From c7f67094e5be6407a590f4c2cf86ab8ab8457bd8 Mon Sep 17 00:00:00 2001
From: Ahreum Jeong <ahreum.jeong@samsung.com>
Date: Fri, 29 Sep 2017 17:15:07 +0900
Subject: [PATCH] Fix svace issue in st_things

- cloud_manager.c
 . Expression 'ES_STATE_INIT <= es_state' is always true , which may be caused by a logical error

- things_data_manager.c
 . Return value of a function 'cJSON_GetObjectItem' is dereferenced at things_data_manager.c:991 without checking, but it is usually checked for this function (79/83).
---
 .../src/st_things/things_stack/src/common/cloud/cloud_manager.c   | 2 +-
 .../things_stack/src/common/framework/things_data_manager.c       | 8 ++++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/framework/src/st_things/things_stack/src/common/cloud/cloud_manager.c b/framework/src/st_things/things_stack/src/common/cloud/cloud_manager.c
index 5da26a1..b252b0b 100644
--- a/framework/src/st_things/things_stack/src/common/cloud/cloud_manager.c
+++ b/framework/src/st_things/things_stack/src/common/cloud/cloud_manager.c
@@ -2058,7 +2058,7 @@ GOTO_OUT:
 bool es_cloud_session_stop_trigger(things_es_enrollee_state_e es_state)
 {
 	if (g_qis_cloud_thread_running != CISESS_APDISCON) {
-		if ((g_qis_cloud_thread_running == CISESS_STOP_TRIGGER || (ES_STATE_INIT <= es_state && es_state <= ES_STATE_CONNECTED_TO_ENROLLER))
+		if ((g_qis_cloud_thread_running == CISESS_STOP_TRIGGER || es_state <= ES_STATE_CONNECTED_TO_ENROLLER)
 			&& g_qis_cloud_thread_running != CISESS_SIGNOUT && es_get_cloud_login_state() == true) {
 			THINGS_LOG_D(THINGS_DEBUG, TAG, "Sign-Out Start.");
 			log_in_out_to_cloud(false, NULL);
diff --git a/framework/src/st_things/things_stack/src/common/framework/things_data_manager.c b/framework/src/st_things/things_stack/src/common/framework/things_data_manager.c
index e526417..6293cff 100644
--- a/framework/src/st_things/things_stack/src/common/framework/things_data_manager.c
+++ b/framework/src/st_things/things_stack/src/common/framework/things_data_manager.c
@@ -988,8 +988,12 @@ static int parse_things_info_json(const char *filename)
 										return 0;
 									}
 									cJSON *policy = cJSON_GetObjectItem(link, KEY_DEVICE_RESOURCE_POLICY);
-									link_resource->policy = policy->valueint;
-									node->collection[iter].links[linkiter] = link_resource;
+									if (policy) {
+										link_resource->policy = policy->valueint;
+										node->collection[iter].links[linkiter] = link_resource;
+									} else {
+										return 0;
+									}
 								}
 							} else {
 								return 0;
-- 
2.7.4