From 71ea94a19e0b58305aea045f71792a60ab029e6a Mon Sep 17 00:00:00 2001
From: YoungHun Kim <yh8004.kim@samsung.com>
Date: Tue, 26 Dec 2017 11:54:50 +0900
Subject: [PATCH] Fix the svace issue

 - buffer overflow; make sure this value is within bounds

Change-Id: If3e5a386317b4f794b18460ec39cae1b7ca76290
---
 packaging/mused.spec                 |  2 +-
 server/include/muse_server_private.h |  1 +
 server/src/muse_server_ipc.c         |  8 ++++++--
 server/src/muse_server_private.c     | 14 ++++++++++++++
 4 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/packaging/mused.spec b/packaging/mused.spec
index 0c376c5..17abc8c 100644
--- a/packaging/mused.spec
+++ b/packaging/mused.spec
@@ -1,6 +1,6 @@
 Name:       mused
 Summary:    A multimedia daemon
-Version:    0.3.22
+Version:    0.3.23
 Release:    0
 Group:      System/Libraries
 License:    Apache-2.0
diff --git a/server/include/muse_server_private.h b/server/include/muse_server_private.h
index cc7cdcd..08e9289 100644
--- a/server/include/muse_server_private.h
+++ b/server/include/muse_server_private.h
@@ -82,6 +82,7 @@ typedef struct ms_cmd_dispatch_info {
 
 void ms_init(void);
 muse_server_t *ms_get_instance(void);
+gboolean ms_check_module_idx(int idx);
 ms_module_t *ms_get_module_instance(int idx);
 int ms_deinit(void);
 void ms_check_memory(int pid);
diff --git a/server/src/muse_server_ipc.c b/server/src/muse_server_ipc.c
index aeb1893..48e5ff4 100644
--- a/server/src/muse_server_ipc.c
+++ b/server/src/muse_server_ipc.c
@@ -63,8 +63,12 @@ static void _ms_ipc_module_cleanup(muse_module_h m, void *jobj)
 
 static gboolean _ms_ipc_module_instance_creation_is_allowed(int module_idx)
 {
-	int max_instance = ms_get_instance()->conf->host_infos[module_idx]->max_instance;
-	int created_module_instance_count = muse_server_get_module_instance_count(module_idx);
+	int max_instance, created_module_instance_count;
+
+	g_return_val_if_fail(ms_check_module_idx(module_idx), FALSE);
+
+	max_instance = ms_get_instance()->conf->host_infos[module_idx]->max_instance;
+	created_module_instance_count = muse_server_get_module_instance_count(module_idx);
 
 	if (max_instance == UNLIMITED_INSTANCE || created_module_instance_count < max_instance) {
 		return TRUE;
diff --git a/server/src/muse_server_private.c b/server/src/muse_server_private.c
index 9eb262c..6a1751f 100644
--- a/server/src/muse_server_private.c
+++ b/server/src/muse_server_private.c
@@ -475,8 +475,22 @@ muse_server_t *ms_get_instance(void)
 	return muse_server;
 }
 
+gboolean ms_check_module_idx(int idx)
+{
+	int module_cnt = ms_config_get_host_cnt();
+
+	if (idx < 0 || idx >= module_cnt) {
+		LOGE("%d error - the number of modules is %d", idx, module_cnt);
+		return FALSE;
+	}
+
+	return TRUE;
+}
+
 ms_module_t *ms_get_module_instance(int idx)
 {
+	g_return_val_if_fail(ms_check_module_idx(idx), NULL);
+
 	return muse_server->module[idx];
 }
 
-- 
2.7.4