From bab7e7ba96153a95cc3db601578b2934e990507b Mon Sep 17 00:00:00 2001
From: Seungbae Shin <seungbae.shin@samsung.com>
Date: Tue, 18 Jul 2017 20:16:42 +0900
Subject: [PATCH] Fix possible buffer overflow using strncat

 + Fix svace detected issue of checking range of enum value

[Version] 0.1.26
[Profile] Common
[Issue Type] Security

Change-Id: If9781777feb3d63a681a17ca6dc7eb31b9864a67
---
 packaging/capi-media-wav-player.spec | 2 +-
 src/wav_player.c                     | 6 +++---
 src/wav_player_private.c             | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/packaging/capi-media-wav-player.spec b/packaging/capi-media-wav-player.spec
index 2e600eb..019f1a2 100755
--- a/packaging/capi-media-wav-player.spec
+++ b/packaging/capi-media-wav-player.spec
@@ -1,6 +1,6 @@
 Name:       capi-media-wav-player
 Summary:    A wav player library in Tizen C API
-Version:    0.1.25
+Version:    0.1.26
 Release:    0
 Group:      Multimedia/API
 License:    Apache-2.0
diff --git a/src/wav_player.c b/src/wav_player.c
index a8f3049..5ef7529 100755
--- a/src/wav_player.c
+++ b/src/wav_player.c
@@ -47,15 +47,15 @@ int wav_player_start(const char *path, sound_type_e type, wav_player_playback_co
 	if (path == NULL)
 		return _convert_wav_player_error_code(__func__, WAV_PLAYER_ERROR_INVALID_PARAMETER);
 
-	if (type < SOUND_TYPE_SYSTEM || type >= SOUND_TYPE_NUM)
+	if (type >= SOUND_TYPE_NUM)
 		return _convert_wav_player_error_code(__func__, WAV_PLAYER_ERROR_INVALID_PARAMETER);
 
 	m_path[0] = '\0';
 	if (path[0] != '/') {
 		if (getcwd(m_path, PATH_MAX) != NULL)
-			strncat(m_path, "/", PATH_MAX-strlen(m_path));
+			strncat(m_path, "/", PATH_MAX - strlen(m_path) - 1);
 	}
-	strncat(m_path, path, PATH_MAX-strlen(m_path));
+	strncat(m_path, path, PATH_MAX - strlen(m_path) - 1);
 
 	if (cb) {
 		_completed_cb = _internal_complete_cb;
diff --git a/src/wav_player_private.c b/src/wav_player_private.c
index 4a0e649..ee918db 100755
--- a/src/wav_player_private.c
+++ b/src/wav_player_private.c
@@ -105,9 +105,9 @@ int _start_with_stream_info(const char *path, sound_stream_info_h stream_info, u
 	if (path[0] != '/') {
 
 		if (getcwd(m_path, PATH_MAX) != NULL)
-			strncat(m_path, "/", PATH_MAX-strlen(m_path));
+			strncat(m_path, "/", PATH_MAX - strlen(m_path) - 1);
 	}
-	strncat(m_path, path, PATH_MAX-strlen(m_path));
+	strncat(m_path, path, PATH_MAX - strlen(m_path) - 1);
 
 	if (callback) {
 		_completed_cb = _internal_complete_cb;
-- 
2.7.4