From 7e278a8c510dae9549741c2f25c2c50ff6bb05cd Mon Sep 17 00:00:00 2001
From: Minje Ahn <minje.ahn@samsung.com>
Date: Tue, 25 Jul 2017 10:43:21 +0900
Subject: [PATCH] Fix svace defects

Change-Id: I8777be6887041dfcb3d31fc4640a1af8fa6b5590
Signed-off-by: Minje Ahn <minje.ahn@samsung.com>
---
 test/metadata_editor_test.c | 50 +++++++++++++++++++++++++++++++------
 1 file changed, 43 insertions(+), 7 deletions(-)

diff --git a/test/metadata_editor_test.c b/test/metadata_editor_test.c
index 76ad7e6..1f84eb3 100755
--- a/test/metadata_editor_test.c
+++ b/test/metadata_editor_test.c
@@ -18,10 +18,12 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <limits.h>
 
 #include <metadata_editor.h>
 
 #define SAFE_FREE(src)		{ if (src) {free(src); src = NULL; } }
+#define FILE_NAME_SIZE 30
 
 int dummy;
 
@@ -32,6 +34,32 @@ static bool __write_tag_info(metadata_editor_h metadata);
 static bool __add_picture(metadata_editor_h metadata);
 static bool __delete_pictures(metadata_editor_h metadata);
 
+
+static int __safe_atoi(char *buffer, int *si)
+{
+	char *end = NULL;
+	errno = 0;
+	if (buffer == NULL || si == NULL)
+		return METADATA_EDITOR_ERROR_INVALID_PARAMETER;
+
+	const long sl = strtol(buffer, &end, 10);
+
+	if (end == buffer)
+		return METADATA_EDITOR_ERROR_INVALID_PARAMETER;
+	if ('\0' != *end)
+		return METADATA_EDITOR_ERROR_INVALID_PARAMETER;
+	if ((LONG_MIN == sl || LONG_MAX == sl) && (ERANGE == errno))
+		return METADATA_EDITOR_ERROR_INVALID_PARAMETER;
+	if (sl > INT_MAX)
+		return METADATA_EDITOR_ERROR_INVALID_PARAMETER;
+	if (sl < INT_MIN)
+		return METADATA_EDITOR_ERROR_INVALID_PARAMETER;
+
+	*si = (int)sl;
+
+	return METADATA_EDITOR_ERROR_NONE;
+}
+
 void __flush()
 {
 	int c;
@@ -131,19 +159,27 @@ static bool __get_tag_info(metadata_editor_h metadata)
 #endif
 		if (ret != METADATA_EDITOR_ERROR_NONE)		printf("Fail metadata_editor_get_metadata() at line [%d]\n", __LINE__);
 		else if ((ret == METADATA_EDITOR_ERROR_NONE) && picture_index) {
-			uint num, i;
-			num = atoi(picture_index);
+			int num = 0, i;
+			ret = __safe_atoi(picture_index, &num);
+			if (ret != METADATA_EDITOR_ERROR_NONE || num < 0)
+				return true;
+
 			printf("Number of pictures: %u\n", num);
+
 			for (i = 0; i < num; ++i) {
 				ret = metadata_editor_get_picture(metadata, i, &picture, &picture_size, &picture_type);
 				/*__printRetValue("metadata_editor_get_picture(...)", ret); */
 				if (ret == METADATA_EDITOR_ERROR_NONE && picture) {
 					printf("Saving picture number %u\n", i);
-					int size = 30;
-					char picture_file_name[size];
-					snprintf(picture_file_name, size, "outputFile_%u" , i + 1);
-					if (strncmp(picture_type, "image/jpeg", strlen("image/jpeg")) == 0)		strncat(picture_file_name, ".jpg", strlen(".jpg"));
-					else if (strncmp(picture_type, "image/png", strlen("image/jpeg")) == 0)	strncat(picture_file_name, ".png", strlen(".png"));
+					char picture_file_name[FILE_NAME_SIZE] = {0, };
+
+					memset(picture_file_name, 0, sizeof(picture_file_name));
+
+					if (strncmp(picture_type, "image/jpeg", strlen("image/jpeg")) == 0)
+						snprintf(picture_file_name, FILE_NAME_SIZE, "outputFile_%u.jpg", i + 1);
+					else if (strncmp(picture_type, "image/png", strlen("image/png")) == 0)
+						snprintf(picture_file_name, FILE_NAME_SIZE, "outputFile_%u.png", i + 1);
+
 					FILE *fout = fopen(picture_file_name, "wb");
 					if (fout) {
 						fwrite(picture, picture_size, 1, fout);
-- 
2.34.1