Fix NULL dereference issue and uninitialized variable issue

author Wootak Jung <wootak.jung@samsung.com>

Wed, 14 Mar 2018 01:27:00 +0000 (10:27 +0900)

committer Wootak Jung <wootak.jung@samsung.com>

Wed, 14 Mar 2018 02:09:05 +0000 (11:09 +0900)
author Wootak Jung <wootak.jung@samsung.com>
Wed, 14 Mar 2018 01:27:00 +0000 (10:27 +0900)
committer Wootak Jung <wootak.jung@samsung.com>
Wed, 14 Mar 2018 02:09:05 +0000 (11:09 +0900)
diff --git a/hf-agent/bluetooth-hf-agent.c b/hf-agent/bluetooth-hf-agent.c

index 95a46b4..8c2857c 100755 (executable)
--- a/hf-agent/bluetooth-hf-agent.c
+++ b/hf-agent/bluetooth-hf-agent.c
@@ -1639,7 +1639,7 @@ static int __bt_hf_agent_handler_xsat(bt_hf_agent_info_t *bt_hf_info,
         if (stop)
                 msg = strtok_r(stop + 1, "\\", &save_ptr);
  
-       if (app_id || msg) {
+       if (app_id > 0 && msg) {
                 if (app_id == 2 && strstr(msg, "READTXPOWER")) {
                         char cmd_buf[BT_HF_CMD_BUF_SIZE * 2] = {0, };
                         char power = __bt_hf_agent_get_tx_power(bt_hf_info->remote_addr);
diff --git a/map-agent/bluetooth_map_agent.c b/map-agent/bluetooth_map_agent.c

index 5f59b9f..df0a86f 100644 (file)
--- a/map-agent/bluetooth_map_agent.c
+++ b/map-agent/bluetooth_map_agent.c
@@ -602,6 +602,9 @@ time_t _get_time_t_from_timestamp(char *timestamp)
         ymd = strtol(timestamp, &ptr, 10);
         hms = strtol(ptr + 1, &ptr2, 10);
  
+       /* Initialize local_time */
+       memset(&local_time, 0, sizeof(struct tm));
+
         /* parse year, month, day */
         local_time.tm_mday = ymd % 100;
         ymd = (ymd - local_time.tm_mday) / 100;
diff --git a/map-agent/bluetooth_map_email.c b/map-agent/bluetooth_map_email.c

index 03c0ea2..0709816 100644 (file)
--- a/map-agent/bluetooth_map_email.c
+++ b/map-agent/bluetooth_map_email.c
@@ -744,6 +744,12 @@ static char *__bt_prepare_email_bmseg(email_mail_data_t *mail_data)
         if (body_file != NULL) {
                 fseek(body_file, 0, SEEK_END);
                 email_size = ftell(body_file);
+               if (email_size <= 0) {
+                       ERR("email_size is not a positive number");
+                       g_string_free(msg, TRUE);
+                       fclose(body_file);
+                       return NULL;
+               }
                 rewind(body_file);
  
                 buf = (char *)g_malloc0(sizeof(char) * email_size);
@@ -752,7 +758,6 @@ static char *__bt_prepare_email_bmseg(email_mail_data_t *mail_data)
                 DBG("MESSAGE: [%s]", buf);
                 if (read_size != email_size) {
                         ERR("Unequal Read size");
-                       email_free_mail_data(&mail_data, 1);
                         g_string_free(msg, TRUE);
                         g_free(buf);
                         return NULL;
author	Wootak Jung <wootak.jung@samsung.com>
	Wed, 14 Mar 2018 01:27:00 +0000 (10:27 +0900)
committer	Wootak Jung <wootak.jung@samsung.com>
	Wed, 14 Mar 2018 02:09:05 +0000 (11:09 +0900)
hf-agent/bluetooth-hf-agent.c		patch \| blob \| history
map-agent/bluetooth_map_agent.c		patch \| blob \| history
map-agent/bluetooth_map_email.c		patch \| blob \| history