From cca8082640705e5dcacdb6bd8f0ca1eeb5da458b Mon Sep 17 00:00:00 2001 From: Jiyong Min Date: Thu, 2 Nov 2017 10:31:03 +0900 Subject: [PATCH] Apply security patch (revision:245e106aacc48e38784d1efe71df4e4f7a2643ab) - Fix security issues : SATIZENVUL-925, SATIZENVUL-954 - Svace issue fix - Use standard license name. public domain -> PD - [SATIZENVUL-954] Fix buffer bound issue : Change strncpy to g_strlcpy Change-Id: Ic76530ee1c12ab6ab18c073659a07532ce7050de Signed-off-by: Jiyong Min --- md5/media-svc-hash.c | 7 ++- packaging/libmedia-service.spec | 4 +- src/common/media-svc-db-utils.c | 58 ++++++++++----------- src/common/media-svc-localize-utils.c | 4 +- src/common/media-svc-localize_ch.c | 6 +++ src/common/media-svc-localize_tw.c | 73 ++++++++++++++------------- src/common/media-svc-media-folder.c | 8 +++ src/common/media-svc-storage.c | 9 ++++ src/common/media-svc-util.c | 25 +++++---- src/include/common/media-svc-localize-utils.h | 2 + src/include/common/media-svc-util.h | 3 ++ 11 files changed, 114 insertions(+), 85 deletions(-) diff --git a/md5/media-svc-hash.c b/md5/media-svc-hash.c index 77df888..4b97d70 100755 --- a/md5/media-svc-hash.c +++ b/md5/media-svc-hash.c @@ -25,6 +25,7 @@ #include "media-svc-hash.h" #include "media-util-err.h" +#define SAFE_STRLCPY(dst, src, n) g_strlcpy(dst, src, n); static const char ACCEPTABLE_URI_CHARS[96] = { /* ! " # $ % & ' ( ) * + , - . / */ @@ -74,8 +75,7 @@ char *_mb_svc_generate_hash_name(const char *file) if (uri == NULL) return NULL; - strncpy(uri, "file://", length); - uri[length - 1] = '\0'; + SAFE_STRLCPY(uri, "file://", length); t = uri + sizeof("file://") - 1; for (c = (const unsigned char *)file; *c != '\0'; c++) { @@ -115,8 +115,7 @@ int mb_svc_generate_hash_code(const char *origin_path, char *hash_code, int max_ if (hash == NULL) return MS_MEDIA_ERR_INTERNAL; - strncpy(hash_code, hash, max_length); - hash_code[strlen(hash_code)] = '\0'; + SAFE_STRLCPY(hash_code, hash, max_length); return MS_MEDIA_ERR_NONE; } diff --git a/packaging/libmedia-service.spec b/packaging/libmedia-service.spec index 1ffa6ef..f42c40f 100644 --- a/packaging/libmedia-service.spec +++ b/packaging/libmedia-service.spec @@ -1,9 +1,9 @@ Name: libmedia-service Summary: Media information service library for multimedia applications -Version: 0.2.92 +Version: 0.2.93 Release: 0 Group: Multimedia/Libraries -License: Apache-2.0 and public domain +License: Apache-2.0 and PD Source0: %{name}-%{version}.tar.gz Source1001: libmedia-service.manifest diff --git a/src/common/media-svc-db-utils.c b/src/common/media-svc-db-utils.c index d74c14a..9dc5a94 100755 --- a/src/common/media-svc-db-utils.c +++ b/src/common/media-svc-db-utils.c @@ -188,10 +188,10 @@ static int __media_svc_rebuild_view_query(sqlite3 *db_handle, uid_t uid) snprintf(temp, sizeof(temp), ", playlist.%s AS p_thumbnail_path", col_ptr->name); else snprintf(temp, sizeof(temp), ", playlist.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } else { snprintf(temp, sizeof(temp), "playlist.%s", col_ptr->name); - strncpy(table_query, temp, strlen(temp)); + SAFE_STRLCPY(table_query, temp, sizeof(table_query)); sflag = true; } } @@ -205,7 +205,7 @@ static int __media_svc_rebuild_view_query(sqlite3 *db_handle, uid_t uid) snprintf(temp, sizeof(temp), ", media_count IS NOT NULL AS media_count, playlist_map.%s AS pm_id", col_ptr->name); else snprintf(temp, sizeof(temp), ", playlist_map.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } memset(temp, 0, sizeof(temp)); } @@ -215,7 +215,7 @@ static int __media_svc_rebuild_view_query(sqlite3 *db_handle, uid_t uid) col_ptr = g_slist_nth_data(column_list[MEDIA_SVC_DB_LIST_MEDIA], i); if (col_ptr->is_view) { snprintf(temp, sizeof(temp), ", media.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } memset(temp, 0, sizeof(temp)); } @@ -234,10 +234,10 @@ static int __media_svc_rebuild_view_query(sqlite3 *db_handle, uid_t uid) if (col_ptr->is_view) { if (sflag == true) { snprintf(temp, sizeof(temp), ", tag.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } else { snprintf(temp, sizeof(temp), "tag.%s", col_ptr->name); - strncpy(table_query, temp, strlen(temp)); + SAFE_STRLCPY(table_query, temp, sizeof(table_query)); sflag = true; } } @@ -251,7 +251,7 @@ static int __media_svc_rebuild_view_query(sqlite3 *db_handle, uid_t uid) snprintf(temp, sizeof(temp), ", media_count IS NOT NULL AS media_count, tag_map.%s AS tm_id", col_ptr->name); else snprintf(temp, sizeof(temp), ", tag_map.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } memset(temp, 0, sizeof(temp)); } @@ -261,7 +261,7 @@ static int __media_svc_rebuild_view_query(sqlite3 *db_handle, uid_t uid) col_ptr = g_slist_nth_data(column_list[MEDIA_SVC_DB_LIST_MEDIA], i); if (col_ptr->is_view) { snprintf(temp, sizeof(temp), ", media.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } memset(temp, 0, sizeof(temp)); } @@ -310,19 +310,19 @@ int _media_svc_make_table_query(const char *table_name, media_svc_table_slist_e if (col_ptr->has_option) { if (sflag == true) { snprintf(temp, sizeof(temp), ", %s %s %s", col_ptr->name, col_ptr->type, col_ptr->option); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } else { snprintf(temp, sizeof(temp), "%s %s %s", col_ptr->name, col_ptr->type, col_ptr->option); - strncpy(table_query, temp, strlen(temp)); + SAFE_STRLCPY(table_query, temp, sizeof(table_query)); sflag = true; } } else { if (sflag == true) { snprintf(temp, sizeof(temp), ", %s %s", col_ptr->name, col_ptr->type); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } else { snprintf(temp, sizeof(temp), "%s %s", col_ptr->name, col_ptr->type); - strncpy(table_query, temp, strlen(temp)); + SAFE_STRLCPY(table_query, temp, sizeof(table_query)); sflag = true; } } @@ -332,11 +332,11 @@ int _media_svc_make_table_query(const char *table_name, media_svc_table_slist_e if (col_ptr->is_unique) { if (table_sub_len > 0) { snprintf(temp, sizeof(temp), ", %s", col_ptr->name); - strncat(table_query_sub, temp, strlen(temp)); + SAFE_STRLCAT(table_query_sub, temp, sizeof(table_query_sub)); table_sub_len = strlen(table_query_sub); } else { snprintf(temp, sizeof(temp), "%s", col_ptr->name); - strncpy(table_query_sub, temp, strlen(temp)); + SAFE_STRLCPY(table_query_sub, temp, sizeof(table_query_sub)); table_sub_len = strlen(table_query_sub); } } @@ -346,11 +346,11 @@ int _media_svc_make_table_query(const char *table_name, media_svc_table_slist_e if (col_ptr->is_index) { if (index_len > 0) { snprintf(temp, sizeof(temp), MEDIA_SVC_DB_QUERY_INDEX, col_ptr->index_name, table_name, col_ptr->name); - strncat(index_query, temp, strlen(temp)); + SAFE_STRLCAT(index_query, temp, sizeof(index_query)); index_len = strlen(index_query); } else { snprintf(temp, sizeof(temp), MEDIA_SVC_DB_QUERY_INDEX, col_ptr->index_name, table_name, col_ptr->name); - strncpy(index_query, temp, strlen(temp)); + SAFE_STRLCPY(index_query, temp, sizeof(index_query)); index_len = strlen(index_query); } } @@ -361,11 +361,11 @@ int _media_svc_make_table_query(const char *table_name, media_svc_table_slist_e if (STRING_VALID(tb->trigger_name)) { if (strncmp(table_name, MEDIA_SVC_DB_TABLE_ALBUM, strlen(MEDIA_SVC_DB_TABLE_ALBUM)) == 0) { snprintf(temp, sizeof(temp), MEDIA_SVC_DB_QUERY_TRIGGER_WITH_COUNT, tb->trigger_name, tb->event_table, tb->action_table, tb->event_table, col_ptr->name, col_ptr->name, col_ptr->name, col_ptr->name); - strncpy(trigger_query, temp, strlen(temp)); + SAFE_STRLCPY(trigger_query, temp, sizeof(trigger_query)); trigger_len = strlen(trigger_query); } else { snprintf(temp, sizeof(temp), MEDIA_SVC_DB_QUERY_TRIGGER, tb->trigger_name, tb->event_table, tb->action_table, col_ptr->name, col_ptr->name); - strncpy(trigger_query, temp, strlen(temp)); + SAFE_STRLCPY(trigger_query, temp, sizeof(trigger_query)); trigger_len = strlen(trigger_query); } } else { @@ -422,10 +422,10 @@ int _media_svc_make_table_query(const char *table_name, media_svc_table_slist_e snprintf(temp, sizeof(temp), ", playlist.%s AS p_thumbnail_path", col_ptr->name); else snprintf(temp, sizeof(temp), ", playlist.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } else { snprintf(temp, sizeof(temp), "playlist.%s", col_ptr->name); - strncpy(table_query, temp, strlen(temp)); + SAFE_STRLCPY(table_query, temp, sizeof(table_query)); sflag = true; } } @@ -439,7 +439,7 @@ int _media_svc_make_table_query(const char *table_name, media_svc_table_slist_e snprintf(temp, sizeof(temp), ", media_count IS NOT NULL AS media_count, playlist_map.%s AS pm_id", col_ptr->name); else snprintf(temp, sizeof(temp), ", playlist_map.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } memset(temp, 0, sizeof(temp)); } @@ -449,7 +449,7 @@ int _media_svc_make_table_query(const char *table_name, media_svc_table_slist_e col_ptr = g_slist_nth_data(column_list[MEDIA_SVC_DB_LIST_MEDIA], i); if (col_ptr->is_view) { snprintf(temp, sizeof(temp), ", media.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } memset(temp, 0, sizeof(temp)); } @@ -465,10 +465,10 @@ int _media_svc_make_table_query(const char *table_name, media_svc_table_slist_e if (col_ptr->is_view) { if (sflag == true) { snprintf(temp, sizeof(temp), ", tag.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } else { snprintf(temp, sizeof(temp), "tag.%s", col_ptr->name); - strncpy(table_query, temp, strlen(temp)); + SAFE_STRLCPY(table_query, temp, sizeof(table_query)); sflag = true; } } @@ -482,7 +482,7 @@ int _media_svc_make_table_query(const char *table_name, media_svc_table_slist_e snprintf(temp, sizeof(temp), ", media_count IS NOT NULL AS media_count, tag_map.%s AS tm_id", col_ptr->name); else snprintf(temp, sizeof(temp), ", tag_map.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } memset(temp, 0, sizeof(temp)); } @@ -492,7 +492,7 @@ int _media_svc_make_table_query(const char *table_name, media_svc_table_slist_e col_ptr = g_slist_nth_data(column_list[MEDIA_SVC_DB_LIST_MEDIA], i); if (col_ptr->is_view) { snprintf(temp, sizeof(temp), ", media.%s", col_ptr->name); - strncat(table_query, temp, strlen(temp)); + SAFE_STRLCAT(table_query, temp, sizeof(table_query)); } memset(temp, 0, sizeof(temp)); } @@ -1468,11 +1468,11 @@ int _media_svc_sql_query_list(GList **query_list, uid_t uid) if (query_len >= SQLITE3_QUERY_MAX_LEN) { media_svc_error("NEED TO CHECK FILE : A single query size exceeds 8k [%d]", query_len); } else { - strncpy(query_bundle, sql, query_len); + SAFE_STRLCPY(query_bundle, sql, sizeof(query_bundle)); total_len = query_len; } } else { - strncat(query_bundle, sql, query_len); + SAFE_STRLCAT(query_bundle, sql, sizeof(query_bundle)); total_len += query_len; } @@ -1678,7 +1678,7 @@ int _media_svc_update_media_view(sqlite3 *db_handle, uid_t uid) char append_query[128] = {0, }; memset(append_query, 0x00, sizeof(append_query)); snprintf(append_query, sizeof(append_query), " UNION SELECT * from '%s'", storage_id); - strncat(view_query, append_query, strlen(append_query)); + SAFE_STRLCAT(view_query, append_query, sizeof(view_query)); } else { media_svc_error("media table not exist for storage [%s]", storage_id); } diff --git a/src/common/media-svc-localize-utils.c b/src/common/media-svc-localize-utils.c index 5726f9e..8d5b805 100755 --- a/src/common/media-svc-localize-utils.c +++ b/src/common/media-svc-localize-utils.c @@ -121,14 +121,14 @@ static inline int __media_svc_collation_str(const char *src, char **dest) lang = vconf_get_str(VCONFKEY_LANGSET); if (lang != NULL) { if (strlen(lang) < 50) { - strncpy(region, lang, strlen(lang)); + SAFE_STRLCPY(region, lang, sizeof(region)); free(lang); } else { media_svc_error("Lang size error(%s)", lang); free(lang); } } else { - strncpy(region, en_us, strlen(en_us)); + SAFE_STRLCPY(region, en_us, sizeof(region)); } char *dot = strchr(region, '.'); diff --git a/src/common/media-svc-localize_ch.c b/src/common/media-svc-localize_ch.c index cef7744..a008fa5 100755 --- a/src/common/media-svc-localize_ch.c +++ b/src/common/media-svc-localize_ch.c @@ -2279,6 +2279,12 @@ int _media_svc_convert_chinese_to_pinyin(const char *src, pinyin_name_s **name, temp_name[j].pinyin_name = calloc(1, pinyin_name_len); temp_name[j].pinyin_initial = calloc(1, pinyin_initial_len); + if (temp_name[j].pinyin_initial == NULL || temp_name[j].pinyin_name == NULL) { + media_svc_error("calloc failed"); + SAFE_FREE(temp_name[j].pinyin_name); + SAFE_FREE(temp_name[j].pinyin_initial); + continue; + } } if (spell[i][index][0]) { diff --git a/src/common/media-svc-localize_tw.c b/src/common/media-svc-localize_tw.c index 6c867ab..16bb7a7 100755 --- a/src/common/media-svc-localize_tw.c +++ b/src/common/media-svc-localize_tw.c @@ -14192,48 +14192,51 @@ int _media_svc_get_bopomofo(const char *src, char **dest) status = U_ZERO_ERROR; tmp_result = calloc(1, sizeof(UChar) * (size + 1)); - u_strFromUTF8(tmp_result, size + 1, NULL, src, -1, &status); - if (U_FAILURE(status)) { - media_svc_error("u_strFromUTF8 Failed(%s)", u_errorName(status)); - ret = MS_MEDIA_ERR_INTERNAL; - goto DATA_FREE; + if (tmp_result != NULL) { + u_strFromUTF8(tmp_result, size + 1, NULL, src, -1, &status); + if (U_FAILURE(status)) { + media_svc_error("u_strFromUTF8 Failed(%s)", u_errorName(status)); + ret = MS_MEDIA_ERR_INTERNAL; + goto DATA_FREE; + } } - result_len = 0; temp_dest = calloc(1, sizeof(char) * temp_dest_size); - for (i = 0; i < size; i++) { - char *tmp = NULL; - int tmp_size = 0; - UChar *bopomofo = calloc(1, sizeof(UChar) * 4); - if (bopomofo == NULL) { - media_svc_error("u_strToUTF8 to allocate memory Failed"); - ret = MS_MEDIA_ERR_OUT_OF_MEMORY; - goto DATA_FREE; - } - __media_svc_get_bopomofo(tmp_result[i], bopomofo, &len); + if (temp_dest != NULL) { + for (i = 0; i < size; i++) { + char *tmp = NULL; + int tmp_size = 0; + UChar *bopomofo = calloc(1, sizeof(UChar) * 4); + if (bopomofo == NULL) { + media_svc_error("u_strToUTF8 to allocate memory Failed"); + ret = MS_MEDIA_ERR_OUT_OF_MEMORY; + goto DATA_FREE; + } + __media_svc_get_bopomofo(tmp_result[i], bopomofo, &len); - u_strToUTF8(NULL, 0, &tmp_size, bopomofo, -1, &status); - if (U_FAILURE(status) && status != U_BUFFER_OVERFLOW_ERROR) { - media_svc_error("u_strToUTF8 to get the dest length Failed(%s)", u_errorName(status)); - ret = MS_MEDIA_ERR_INTERNAL; - free(bopomofo); - goto DATA_FREE; - } + u_strToUTF8(NULL, 0, &tmp_size, bopomofo, -1, &status); + if (U_FAILURE(status) && status != U_BUFFER_OVERFLOW_ERROR) { + media_svc_error("u_strToUTF8 to get the dest length Failed(%s)", u_errorName(status)); + ret = MS_MEDIA_ERR_INTERNAL; + free(bopomofo); + goto DATA_FREE; + } - status = U_ZERO_ERROR; - tmp = calloc(1, sizeof(char) * (tmp_size + 1)); - if (tmp == NULL) { - media_svc_error("u_strToUTF8 to allocate memory Failed"); - ret = MS_MEDIA_ERR_OUT_OF_MEMORY; - free(bopomofo); - goto DATA_FREE; - } + status = U_ZERO_ERROR; + tmp = calloc(1, sizeof(char) * (tmp_size + 1)); + if (tmp == NULL) { + media_svc_error("u_strToUTF8 to allocate memory Failed"); + ret = MS_MEDIA_ERR_OUT_OF_MEMORY; + free(bopomofo); + goto DATA_FREE; + } - u_strToUTF8(tmp, tmp_size + 1, &tmp_size, bopomofo, -1, &status); - result_len += SAFE_SNPRINTF(&temp_dest, &temp_dest_size, result_len, tmp); + u_strToUTF8(tmp, tmp_size + 1, &tmp_size, bopomofo, -1, &status); + result_len += SAFE_SNPRINTF(&temp_dest, &temp_dest_size, result_len, tmp); - free(tmp); - free(bopomofo); + free(tmp); + free(bopomofo); + } } *dest = temp_dest; diff --git a/src/common/media-svc-media-folder.c b/src/common/media-svc-media-folder.c index e0db2ec..76d6d24 100755 --- a/src/common/media-svc-media-folder.c +++ b/src/common/media-svc-media-folder.c @@ -806,6 +806,14 @@ int _media_svc_get_null_scan_folder_list(sqlite3 *handle, const char *storage_id } *folder_list = malloc(sizeof(char *) * cnt); + if (*folder_list == NULL) { + media_svc_error("Allocation failed"); + + *folder_list = NULL; + *count = 0; + + return MS_MEDIA_ERR_OUT_OF_MEMORY; + } while (1) { (*folder_list)[idx] = strdup((char *)sqlite3_column_text(sql_stmt, 0)); diff --git a/src/common/media-svc-storage.c b/src/common/media-svc-storage.c index 92692a9..29a1c5f 100755 --- a/src/common/media-svc-storage.c +++ b/src/common/media-svc-storage.c @@ -415,11 +415,20 @@ int _media_svc_get_all_storage(sqlite3 *handle, char ***storage_list, char ***st *storage_list = malloc(sizeof(char *) * cnt); *storage_id_list = malloc(sizeof(char *) * cnt); *scan_status_list = malloc(sizeof(int) * cnt); + if (*storage_list == NULL || *storage_id_list == NULL || *scan_status_list == NULL) { + media_svc_error("Allocation failed"); + SAFE_FREE(*storage_list); + SAFE_FREE(*storage_id_list); + SAFE_FREE(*scan_status_list); + SQLITE3_SAFE_FREE(sql); + return MS_MEDIA_ERR_OUT_OF_MEMORY; + } ret = _media_svc_sql_prepare_to_step(handle, sql, &sql_stmt); if (ret != MS_MEDIA_ERR_NONE) { media_svc_error("prepare error [%s]", sqlite3_errmsg(handle)); SAFE_FREE(*storage_list); + SAFE_FREE(*storage_id_list); SAFE_FREE(*scan_status_list); return ret; } diff --git a/src/common/media-svc-util.c b/src/common/media-svc-util.c index d3492c8..57fcc54 100755 --- a/src/common/media-svc-util.c +++ b/src/common/media-svc-util.c @@ -304,8 +304,8 @@ static int __media_svc_get_exif_info(ExifData *ed, char *buf, int *i_value, doub /* Get the contents of the tag in human-readable form */ char gps_buf[MEDIA_SVC_METADATA_LEN_MAX + 1] = {0, }; + memset(gps_buf, 0, sizeof(gps_buf)); exif_entry_get_value(entry, gps_buf, sizeof(gps_buf)); - gps_buf[strlen(gps_buf)] = '\0'; int ret = MS_MEDIA_ERR_NONE; double tmp_arr[3] = { 0.0, 0.0, 0.0 }; @@ -349,7 +349,6 @@ static int __media_svc_get_exif_info(ExifData *ed, char *buf, int *i_value, doub } exif_entry_get_value(entry, buf, MEDIA_SVC_METADATA_LEN_MAX); - buf[strlen(buf)] = '\0'; } } @@ -1479,13 +1478,9 @@ int _media_svc_extract_image_metadata(sqlite3 *handle, media_svc_content_info_s char buf[MEDIA_SVC_METADATA_LEN_MAX + 1] = { '\0' }; char description_buf[MEDIA_SVC_METADATA_DESCRIPTION_MAX + 1] = { '\0' }; - char exposure_time_buf[MEDIA_SVC_METADATA_LEN_MAX + 1] = { '\0' }; - char model_buf[MEDIA_SVC_METADATA_LEN_MAX + 1] = { '\0' }; memset(buf, 0x00, sizeof(buf)); memset(description_buf, 0x00, sizeof(description_buf)); - memset(exposure_time_buf, 0x00, sizeof(exposure_time_buf)); - memset(model_buf, 0x00, sizeof(model_buf)); if (content_info == NULL || content_info->media_type != MEDIA_SVC_MEDIA_TYPE_IMAGE) { media_svc_error("content_info == NULL || media_type != MEDIA_SVC_MEDIA_TYPE_IMAGE"); @@ -1538,7 +1533,7 @@ int _media_svc_extract_image_metadata(sqlite3 *handle, media_svc_content_info_s content_info->media_meta.longitude = MEDIA_SVC_DEFAULT_GPS_VALUE; } - memset(buf, 0x00, sizeof(buf)); + memset(description_buf, 0x00, sizeof(description_buf)); if (__media_svc_get_exif_info(ed, description_buf, NULL, NULL, EXIF_TAG_IMAGE_DESCRIPTION) == MS_MEDIA_ERR_NONE) { if (strlen(description_buf) == 0) { @@ -1603,12 +1598,14 @@ int _media_svc_extract_image_metadata(sqlite3 *handle, media_svc_content_info_s media_svc_debug("Timeline : %ld", content_info->timeline); } + memset(buf, 0x00, sizeof(buf)); + /* Get exposure_time value from exif. */ - if (__media_svc_get_exif_info(ed, exposure_time_buf, NULL, NULL, EXIF_TAG_EXPOSURE_TIME) == MS_MEDIA_ERR_NONE) { - if (strlen(exposure_time_buf) == 0) { + if (__media_svc_get_exif_info(ed, buf, NULL, NULL, EXIF_TAG_EXPOSURE_TIME) == MS_MEDIA_ERR_NONE) { + if (strlen(buf) == 0) { /* media_svc_debug("exposure_time_buf is NULL"); */ } else { - ret = __media_svc_malloc_and_strncpy(&content_info->media_meta.exposure_time, exposure_time_buf); + ret = __media_svc_malloc_and_strncpy(&content_info->media_meta.exposure_time, buf); if (ret != MS_MEDIA_ERR_NONE) media_svc_error("strcpy error"); } @@ -1634,12 +1631,14 @@ int _media_svc_extract_image_metadata(sqlite3 *handle, media_svc_content_info_s content_info->media_meta.iso = 0; } + memset(buf, 0x00, sizeof(buf)); + /* Get model value from exif. */ - if (__media_svc_get_exif_info(ed, model_buf, NULL, NULL, EXIF_TAG_MODEL) == MS_MEDIA_ERR_NONE) { - if (strlen(model_buf) == 0) { + if (__media_svc_get_exif_info(ed, buf, NULL, NULL, EXIF_TAG_MODEL) == MS_MEDIA_ERR_NONE) { + if (strlen(buf) == 0) { /* media_svc_debug("model_buf is NULL"); */ } else { - ret = __media_svc_malloc_and_strncpy(&content_info->media_meta.model, model_buf); + ret = __media_svc_malloc_and_strncpy(&content_info->media_meta.model, buf); if (ret != MS_MEDIA_ERR_NONE) media_svc_error("strcpy error"); } diff --git a/src/include/common/media-svc-localize-utils.h b/src/include/common/media-svc-localize-utils.h index 463af1c..101dbe9 100755 --- a/src/include/common/media-svc-localize-utils.h +++ b/src/include/common/media-svc-localize-utils.h @@ -19,6 +19,8 @@ #ifndef __MEDIA_SVC_LOCALIZE_UTILS_H__ #define __MEDIA_SVC_LOCALIZE_UTILS_H__ +#include "media-svc-util.h" + #define array_sizeof(a) (sizeof(a) / sizeof(a[0])) #define MEDIA_SVC_COMPARE_BETWEEN(left_range, value, right_range) (((left_range) <= (value)) && ((value) <= (right_range))) diff --git a/src/include/common/media-svc-util.h b/src/include/common/media-svc-util.h index 81d17e2..e16fa85 100755 --- a/src/include/common/media-svc-util.h +++ b/src/include/common/media-svc-util.h @@ -46,6 +46,9 @@ extern "C" { #define STRING_VALID(str) \ ((str != NULL && strlen(str) > 0) ? TRUE : FALSE) +#define SAFE_STRLCAT(dst, src, n) g_strlcat(dst, src, n); +#define SAFE_STRLCPY(dst, src, n) g_strlcpy(dst, src, n); + char *_media_info_generate_uuid(void); void _strncpy_safe(char *x_dst, const char *x_src, int max_len); int _media_svc_rename_file(const char *old_name, const char *new_name); -- 2.7.4