From d54b0cc1f65b1f17b7052e3b1ac0b0e2323d451a Mon Sep 17 00:00:00 2001
From: Seungbae Shin <seungbae.shin@samsung.com>
Date: Tue, 18 Jul 2017 21:08:39 +0900
Subject: [PATCH] Fix possible buffer overflow using sprintf/fprintf

[Version] 0.1.9
[Issue Type] Security

Change-Id: I73d1370aaf38bdba29fa818a2209b6b127cec2ea
---
 packaging/audio-hal-emul.spec |  2 +-
 tizen-audio-impl-ctrl.c       | 21 +--------------------
 tizen-audio-impl-pcm.c        |  4 ++--
 3 files changed, 4 insertions(+), 23 deletions(-)

diff --git a/packaging/audio-hal-emul.spec b/packaging/audio-hal-emul.spec
index 9f3bf25..2202738 100644
--- a/packaging/audio-hal-emul.spec
+++ b/packaging/audio-hal-emul.spec
@@ -1,6 +1,6 @@
 Name:       audio-hal-emul
 Summary:    TIZEN Audio HAL for Emulator
-Version:    0.1.8
+Version:    0.1.9
 Release:    0
 Group:      System/Libraries
 License:    Apache-2.0
diff --git a/tizen-audio-impl-ctrl.c b/tizen-audio-impl-ctrl.c
index 684403f..00d9bd8 100644
--- a/tizen-audio-impl-ctrl.c
+++ b/tizen-audio-impl-ctrl.c
@@ -28,25 +28,6 @@
 
 #include "tizen-audio-internal.h"
 
-#ifdef __MIXER_PARAM_DUMP
-static void __dump_mixer_param(char *dump, long *param, int size)
-{
-    int i, len;
-
-    for (i = 0; i < size; i++) {
-        len = sprintf(dump, "%ld", *param);
-        if (len > 0)
-            dump += len;
-        if (i != size -1) {
-            *dump++ = ',';
-        }
-
-        param++;
-    }
-    *dump = '\0';
-}
-#endif
-
 audio_return_t _control_init(audio_hal_t *ah)
 {
     AUDIO_RETURN_VAL_IF_FAIL(ah, AUDIO_ERR_PARAMETER);
@@ -252,4 +233,4 @@ audio_return_t _mixer_control_get_element(audio_hal_t *ah, const char *ctl_name,
 
     /* TODO. */
     return AUDIO_RET_OK;
-}
\ No newline at end of file
+}
diff --git a/tizen-audio-impl-pcm.c b/tizen-audio-impl-pcm.c
index c092218..57229c8 100644
--- a/tizen-audio-impl-pcm.c
+++ b/tizen-audio-impl-pcm.c
@@ -546,12 +546,12 @@ audio_return_t _pcm_set_params(void *pcm_handle, uint32_t direction, void *sampl
     }
 
     if ((err = snd_pcm_hw_params_set_channels(pcm_handle, hwparams, ss.channels)) < 0) {
-        AUDIO_LOG_ERROR("snd_pcm_hw_params_set_channels(%u) failed : %d", err);
+        AUDIO_LOG_ERROR("snd_pcm_hw_params_set_channels(%u) failed : %d", ss.channels, err);
         return AUDIO_ERR_PARAMETER;
     }
 
     if ((err = snd_pcm_hw_params_set_period_size(pcm_handle, hwparams, period_size, 0)) < 0) {
-        AUDIO_LOG_ERROR("snd_pcm_hw_params_set_period_size(%u) failed : %d", err);
+        AUDIO_LOG_ERROR("snd_pcm_hw_params_set_period_size(%u) failed : %d", period_size, err);
         return AUDIO_ERR_PARAMETER;
     }
 
-- 
2.7.4