From: saerome kim <saerome.kim@samsung.com>
Date: Wed, 8 Feb 2017 11:51:26 +0000 (+0900)
Subject: Fix a segmentation fault error when calling read_attribute_req API
X-Git-Tag: submit/tizen/20170512.045637~21
X-Git-Url: http://review.tizen.org/git/?p=platform%2Fcore%2Fconnectivity%2Fzigbee-manager.git;a=commitdiff_plain;h=19aece10df7b4dcee03bad7ead3137accd37c57b

Fix a segmentation fault error when calling read_attribute_req API

- error message
Program terminated with signal SIGSEGV, Segmentation fault.
    at /usr/src/debug/zigbee-plugin-ember-0.0.1/ember/app/framework/util/af-main-host.c:6328

Change-Id: Iead9324095448bba489bc5be0cb3dfe2eb5e00d8
Signed-off-by: saerome kim <saerome.kim@samsung.com>
---

diff --git a/zigbee-daemon/zigbee-interface/src/zigbee_service_dbus_interface_zcl_global_control.c b/zigbee-daemon/zigbee-interface/src/zigbee_service_dbus_interface_zcl_global_control.c
index dd66b3f..d90560c 100644
--- a/zigbee-daemon/zigbee-interface/src/zigbee_service_dbus_interface_zcl_global_control.c
+++ b/zigbee-daemon/zigbee-interface/src/zigbee_service_dbus_interface_zcl_global_control.c
@@ -90,13 +90,13 @@ static gboolean on_zclglobal_control_read_attributes_req(ZigbeeZcl_global_contro
 	ZigbeeServiceInterfaceRespCbData_t *resp_cb_data = NULL;
 
 	GVariantIter *iter = NULL;
-	gint i = 0;
+	guint i = 0;
 
 	gboolean ret;
 
 	memset(&req, 0x0, sizeof(ZigbeeZclGlobalControlReadAttributesRequest_t));
 
-	req.attribute_id = g_try_malloc0_n(attribute_ids_length, sizeof(unsigned char));
+	req.attribute_id = g_try_malloc0_n(attribute_ids_length, sizeof(unsigned short));
 	if (NULL == req.attribute_id) {
 		Z_LOGE("Failed to allocation !");
 
@@ -110,7 +110,7 @@ static gboolean on_zclglobal_control_read_attributes_req(ZigbeeZcl_global_contro
 	g_variant_get(attribute_id, "a(y)", &iter);
 	while (g_variant_iter_loop(iter, "(y)", &(req.attribute_id[i]))) {
 		i++;
-		if (i >= attribute_ids_length)
+		if (i >= (attribute_ids_length * sizeof(unsigned short)))
 			break;
 	}
 	req.attribute_id_len = attribute_ids_length;
diff --git a/zigbee-daemon/zigbee-lib/src/zblib_request.c b/zigbee-daemon/zigbee-lib/src/zblib_request.c
index 23f2c6d..3bf18fc 100644
--- a/zigbee-daemon/zigbee-lib/src/zblib_request.c
+++ b/zigbee-daemon/zigbee-lib/src/zblib_request.c
@@ -1484,12 +1484,16 @@ static gpointer __zblib_request_create_zcl_global_control_request_data(guint req
 
 		in_req = (ZigbeeZclGlobalControlReadAttributesRequest_t *)request_data;
 		if (NULL != in_req) {
+			guint i;
 			/* Allocate memory */
 			req = (ZigbeeZclGlobalControlReadAttributesRequest_t *)
 				g_malloc0(sizeof(ZigbeeZclGlobalControlReadAttributesRequest_t));
 
 			/* Copy data */
-			req->attribute_id = g_memdup(in_req->attribute_id, in_req->attribute_id_len);
+			for (i = 0; i < (in_req->attribute_id_len * sizeof(short)); i++)
+				Z_LOGE("in_req->attribute_id[%d] = 0x%X", i, in_req->attribute_id[i]);
+			req->attribute_id = g_memdup(in_req->attribute_id,
+				in_req->attribute_id_len * sizeof(short));
 			req->attribute_id_len = in_req->attribute_id_len;
 			req->node_id = in_req->node_id;
 			req->cluster_id = in_req->cluster_id;