From b54b4b16f233d61f588a3d80bb56cf1794abbf40 Mon Sep 17 00:00:00 2001
From: Hyunho Kang <hhstark.kang@samsung.com>
Date: Thu, 16 Jun 2016 11:30:01 +0900
Subject: [PATCH] Fix tainted int

Change-Id: I4b7f89fc432b2b4203370633cb76b263a6717db9
Signed-off-by: Hyunho Kang <hhstark.kang@samsung.com>
---
 src/message-port.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/message-port.c b/src/message-port.c
index a43ba36..4d4699f 100755
--- a/src/message-port.c
+++ b/src/message-port.c
@@ -579,7 +579,7 @@ static int __read_string_from_socket(int fd, char **buffer, int *string_len)
 		LOGE("read socket fail");
 		return MESSAGEPORT_ERROR_IO_ERROR;
 	}
-	if (*string_len > 0) {
+	if (*string_len > 0 && *string_len < MAX_MESSAGE_SIZE) {
 		*buffer = (char *)calloc(*string_len, sizeof(char));
 		if (*buffer == NULL) {
 			LOGE("Out of memory.");
@@ -589,6 +589,9 @@ static int __read_string_from_socket(int fd, char **buffer, int *string_len)
 			LOGE("read socket fail");
 			return MESSAGEPORT_ERROR_IO_ERROR;
 		}
+	} else {
+		LOGE("Invalid string len %d", &string_len);
+		return MESSAGEPORT_ERROR_IO_ERROR;
 	}
 	return MESSAGEPORT_ERROR_NONE;
 }
-- 
2.7.4