From 62f081e6dc6959e4c2f4426c66a42a5f941bb5da Mon Sep 17 00:00:00 2001
From: Jiyong Min <jiyong.min@samsung.com>
Date: Wed, 22 Jun 2016 07:39:17 +0900
Subject: [PATCH] Add to check null string because of null pointer dereferenced

Change-Id: I9958f6c1ca600462215bb5bd7b40581180bef230
Signed-off-by: Jiyong Min <jiyong.min@samsung.com>
---
 packaging/capi-media-controller.spec | 2 +-
 src/media_controller_db.c            | 6 ++++++
 svc/media_controller_db_util.c       | 2 ++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/packaging/capi-media-controller.spec b/packaging/capi-media-controller.spec
index e6b18f0..74c4adf 100644
--- a/packaging/capi-media-controller.spec
+++ b/packaging/capi-media-controller.spec
@@ -1,6 +1,6 @@
 Name:       capi-media-controller
 Summary:    A media controller library in Tizen Native API
-Version:    0.1.22
+Version:    0.1.23
 Release:    1
 Group:      Multimedia/API
 License:    Apache-2.0
diff --git a/src/media_controller_db.c b/src/media_controller_db.c
index 8ec1f04..0220ef4 100644
--- a/src/media_controller_db.c
+++ b/src/media_controller_db.c
@@ -81,6 +81,7 @@ static int __mc_db_get_int_value_of_key(void *handle, const char *server_name, c
 	mc_retvm_if(key == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "key is NULL");
 
 	sql_str = sqlite3_mprintf(DB_SELECT_VALUE_OF_KEY, key, server_name);
+	mc_retvm_if(!MC_STRING_VALID(sql_str), MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "SQL string is null");
 
 	ret = sqlite3_prepare_v2(db_handle, sql_str, strlen(sql_str), &stmt, NULL);
 	if (SQLITE_OK != ret) {
@@ -119,6 +120,7 @@ static int __mc_db_get_ulong_value_of_key(void *handle, const char *server_name,
 	mc_retvm_if(key == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "key is NULL");
 
 	sql_str = sqlite3_mprintf(DB_SELECT_VALUE_OF_KEY, key, server_name);
+	mc_retvm_if(!MC_STRING_VALID(sql_str), MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "SQL string is null");
 
 	ret = sqlite3_prepare_v2(db_handle, sql_str, strlen(sql_str), &stmt, NULL);
 	if (SQLITE_OK != ret) {
@@ -306,6 +308,7 @@ int mc_db_get_latest_server_name(void *handle, char **latest_server_name)
 	*latest_server_name = NULL;
 
 	sql_str = sqlite3_mprintf(DB_SELECT_LATEST_SERVER_NAME);
+	mc_retvm_if(!MC_STRING_VALID(sql_str), MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "SQL string is null");
 
 	ret = sqlite3_prepare_v2(db_handle, sql_str, strlen(sql_str), &stmt, NULL);
 	if (SQLITE_OK != ret) {
@@ -376,6 +379,7 @@ int mc_db_get_metadata_info(void *handle, const char *server_name, mc_metadata_h
 	mc_retvm_if(server_name == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "server_name is NULL");
 
 	sql_str = sqlite3_mprintf(DB_SELECT_METADATA_FROM_DB, server_name);
+	mc_retvm_if(!MC_STRING_VALID(sql_str), MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "SQL string is null");
 
 	ret = sqlite3_prepare_v2(db_handle, sql_str, strlen(sql_str), &stmt, NULL);
 	if (SQLITE_OK != ret) {
@@ -576,6 +580,7 @@ int mc_db_check_server_table_exist(void *handle, const char *server_name, bool *
 	mc_retvm_if(server_name == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "server_name is NULL");
 
 	sql_str = sqlite3_mprintf("SELECT COUNT(*) FROM SQLITE_MASTER WHERE type='table' and name='%q'", server_name);
+	mc_retvm_if(!MC_STRING_VALID(sql_str), MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "SQL string is null");
 
 	ret = sqlite3_prepare_v2(handle, sql_str, strlen(sql_str), &stmt, NULL);
 	if (SQLITE_OK != ret) {
@@ -617,6 +622,7 @@ int mc_db_foreach_server_list(void *handle, mc_activated_server_cb callback, voi
 	mc_retvm_if(db_handle == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "Handle is NULL");
 
 	sql_str = sqlite3_mprintf(DB_SELECT_ALL_SERVER_LIST);
+	mc_retvm_if(!MC_STRING_VALID(sql_str), MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "SQL string is null");
 	ret = sqlite3_prepare_v2(db_handle, sql_str, strlen(sql_str), &stmt, NULL);
 	if (SQLITE_OK != ret) {
 		mc_error("prepare error [%s]\n", sqlite3_errmsg(db_handle));
diff --git a/svc/media_controller_db_util.c b/svc/media_controller_db_util.c
index 8da5ae9..763e021 100644
--- a/svc/media_controller_db_util.c
+++ b/svc/media_controller_db_util.c
@@ -46,6 +46,7 @@ static int __mc_foreach_table_list(void *handle, GList **list)
 	mc_retvm_if(handle == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "Handle is NULL");
 
 	sql_str = sqlite3_mprintf(DB_SELECT_ALL_SERVER_LIST_EXCEPT_LATEST, MC_DB_TABLE_LATEST_SERVER);
+	mc_retvm_if(!MC_STRING_VALID(sql_str), MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "SQL string is null");
 
 	ret = sqlite3_prepare_v2(db_handle, sql_str, strlen(sql_str), &stmt, NULL);
 	if (SQLITE_OK != ret) {
@@ -209,6 +210,7 @@ int mc_db_util_connect(void **handle, uid_t uid)
 
 	char *sql = NULL;
 	sql = sqlite3_mprintf("%s", "PRAGMA journal_mode = PERSIST");
+	mc_retvm_if(!MC_STRING_VALID(sql), MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "SQL string is null");
 	ret = sqlite3_exec(*handle, sql, NULL, NULL, NULL);
 	sqlite3_free(sql);
 	if (SQLITE_OK != ret) {
-- 
2.7.4