From 4d622c4e5d811f3143a66c9caa3346f37f17c5e2 Mon Sep 17 00:00:00 2001 From: Tomasz Swierczek Date: Wed, 26 Jan 2022 12:09:21 +0100 Subject: [PATCH] Fix static analysis issues ContentsType field in t_file_header is treated in few places as null-terminated string. Hence, changed operations on this field in function TADC_GetFileHeader to ensure that the null-byte stays at the end of the table. pstmt variable could be possibly released two times. Change-Id: I1bf12ff63848ade2ba7dcaef5e334662c0853152 --- tadcore/TADCCore/TADC_Core.cpp | 6 ++++-- tappsd/src/rights/DTapps2Rights.cpp | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/tadcore/TADCCore/TADC_Core.cpp b/tadcore/TADCCore/TADC_Core.cpp index a3b55f4..b2d8046 100644 --- a/tadcore/TADCCore/TADC_Core.cpp +++ b/tadcore/TADCCore/TADC_Core.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2015 Samsung Electronics Co., Ltd. + * Copyright (c) 2000-2022 Samsung Electronics Co., Ltd. * * Licensed under the Flora License, Version 1.1 (the License); * you may not use this file except in compliance with the License. @@ -1055,7 +1055,9 @@ int TADC_GetFileHeader(unsigned char *inBuffer, T_FILE_HEADER *t_FileHeader) t_FileHeader->DRMType = inBuffer[i]; i += 1; - TADC_IF_MemCpy(t_FileHeader->ContentsType, inBuffer + i, 128); + // ContentsType is treated as null-terminated string, hence 127 + // (zero is added in memset in line 1024) + TADC_IF_MemCpy(t_FileHeader->ContentsType, inBuffer + i, 127); i += 128; TADC_IF_MemCpy(&t_FileHeader->TotalSize, inBuffer + i, 8); diff --git a/tappsd/src/rights/DTapps2Rights.cpp b/tappsd/src/rights/DTapps2Rights.cpp index 55403e0..3f4fefd 100644 --- a/tappsd/src/rights/DTapps2Rights.cpp +++ b/tappsd/src/rights/DTapps2Rights.cpp @@ -1198,10 +1198,10 @@ BOOL DTapps_RIGHTS_INSTALL(const char *name, DRM_TAPPS_LOG("Release Statement........"); ret_value = DTappsStmtRelease(pstmt); + pstmt = NULL; if (ret_value != TRUE) { DRM_TAPPS_EXCEPTION("Release Statement Failed!! ret_value = %d", ret_value); - pstmt = NULL; goto Error_Exit; } @@ -1364,10 +1364,10 @@ BOOL DTapps_RIGHTS_SELECT_ONE(const char *cid, DTAPPS_RIGHTS_ROW *row) DRM_TAPPS_LOG("Release Statement........"); ret_value = DTappsStmtRelease(pstmt); + pstmt = NULL; if (ret_value != TRUE) { DRM_TAPPS_EXCEPTION("Release Statement Failed!! ret_value = %d", ret_value); - pstmt = NULL; goto Error_Exit; } -- 2.7.4