From f976bff31d58f7965ca3e902c04c4d6e86660ef2 Mon Sep 17 00:00:00 2001 From: Rahul Dadhich Date: Tue, 18 Sep 2018 15:25:48 +0530 Subject: [PATCH] fix SVACE issue [2] Change-Id: Ia3f067e05199ee6529a286349a5fb15e11ce5088 Signed-off-by: Rahul Dadhich --- tizen/src/ecs/ecs_sdcard.c | 4 +- tizen/src/ecs/ecs_sensor.c | 2 +- tizen/src/eventcast/sensor.c | 6 +-- tizen/src/hw/virtio/maru_virtio_jack.c | 16 +++---- tizen/src/hw/virtio/maru_virtio_nfc.c | 1 + tizen/src/hw/virtio/maru_virtio_power.c | 10 ++-- tizen/src/hw/virtio/maru_virtio_sensor.c | 81 +++++++++++++++++--------------- tizen/src/util/extra_pkgs_install.c | 12 ++--- tizen/src/util/net_helper.c | 2 + tizen/src/util/qt5_error_report.c | 4 +- 10 files changed, 73 insertions(+), 65 deletions(-) diff --git a/tizen/src/ecs/ecs_sdcard.c b/tizen/src/ecs/ecs_sdcard.c index 284138d..2c03c6f 100644 --- a/tizen/src/ecs/ecs_sdcard.c +++ b/tizen/src/ecs/ecs_sdcard.c @@ -128,11 +128,11 @@ static void send_sdcard_status(void) dsize_buf); if (image_info->has_encrypted && image_info->encrypted) { - length += sprintf(data + length, "encrypted: yes\n"); + length += snprintf(data + length, (sizeof(data) - length), "encrypted: yes\n"); } if (image_info->has_cluster_size) { - length += sprintf(data + length, "cluster_size: %" PRId64 "", image_info->cluster_size); + length += snprintf(data + length, (sizeof(data) - length), "cluster_size: %" PRId64 "", image_info->cluster_size); } } diff --git a/tizen/src/ecs/ecs_sensor.c b/tizen/src/ecs/ecs_sensor.c index ae68467..269c035 100644 --- a/tizen/src/ecs/ecs_sensor.c +++ b/tizen/src/ecs/ecs_sensor.c @@ -352,7 +352,7 @@ static void _req_set_sensor_geo(int len, const char *data) memset(tmp, 0, sizeof(tmp)); - sprintf(tmp, "%d %d %d", t_north, t_east, t_vertical); + snprintf(tmp, sizeof(tmp), "%d %d %d", t_north, t_east, t_vertical); set_sensor_mag(tmp, strlen(tmp)); } diff --git a/tizen/src/eventcast/sensor.c b/tizen/src/eventcast/sensor.c index fbaa323..5a3e137 100644 --- a/tizen/src/eventcast/sensor.c +++ b/tizen/src/eventcast/sensor.c @@ -176,7 +176,7 @@ static void set_sensor_data(Eventcast__SensorData *data) { char tmp[255] = {0}; - sprintf(tmp, "%d\n%d\n%lf\n%lf\n%lf\n", + snprintf(tmp, sizeof(tmp), "%d\n%d\n%lf\n%lf\n%lf\n", level_gyro, 3, (atof(data->x) / GYRO_ADJUST), (atof(data->y) / GYRO_ADJUST), (atof(data->z) / GYRO_ADJUST)); send_eventcast_sensor_data(tmp, strlen(tmp)); @@ -190,7 +190,7 @@ static void set_sensor_data(Eventcast__SensorData *data) char tmp[255] = {0}; double x = (double)(atoi(data->x)); - sprintf(tmp, "%d\n%d\n%.1f\n", level_proxi, 1, x); + snprintf(tmp, sizeof(tmp), "%d\n%d\n%.1f\n", level_proxi, 1, x); send_eventcast_sensor_data(tmp, strlen(tmp)); LOG_TRACE("sensor_proxi x: %.1f, %s\n", x, tmp); @@ -200,7 +200,7 @@ static void set_sensor_data(Eventcast__SensorData *data) { char tmp[255] = {0}; - sprintf(tmp, "%d\n%d\n%s%s\n", level_light, 2, data->x, data->y); + snprintf(tmp, sizeof(tmp), "%d\n%d\n%s%s\n", level_light, 2, data->x, data->y); send_eventcast_sensor_data(tmp, strlen(tmp)); LOG_TRACE("sensor_light x: %s\n", data->x); diff --git a/tizen/src/hw/virtio/maru_virtio_jack.c b/tizen/src/hw/virtio/maru_virtio_jack.c index 33b32d4..e0b50c1 100644 --- a/tizen/src/hw/virtio/maru_virtio_jack.c +++ b/tizen/src/hw/virtio/maru_virtio_jack.c @@ -128,7 +128,7 @@ static void set_jack_data(enum jack_types type, char *data, int len) } } -static void get_jack_data(enum jack_types type, char *msg_info) +static void get_jack_data(enum jack_types type, char *msg_info, size_t size) { if (msg_info == NULL) { return; @@ -136,22 +136,22 @@ static void get_jack_data(enum jack_types type, char *msg_info) switch (type) { case jack_type_list: - sprintf(msg_info, "%d", jack_capability); + snprintf(msg_info, size, "%d", jack_capability); break; case jack_type_charger: - sprintf(msg_info, "%d", charger_online); + snprintf(msg_info, size, "%d", charger_online); break; case jack_type_earjack: - sprintf(msg_info, "%d", earjack_online); + snprintf(msg_info, size, "%d", earjack_online); break; case jack_type_earkey: - sprintf(msg_info, "%d", earkey_online); + snprintf(msg_info, size, "%d", earkey_online); break; case jack_type_hdmi: - sprintf(msg_info, "%d", hdmi_online); + snprintf(msg_info, size, "%d", hdmi_online); break; case jack_type_usb: - sprintf(msg_info, "%d", usb_online); + snprintf(msg_info, size, "%d", usb_online); break; default: return; @@ -168,7 +168,7 @@ static void answer_jack_data_request(int type, char *data, VirtQueueElement *ele msginfo->req = request_answer; msginfo->type = type; - get_jack_data(type, msginfo->buf); + get_jack_data(type, msginfo->buf, (size_t)_MAX_BUF); TRACE("sending message: %s, type: %d, req: %d\n", msginfo->buf, msginfo->type, msginfo->req); diff --git a/tizen/src/hw/virtio/maru_virtio_nfc.c b/tizen/src/hw/virtio/maru_virtio_nfc.c index 67fd50f..88bc135 100644 --- a/tizen/src/hw/virtio/maru_virtio_nfc.c +++ b/tizen/src/hw/virtio/maru_virtio_nfc.c @@ -135,6 +135,7 @@ bool send_to_nfc(unsigned char id, unsigned char type, const char *data, qemu_mutex_lock(&recv_buf_mutex); strncpy(nfc_data, data, sizeof(nfc_data)); + nfc_data[sizeof(nfc_data)-1] = 0; QTAILQ_INSERT_TAIL(&nfc_recv_msg_queue, _msg, next); qemu_mutex_unlock(&recv_buf_mutex); diff --git a/tizen/src/hw/virtio/maru_virtio_power.c b/tizen/src/hw/virtio/maru_virtio_power.c index 26d1268..e512bfb 100644 --- a/tizen/src/hw/virtio/maru_virtio_power.c +++ b/tizen/src/hw/virtio/maru_virtio_power.c @@ -89,7 +89,7 @@ static void set_power_data (enum power_types type, char* data, int len) } } -static void get_power_data(enum power_types type, char* msg_info) +static void get_power_data(enum power_types type, char* msg_info, size_t size) { if (msg_info == NULL) { return; @@ -97,13 +97,13 @@ static void get_power_data(enum power_types type, char* msg_info) switch (type) { case power_type_capacity: - sprintf(msg_info, "%d", capacity); + snprintf(msg_info, size, "%d", capacity); break; case power_type_charge_full: - sprintf(msg_info, "%d", charge_full); + snprintf(msg_info, size, "%d", charge_full); break; case power_type_charge_now: - sprintf(msg_info, "%d", charge_now); + snprintf(msg_info, size, "%d", charge_now); break; default: return; @@ -144,7 +144,7 @@ static void answer_power_data_request(int type, char* data, VirtQueueElement *el msginfo->req = request_answer; msginfo->type = type; - get_power_data(type, msginfo->buf); + get_power_data(type, msginfo->buf, (size_t)_MAX_BUF); TRACE("sending message: %s, type: %d, req: %d\n", msginfo->buf, msginfo->type, msginfo->req); diff --git a/tizen/src/hw/virtio/maru_virtio_sensor.c b/tizen/src/hw/virtio/maru_virtio_sensor.c index a6870d5..c97c6ef 100644 --- a/tizen/src/hw/virtio/maru_virtio_sensor.c +++ b/tizen/src/hw/virtio/maru_virtio_sensor.c @@ -203,6 +203,7 @@ static void __set_sensor_data(enum sensor_types type, char *data, int len) case sensor_type_accel: qemu_mutex_lock(&accel_mutex); strncpy(accel_xyz, data, sizeof(accel_xyz)); + accel_xyz[sizeof(accel_xyz)-1] = 0; qemu_mutex_unlock(&accel_mutex); break; case sensor_type_accel_enable: @@ -284,6 +285,7 @@ static void __set_sensor_data(enum sensor_types type, char *data, int len) case sensor_type_rotation_vector: qemu_mutex_lock(&rot_mutex); strncpy(rot_quad, data, sizeof(rot_quad)); + rot_quad[sizeof(rot_quad)-1] = 0; qemu_mutex_unlock(&rot_mutex); break; case sensor_type_rotation_vector_enable: @@ -299,11 +301,13 @@ static void __set_sensor_data(enum sensor_types type, char *data, int len) case sensor_type_mag: qemu_mutex_lock(&geo_mutex); strncpy(geo_tesla, data, sizeof(geo_tesla)); + geo_tesla[sizeof(geo_tesla)-1] = 0; qemu_mutex_unlock(&geo_mutex); break; case sensor_type_tilt: qemu_mutex_lock(&geo_mutex); strncpy(geo_raw, data, sizeof(geo_raw)); + geo_raw[sizeof(geo_raw)-1] = 0; qemu_mutex_unlock(&geo_mutex); break; case sensor_type_geo_enable: @@ -319,6 +323,7 @@ static void __set_sensor_data(enum sensor_types type, char *data, int len) case sensor_type_pressure: qemu_mutex_lock(&pressure_mutex); strncpy(pressure_data, data, sizeof(pressure_data)); + pressure_data[sizeof(pressure_data)-1] = 0; qemu_mutex_unlock(&pressure_mutex); break; case sensor_type_pressure_enable: @@ -391,7 +396,7 @@ static void __set_sensor_data(enum sensor_types type, char *data, int len) } } -static void __get_sensor_data(enum sensor_types type, char *msg_info) +static void __get_sensor_data(enum sensor_types type, char *msg_info, size_t size) { if (msg_info == NULL) { LOG_WARNING("msg_info is null\n"); @@ -405,178 +410,178 @@ static void __get_sensor_data(enum sensor_types type, char *msg_info) break; case sensor_type_accel: qemu_mutex_lock(&accel_mutex); - strcpy(msg_info, accel_xyz); + strncpy(msg_info, accel_xyz, size); qemu_mutex_unlock(&accel_mutex); break; case sensor_type_accel_enable: qemu_mutex_lock(&accel_mutex); - sprintf(msg_info, "%d", accel_enable); + snprintf(msg_info, size, "%d", accel_enable); qemu_mutex_unlock(&accel_mutex); break; case sensor_type_accel_delay: qemu_mutex_lock(&accel_mutex); - sprintf(msg_info, "%d", accel_delay); + snprintf(msg_info, size, "%d", accel_delay); qemu_mutex_unlock(&accel_mutex); break; case sensor_type_mag: qemu_mutex_lock(&geo_mutex); - strcpy(msg_info, geo_tesla); + strncpy(msg_info, geo_tesla, size); qemu_mutex_unlock(&geo_mutex); break; case sensor_type_tilt: qemu_mutex_lock(&geo_mutex); - strcpy(msg_info, geo_raw); + strncpy(msg_info, geo_raw, size); qemu_mutex_unlock(&geo_mutex); break; case sensor_type_geo_enable: qemu_mutex_lock(&geo_mutex); - sprintf(msg_info, "%d", geo_enable); + snprintf(msg_info, size, "%d", geo_enable); qemu_mutex_unlock(&geo_mutex); break; case sensor_type_geo_delay: qemu_mutex_lock(&geo_mutex); - sprintf(msg_info, "%d", geo_delay); + snprintf(msg_info, size, "%d", geo_delay); qemu_mutex_unlock(&geo_mutex); break; case sensor_type_gyro: qemu_mutex_lock(&gyro_mutex); - sprintf(msg_info, "%d,%d,%d", gyro_x_raw, gyro_y_raw, gyro_z_raw); + snprintf(msg_info, size, "%d,%d,%d", gyro_x_raw, gyro_y_raw, gyro_z_raw); qemu_mutex_unlock(&gyro_mutex); break; case sensor_type_gyro_enable: qemu_mutex_lock(&gyro_mutex); - sprintf(msg_info, "%d", gyro_enable); + snprintf(msg_info, size, "%d", gyro_enable); qemu_mutex_unlock(&gyro_mutex); break; case sensor_type_gyro_delay: qemu_mutex_lock(&gyro_mutex); - sprintf(msg_info, "%d", gyro_delay); + snprintf(msg_info, size, "%d", gyro_delay); qemu_mutex_unlock(&gyro_mutex); break; case sensor_type_gyro_x: qemu_mutex_lock(&gyro_mutex); - sprintf(msg_info, "%d", gyro_x_raw); + snprintf(msg_info, size, "%d", gyro_x_raw); qemu_mutex_unlock(&gyro_mutex); break; case sensor_type_gyro_y: qemu_mutex_lock(&gyro_mutex); - sprintf(msg_info, "%d", gyro_y_raw); + snprintf(msg_info, size, "%d", gyro_y_raw); qemu_mutex_unlock(&gyro_mutex); break; case sensor_type_gyro_z: qemu_mutex_lock(&gyro_mutex); - sprintf(msg_info, "%d", gyro_z_raw); + snprintf(msg_info, size, "%d", gyro_z_raw); qemu_mutex_unlock(&gyro_mutex); break; case sensor_type_light: case sensor_type_light_adc: qemu_mutex_lock(&light_mutex); - sprintf(msg_info, "%d", light_adc); + snprintf(msg_info, size, "%d", light_adc); qemu_mutex_unlock(&light_mutex); break; case sensor_type_light_level: qemu_mutex_lock(&light_mutex); - sprintf(msg_info, "%d", light_level); + snprintf(msg_info, size, "%d", light_level); qemu_mutex_unlock(&light_mutex); break; case sensor_type_light_enable: qemu_mutex_lock(&light_mutex); - sprintf(msg_info, "%d", light_enable); + snprintf(msg_info, size, "%d", light_enable); qemu_mutex_unlock(&light_mutex); break; case sensor_type_light_delay: qemu_mutex_lock(&light_mutex); - sprintf(msg_info, "%d", light_delay); + snprintf(msg_info, size, "%d", light_delay); qemu_mutex_unlock(&light_mutex); break; case sensor_type_proxi: qemu_mutex_lock(&proxi_mutex); - sprintf(msg_info, "%d", proxi_vo); + snprintf(msg_info, size, "%d", proxi_vo); qemu_mutex_unlock(&proxi_mutex); break; case sensor_type_proxi_enable: qemu_mutex_lock(&proxi_mutex); - sprintf(msg_info, "%d", proxi_enable); + snprintf(msg_info, size, "%d", proxi_enable); qemu_mutex_unlock(&proxi_mutex); break; case sensor_type_proxi_delay: qemu_mutex_lock(&proxi_mutex); - sprintf(msg_info, "%d", proxi_delay); + snprintf(msg_info, size, "%d", proxi_delay); qemu_mutex_unlock(&proxi_mutex); break; case sensor_type_rotation_vector: qemu_mutex_lock(&rot_mutex); - strcpy(msg_info, rot_quad); + strncpy(msg_info, rot_quad, size); qemu_mutex_unlock(&rot_mutex); break; case sensor_type_rotation_vector_enable: qemu_mutex_lock(&rot_mutex); - sprintf(msg_info, "%d", rot_enable); + snprintf(msg_info, size, "%d", rot_enable); qemu_mutex_unlock(&rot_mutex); break; case sensor_type_rotation_vector_delay: qemu_mutex_lock(&rot_mutex); - sprintf(msg_info, "%d", rot_delay); + snprintf(msg_info, size, "%d", rot_delay); qemu_mutex_unlock(&rot_mutex); break; case sensor_type_pressure: qemu_mutex_lock(&pressure_mutex); - strcpy(msg_info, pressure_data); + strncpy(msg_info, pressure_data, size); qemu_mutex_unlock(&pressure_mutex); break; case sensor_type_pressure_enable: qemu_mutex_lock(&pressure_mutex); - sprintf(msg_info, "%d", pressure_enable); + snprintf(msg_info, size, "%d", pressure_enable); qemu_mutex_unlock(&pressure_mutex); break; case sensor_type_pressure_delay: qemu_mutex_lock(&pressure_mutex); - sprintf(msg_info, "%d", pressure_delay); + snprintf(msg_info, size, "%d", pressure_delay); qemu_mutex_unlock(&pressure_mutex); break; case sensor_type_uv: qemu_mutex_lock(&uv_mutex); - sprintf(msg_info, "%d", uv_level); + snprintf(msg_info, size, "%d", uv_level); qemu_mutex_unlock(&uv_mutex); break; case sensor_type_uv_enable: qemu_mutex_lock(&uv_mutex); - sprintf(msg_info, "%d", uv_enable); + snprintf(msg_info, size, "%d", uv_enable); qemu_mutex_unlock(&uv_mutex); break; case sensor_type_uv_delay: qemu_mutex_lock(&uv_mutex); - sprintf(msg_info, "%d", uv_delay); + snprintf(msg_info, size, "%d", uv_delay); qemu_mutex_unlock(&uv_mutex); break; case sensor_type_hrm: qemu_mutex_lock(&hrm_mutex); - sprintf(msg_info, "%d, %d", hrm_heart, hrm_rri); + snprintf(msg_info, size, "%d, %d", hrm_heart, hrm_rri); qemu_mutex_unlock(&hrm_mutex); break; case sensor_type_hrm_enable: qemu_mutex_lock(&hrm_mutex); - sprintf(msg_info, "%d", hrm_enable); + snprintf(msg_info, size, "%d", hrm_enable); qemu_mutex_unlock(&hrm_mutex); break; case sensor_type_hrm_delay: qemu_mutex_lock(&hrm_mutex); - sprintf(msg_info, "%d", hrm_delay); + snprintf(msg_info, size, "%d", hrm_delay); qemu_mutex_unlock(&hrm_mutex); break; case sensor_type_pedo: qemu_mutex_lock(&pedo_mutex); - sprintf(msg_info, "%d", pedo_value); + snprintf(msg_info, size, "%d", pedo_value); qemu_mutex_unlock(&pedo_mutex); break; case sensor_type_pedo_enable: qemu_mutex_lock(&pedo_mutex); - sprintf(msg_info, "%d", pedo_enable); + snprintf(msg_info, size, "%d", pedo_enable); qemu_mutex_unlock(&pedo_mutex); break; case sensor_type_pedo_delay: qemu_mutex_lock(&pedo_mutex); - sprintf(msg_info, "%d", pedo_delay); + snprintf(msg_info, size, "%d", pedo_delay); qemu_mutex_unlock(&pedo_mutex); break; default: @@ -599,7 +604,7 @@ void req_sensor_data(enum sensor_types type, enum request_cmd req, char *data, i if (req == request_set) { __set_sensor_data(type, data, len); } else if (req == request_get) { - __get_sensor_data(type, msg_info); + __get_sensor_data(type, msg_info, sizeof(msg_info)); send_sensor_to_ecs(msg_info, type); } } @@ -614,7 +619,7 @@ static void answer_sensor_data_request(int type, char *data, VirtQueueElement *e msginfo->req = request_answer; msginfo->type = type; - __get_sensor_data(type, msginfo->buf); + __get_sensor_data(type, msginfo->buf, (size_t)_MAX_BUF); LOG_TRACE("sending message: %s, type: %d, req: %d\n", msginfo->buf, msginfo->type, msginfo->req); diff --git a/tizen/src/util/extra_pkgs_install.c b/tizen/src/util/extra_pkgs_install.c index 76694d0..7f033ca 100644 --- a/tizen/src/util/extra_pkgs_install.c +++ b/tizen/src/util/extra_pkgs_install.c @@ -68,7 +68,7 @@ static char *get_addon_path(void) return NULL; } - ret = sprintf(extra_path, "%s%s%s%s%s%s%s", + ret = snprintf(extra_path, (size_t)MAX_PKG_LIST, "%s%s%s%s%s%s%s", get_bin_path(), parent, profile_name, separator, IMAGE_DIRECTORY, separator, ADDON_DIRECTORY); if (ret < 0) { @@ -80,12 +80,12 @@ static char *get_addon_path(void) return extra_path; } -static void add_addon_pkgs_name(char *pkgs, char *name) +static void add_addon_pkgs_name(char *pkgs, char *name, size_t size) { if (strlen(pkgs) == 0) { - strcpy(pkgs, name); + strncpy(pkgs, name, size); } else { - sprintf(pkgs, "%s, %s", pkgs, name); + snprintf(pkgs, size, "%s, %s", pkgs, name); } } @@ -225,8 +225,8 @@ void epi_init(void) } pkg_count++; - add_addon_pkgs_name(pkgs, sub_dir_entry->d_name); - add_addon_pkgs_name(pkg_list, sub_dir_entry->d_name); + add_addon_pkgs_name(pkgs, sub_dir_entry->d_name, sizeof(pkgs)); + add_addon_pkgs_name(pkg_list, sub_dir_entry->d_name, sizeof(pkg_list)); LOG_TRACE("reading addon sub directory: %s\n", sub_dir_entry->d_name); } } diff --git a/tizen/src/util/net_helper.c b/tizen/src/util/net_helper.c index e8743ca..6ab967d 100644 --- a/tizen/src/util/net_helper.c +++ b/tizen/src/util/net_helper.c @@ -315,6 +315,7 @@ static void add_sdb_client(struct sockaddr_in* addr, int port, const char* seria memcpy(&client->addr, addr, sizeof(struct sockaddr_in)); client->port = port; strncpy(client->serial, serial, sizeof(client->serial)); + client->serial[sizeof(client->serial) - 1] = 0; qemu_mutex_lock(&mutex_clients); @@ -460,6 +461,7 @@ static void *get_user_home_path(void *args) } if (cmd_root_off != NULL) { g_free(cmd_root_off); + cmd_root_off = NULL; } pclose(fp); diff --git a/tizen/src/util/qt5_error_report.c b/tizen/src/util/qt5_error_report.c index bffd329..56d44b8 100644 --- a/tizen/src/util/qt5_error_report.c +++ b/tizen/src/util/qt5_error_report.c @@ -56,8 +56,8 @@ char *get_app_path(void) int app_len = strlen(app_name); int app_path_len = bin_len + app_len + 3; char *tmp_path = (char *)g_malloc0(app_path_len); - strcpy(tmp_path, bin_dir); - strcat(tmp_path, app_name); + strncpy(tmp_path, bin_dir, (size_t)app_path_len); + strncat(tmp_path, app_name, (size_t)app_path_len); tmp_path[app_path_len - 1] = '\0'; INFO("qt5_msgbox path : %s\n", tmp_path); -- 2.7.4