From 69984942cd24d206a3877724f4262e6792bbacef Mon Sep 17 00:00:00 2001
From: Hwankyu Jhun <h.jhun@samsung.com>
Date: Wed, 18 Apr 2018 09:05:10 +0900
Subject: [PATCH] Fix static analysis issues

- Prevents integer overflow
- Fix memory leak

Change-Id: I3cb5e053fc2ac7659fad2fa9bb6b8e19ebc4e58c
Signed-off-by: Hwankyu Jhun <h.jhun@samsung.com>
---
 src/tool/preference_tool.c | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/tool/preference_tool.c b/src/tool/preference_tool.c
index 4990933..cbf8c2e 100644
--- a/src/tool/preference_tool.c
+++ b/src/tool/preference_tool.c
@@ -502,7 +502,10 @@ static int _print_pref_value_from_file_path(const char *path,
 	double value_dbl = 0;
 	char file_buf[BUF_LEN] = {0,};
 	char *value_str = NULL;
-	int value_size = 0;
+	size_t value_size = 0;
+	size_t diff;
+	size_t file_buf_size;
+	char *new_value_str;
 
 	fp = fopen(path, "r");
 	if (fp == NULL) {
@@ -577,12 +580,20 @@ static int _print_pref_value_from_file_path(const char *path,
 	case PREFERENCE_TYPE_STRING:
 		while (fgets(file_buf, sizeof(file_buf), fp)) {
 			if (value_str) {
-				value_size += strlen(file_buf);
-				value_str = (char *)realloc(value_str,
+				file_buf_size = strlen(file_buf);
+				diff = INT_MAX - file_buf_size;
+				if (value_size > diff) {
+					printf("Integer overflow\n");
+					break;
+				}
+
+				value_size += file_buf_size;
+				new_value_str = (char *)realloc(value_str,
 						value_size);
-				if (value_str == NULL)
+				if (new_value_str == NULL)
 					break;
 
+				value_str = new_value_str;
 				strncat(value_str, file_buf, strlen(file_buf));
 			} else {
 				value_size = strlen(file_buf) + 1;
@@ -654,12 +665,14 @@ static int _restore(const char *pkgid)
 			if (ret < 0) {
 				printf("create new prefer key failed (%d)\n",
 						ret);
+				sqlite3_finalize(stmt);
 				return -1;
 			}
 		} else {
 			break;
 		}
 	}
+	sqlite3_finalize(stmt);
 
 	return 0;
 }
-- 
2.34.1