From c774982fd8d8002f9908e148a84d92ddef02e46f Mon Sep 17 00:00:00 2001 From: Sangchul Lee Date: Mon, 4 Jul 2016 20:53:27 +0900 Subject: [PATCH] Fix SVACE defects: add checking higher bound [Version] 0.1.16 [Profile] Mobile [Issue Type] Bug Fix Change-Id: I691a224f0a6cbc2516ece540e51d8bdc3144dae5 Signed-off-by: Sangchul Lee --- packaging/audio-hal-sc7727.spec | 2 +- tizen-audio-volume.c | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/packaging/audio-hal-sc7727.spec b/packaging/audio-hal-sc7727.spec index c651260..cf665c1 100644 --- a/packaging/audio-hal-sc7727.spec +++ b/packaging/audio-hal-sc7727.spec @@ -1,6 +1,6 @@ Name: audio-hal-sc7727 Summary: TIZEN Audio HAL for SC7727 -Version: 0.1.15 +Version: 0.1.16 Release: 0 Group: System/Libraries License: Apache-2.0 diff --git a/tizen-audio-volume.c b/tizen-audio-volume.c index da10975..f607718 100644 --- a/tizen-audio-volume.c +++ b/tizen-audio-volume.c @@ -40,6 +40,7 @@ #define RADIO_TUNING_ENABLE "tuning:enable" #define RADIO_TUNING_VOLUME_LEVELS "fmradio:volume_levels" #define RADIO_TUNING_VOLUME_TABLE "fmradio:volume_table" +#define RADIO_VOLUME_NUM_MAX 100 static const char *g_volume_vconf[AUDIO_VOLUME_TYPE_MAX] = { "file/private/sound/volume/system", /* AUDIO_VOLUME_TYPE_SYSTEM */ @@ -310,15 +311,15 @@ static audio_return_t __load_radio_volume_table(int** volume_table, int *number_ } *number_of_elements = iniparser_getint(dict, RADIO_TUNING_VOLUME_LEVELS, -1); - if (*number_of_elements <= 0) { + if (*number_of_elements <= 0 || *number_of_elements > RADIO_VOLUME_NUM_MAX) { AUDIO_LOG_ERROR("invalid number of elements, %d", *number_of_elements); ret = AUDIO_ERR_INTERNAL; goto error; } temp_table = (int *)malloc((*number_of_elements) * sizeof(int)); - if (!temp_table) { + if (!temp_table) goto error; - } + *volume_table = temp_table; list_str = iniparser_getstring(dict, RADIO_TUNING_VOLUME_TABLE, NULL); -- 2.7.4