From 8868bf42c66136fbafd63f099c308e33cf5c3673 Mon Sep 17 00:00:00 2001
From: Jeesun Kim <iamjs.kim@samsung.com>
Date: Thu, 14 Sep 2017 16:29:36 +0900
Subject: [PATCH] fix security svace issue

Change-Id: I452dc065fdc86fae122b62f0e9c32fc56ef78127
---
 server/db/cal_db_instance.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/db/cal_db_instance.c b/server/db/cal_db_instance.c
index 2f1d936..5f01ab2 100644
--- a/server/db/cal_db_instance.c
+++ b/server/db/cal_db_instance.c
@@ -1021,7 +1021,7 @@ static int _cal_db_instance_publish_yearly_wday(UCalendar *ucal, cal_event_s *ev
 					int nth = 0;
 					char wday[CAL_STR_SHORT_LEN32] = {0};
 
-					sscanf(t[j], "%d%s", &nth, wday); /* -3SU, +2SA */
+					sscanf(t[j], "%d%2s", &nth, wday); /* -3SU, +2SA */
 					DBG("nth(%d) wday[%s]", nth, wday);
 					int wday_int = __convert_wday_to_int(wday);
 
@@ -1361,7 +1361,7 @@ static int _cal_db_instance_publish_monthly_wday(UCalendar *ucal, cal_event_s *e
 				int nth = 0;
 				char wday[CAL_STR_SHORT_LEN32] = {0};
 
-				sscanf(t[i], "%d%s", &nth, wday); /* -3SU, +2SA */
+				sscanf(t[i], "%d%2s", &nth, wday); /* -3SU, +2SA */
 				DBG("nth(%d) wday[%s]", nth, wday);
 				int wday_int = __convert_wday_to_int(wday);
 
-- 
2.7.4