100644
--- a/src/shared/command_types.h
+++ b/src/shared/command_types.h
@@ -88,7 +88,7 @@ typedef struct  {
 	int listener_id;
 	int attribute;
 	int len;
-	char *value;
+	char value[0];
 } cmd_listener_attr_str_t;
 
 typedef struct {
-- 
2.7.4