From bab08de14e14ea80c60ea4a79b0e922ce326422b Mon Sep 17 00:00:00 2001 From: Wootak Jung Date: Wed, 14 Mar 2018 10:27:00 +0900 Subject: [PATCH] Fix NULL dereference issue and uninitialized variable issue Change-Id: I6ef90d64a29ef0ac7f0ee28f23dd4361e5aeba16 --- hf-agent/bluetooth-hf-agent.c | 2 +- map-agent/bluetooth_map_agent.c | 3 +++ map-agent/bluetooth_map_email.c | 7 ++++++- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/hf-agent/bluetooth-hf-agent.c b/hf-agent/bluetooth-hf-agent.c index 95a46b4..8c2857c 100755 --- a/hf-agent/bluetooth-hf-agent.c +++ b/hf-agent/bluetooth-hf-agent.c @@ -1639,7 +1639,7 @@ static int __bt_hf_agent_handler_xsat(bt_hf_agent_info_t *bt_hf_info, if (stop) msg = strtok_r(stop + 1, "\\", &save_ptr); - if (app_id || msg) { + if (app_id > 0 && msg) { if (app_id == 2 && strstr(msg, "READTXPOWER")) { char cmd_buf[BT_HF_CMD_BUF_SIZE * 2] = {0, }; char power = __bt_hf_agent_get_tx_power(bt_hf_info->remote_addr); diff --git a/map-agent/bluetooth_map_agent.c b/map-agent/bluetooth_map_agent.c index 5f59b9f..df0a86f 100644 --- a/map-agent/bluetooth_map_agent.c +++ b/map-agent/bluetooth_map_agent.c @@ -602,6 +602,9 @@ time_t _get_time_t_from_timestamp(char *timestamp) ymd = strtol(timestamp, &ptr, 10); hms = strtol(ptr + 1, &ptr2, 10); + /* Initialize local_time */ + memset(&local_time, 0, sizeof(struct tm)); + /* parse year, month, day */ local_time.tm_mday = ymd % 100; ymd = (ymd - local_time.tm_mday) / 100; diff --git a/map-agent/bluetooth_map_email.c b/map-agent/bluetooth_map_email.c index 03c0ea2..0709816 100644 --- a/map-agent/bluetooth_map_email.c +++ b/map-agent/bluetooth_map_email.c @@ -744,6 +744,12 @@ static char *__bt_prepare_email_bmseg(email_mail_data_t *mail_data) if (body_file != NULL) { fseek(body_file, 0, SEEK_END); email_size = ftell(body_file); + if (email_size <= 0) { + ERR("email_size is not a positive number"); + g_string_free(msg, TRUE); + fclose(body_file); + return NULL; + } rewind(body_file); buf = (char *)g_malloc0(sizeof(char) * email_size); @@ -752,7 +758,6 @@ static char *__bt_prepare_email_bmseg(email_mail_data_t *mail_data) DBG("MESSAGE: [%s]", buf); if (read_size != email_size) { ERR("Unequal Read size"); - email_free_mail_data(&mail_data, 1); g_string_free(msg, TRUE); g_free(buf); return NULL; -- 2.7.4