From 8c0dfd1cc22f420a085b29767b5e6dda7017b9f9 Mon Sep 17 00:00:00 2001
From: Vitaliy Cherepanov <v.cherepanov@samsung.com>
Date: Wed, 15 Jun 2016 19:44:24 +0300
Subject: [PATCH] [FIX] Svace issues

|-------------------------------------------------------|
| WGID  | Type                      | File              |
|-------------------------------------------------------|
| 84792 | TAINTED_INT.MIGHT         | ui_viewer_lib.c   |
| 84797 | TAINTED_INT.MIGHT         | ui_viewer_lib.c   |
|-------------------------------------------------------|

Change-Id: I04f1266b6dbd37d1b7a934df2b9354c44958503e
Signed-off-by: Vitaliy Cherepanov <v.cherepanov@samsung.com>
---
 ui_viewer/ui_viewer_lib.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/ui_viewer/ui_viewer_lib.c b/ui_viewer/ui_viewer_lib.c
index 0d13133..a5c9a25 100644
--- a/ui_viewer/ui_viewer_lib.c
+++ b/ui_viewer/ui_viewer_lib.c
@@ -150,6 +150,12 @@ static int createSocket(void)
 				if (recvlen > 0) {
 					char *data_buf = NULL;
 
+					if (log.length < 0 ||
+					    (unsigned int)log.length > sizeof(log.data)) {
+						PRINTERR("Too long message");
+						continue;
+					}
+
 					data_buf = malloc(log.length);
 
 					if (data_buf == NULL) {
@@ -276,7 +282,8 @@ static void *recvThread(void __unused *data)
 			if(recvlen > 0)	// recv succeed
 			{
 
-				if(log.length > 0) {
+				if (log.length > 0 &&
+				    (unsigned int)log.length <= sizeof(log.data)) {
 					data_buf = malloc(log.length);
 					if (data_buf == NULL) {
 						PRINTERR("cannot allocate buf to recv msg");
-- 
2.7.4