From b891c520574656884c1f1f3a12e13acd421e61a7 Mon Sep 17 00:00:00 2001
From: Alexander Aksenov <a.aksenov@samsung.com>
Date: Mon, 19 Feb 2018 14:43:56 +0300
Subject: [PATCH] Fix SVACE issues

- received size packing, casting signed to unsigned;
- graphics __ui_array_to_str()

Change-Id: I649d39aa491ee00b455a348f08db8c0e38b9da1f
Signed-off-by: Alexander Aksenov <a.aksenov@samsung.com>
---
 probe_graphics/da_gles20.inc | 10 ++++++++--
 probe_socket/libdasocket.c   |  8 ++++----
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/probe_graphics/da_gles20.inc b/probe_graphics/da_gles20.inc
index 2e2bcad..b7154ea 100644
--- a/probe_graphics/da_gles20.inc
+++ b/probe_graphics/da_gles20.inc
@@ -39,9 +39,13 @@ static __thread int is_gl_error_external = 1;
 static void __ui_array_to_str(char *to, GLuint *arr, int count, size_t bufsize)
 {
 	int i = 0, len = 0;
+	char *start = to;
 
 	for (i = 0; i < count; i++) {
-		if (bufsize < sizeof(GLuint) * 4) {
+		/* GLuint - 32 bit integer. Max value is 2147483647. So, for one
+		 * number we need 10 chars for numbers at max, 1 for comma,
+		 * 1 for space */
+		if (bufsize < 12) {
 			PRINTERR("too small buffer.");
 			break;
 		}
@@ -52,9 +56,11 @@ static void __ui_array_to_str(char *to, GLuint *arr, int count, size_t bufsize)
 		bufsize -= len;
 	}
 
-	if (count != 0) {
+	if (count != 0 && to > (start + 2)) {
 		to -= 2;
 		*to = '\0';
+	} else {
+		*start = '\0';
 	}
 }
 
diff --git a/probe_socket/libdasocket.c b/probe_socket/libdasocket.c
index 0cc515b..9c16cbb 100644
--- a/probe_socket/libdasocket.c
+++ b/probe_socket/libdasocket.c
@@ -256,7 +256,7 @@ HANDLER_WRAPPERS(network_feature, ssize_t, send, int, socket,
 	result = sret;
 	if (result < 0)
 		result = 0;
-	info.msg_total_size = (uint64_t)result;
+	info.msg_total_size = result >= 0 ? (uint64_t)result : 0;
 	info.msg_pack_size = result > SOCKET_SEND_SIZE ? SOCKET_SEND_SIZE
 						       : result;
 	info.msg_buf = messagP;
@@ -289,7 +289,7 @@ HANDLER_WRAPPERS(network_feature, ssize_t, recv, int, socket, void *, buffer,
 	result = sret;
 	if (result < 0)
 		result = 0;
-	info.msg_total_size = (uint64_t)result;
+	info.msg_total_size = result >= 0 ? (uint64_t)result : 0;
 	info.msg_pack_size = result > SOCKET_SEND_SIZE ? SOCKET_SEND_SIZE
 						       : result;
 	info.msg_buf = bufferP;
@@ -328,7 +328,7 @@ HANDLER_WRAPPERS(network_feature, ssize_t, sendto, int, socket,
 	result = sret;
 	if (result < 0)
 		result = 0;
-	info.msg_total_size = (uint64_t)result;
+	info.msg_total_size = result >= 0 ? (uint64_t)result : 0;
 	info.msg_pack_size = result > SOCKET_SEND_SIZE ? SOCKET_SEND_SIZE
 						       : result;
 	info.msg_buf = bufferP;
@@ -371,7 +371,7 @@ HANDLER_WRAPPERS(network_feature, ssize_t, recvfrom, int, socket,
 	result = sret;
 	if (result < 0)
 		result = 0;
-	info.msg_total_size = (uint64_t)result;
+	info.msg_total_size = result >= 0 ? (uint64_t)result : 0;
 	info.msg_pack_size = result > SOCKET_SEND_SIZE ? SOCKET_SEND_SIZE
 						       : result;
 	info.msg_buf = bufferP;
-- 
2.7.4