From d4ee09f44bd67d32c18648a7ace51a9b82dbd395 Mon Sep 17 00:00:00 2001
From: "jiyong.min" <jiyong.min@samsung.com>
Date: Wed, 24 Apr 2019 09:00:08 +0900
Subject: [PATCH] Add to copy & to release the input buffer recieved from
 application (To prevent crash when application release the buffer)

Change-Id: Idfd9e82516ccdc4b7ad4ad8e402dfe7a9a39321e
---
 src/image_util_decode.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/src/image_util_decode.c b/src/image_util_decode.c
index 9aa887e..0007b1a 100755
--- a/src/image_util_decode.c
+++ b/src/image_util_decode.c
@@ -158,10 +158,13 @@ int image_util_decode_set_input_path(image_util_decode_h handle, const char *pat
 	}
 
 	IMAGE_UTIL_SAFE_FREE(image_header);
+	IMAGE_UTIL_SAFE_G_FREE(_handle->path);
 
 	_handle->path = g_strndup(path, strlen(path));
 	image_util_retvm_if(_handle->path == NULL, IMAGE_UTIL_ERROR_OUT_OF_MEMORY, "OUT_OF_MEMORY");
 
+	IMAGE_UTIL_SAFE_FREE(_handle->src_buffer);
+
 	return err;
 }
 
@@ -173,14 +176,19 @@ int image_util_decode_set_input_buffer(image_util_decode_h handle, const unsigne
 	image_util_retvm_if(_handle == NULL, IMAGE_UTIL_ERROR_INVALID_PARAMETER, "Invalid Handle");
 	image_util_retvm_if((src_buffer == NULL || src_size < IMG_HEADER_LENGTH), IMAGE_UTIL_ERROR_INVALID_PARAMETER, "Invalid input buffer");
 
-	IMAGE_UTIL_SAFE_FREE(_handle->path);
-
 	err = _image_util_decode_check_image_type(src_buffer, &_handle->image_type);
 	image_util_retvm_if(err != IMAGE_UTIL_ERROR_NONE, err, "_image_util_decode_check_image_type failed");
 
-	_handle->src_buffer = (void *)src_buffer;
+	IMAGE_UTIL_SAFE_FREE(_handle->src_buffer);
+
+	_handle->src_buffer = calloc(1, src_size);
+	image_util_retvm_if(!_handle->src_buffer, IMAGE_UTIL_ERROR_OUT_OF_MEMORY, "OUT_OF_MEMORY");
+
+	memcpy(_handle->src_buffer, src_buffer, src_size);
 	_handle->src_size = src_size;
 
+	IMAGE_UTIL_SAFE_G_FREE(_handle->path);
+
 	return err;
 }
 
@@ -229,7 +237,7 @@ int image_util_decode_set_jpeg_downscale(image_util_decode_h handle, image_util_
 	return IMAGE_UTIL_ERROR_NONE;
 }
 
-static int __image_util_decode_internal(decode_s * _handle, mm_util_image_h *image_info)
+static int __image_util_decode_internal(decode_s *_handle, mm_util_image_h *image_info)
 {
 	int err = MM_UTIL_ERROR_NONE;
 	int colorspace = 0;
@@ -452,7 +460,6 @@ gpointer _image_util_decode_thread(gpointer data)
 		mm_image_destroy_image(image_info);
 		IMAGE_UTIL_SAFE_FREE(_handle->decode2_cb);
 		IMAGE_UTIL_SAFE_G_FREE(_handle->path);
-
 	} else {
 		ret = __image_util_decode_internal(_handle, &image_info);
 		if (ret == IMAGE_UTIL_ERROR_NONE)
@@ -582,7 +589,8 @@ int image_util_decode_destroy(image_util_decode_h handle)
 		g_thread_join(_handle->thread);
 		IMAGE_UTIL_SAFE_FREE(_handle->_decode_cb);
 	}
-	IMAGE_UTIL_SAFE_FREE(_handle->path);
+	IMAGE_UTIL_SAFE_G_FREE(_handle->path);
+	IMAGE_UTIL_SAFE_FREE(_handle->src_buffer);
 	IMAGE_UTIL_SAFE_FREE(_handle);
 
 	image_util_fleave();
-- 
2.34.1