[0.6.288] Fix coverity/Svace issues

- coverity: Out-of-bounds read, Dereference after null check
- svace: SIGNED_TO_BIGGER_UNSIGNED, SIGN_EXTENSION

Change-Id: Ic25acf4b45447888ca6570cf68e5f296fd5c68ac

diff --git a/packaging/libmm-player.spec b/packaging/libmm-player.spec
index 2c6bdaf..8d7e461 100644 (file)
--- a/packaging/libmm-player.spec
+++ b/packaging/libmm-player.spec
@@ -1,6 +1,6 @@
 Name:       libmm-player
 Summary:    Multimedia Framework Player Library
-Version:    0.6.287
+Version:    0.6.288
 Release:    0
 Group:      Multimedia/Libraries
 License:    Apache-2.0

diff --git a/src/mm_player_attrs.c b/src/mm_player_attrs.c
index 0cc0e04..e28f71b 100644 (file)
--- a/src/mm_player_attrs.c
+++ b/src/mm_player_attrs.c
@@ -1205,7 +1205,7 @@ MMHandleType _mmplayer_construct_attribute(MMHandleType handle)
 
        num_of_attrs = ARRAY_SIZE(player_attrs);
 
-       base = g_try_new(MMAttrsConstructInfo, num_of_attrs);
+       base = g_try_new(MMAttrsConstructInfo, (gsize)num_of_attrs);
        if (!base) {
                LOGE("failed to alloc attrs constructor");
                return NULL;

diff --git a/src/mm_player_gst.c b/src/mm_player_gst.c
index 8924690..c240c25 100644 (file)
--- a/src/mm_player_gst.c
+++ b/src/mm_player_gst.c
@@ -2098,6 +2098,11 @@ __mmplayer_gst_bus_msg_callback(GstMessage *msg, gpointer data)
                                GstStream *stream = gst_message_streams_selected_get_stream(msg, i);
                                mmplayer_track_type_e type = __mmplayer_convert_gst_stream_type_to_track_type(
                                                        gst_stream_get_stream_type(stream));
+                               if (type == MM_PLAYER_TRACK_TYPE_MAX) {
+                                       LOGD("not supported track type");
+                                       gst_object_unref(stream);
+                                       break;
+                               }
                                LOGD ("  Stream #%d : %s\n", i, gst_stream_get_stream_id(stream));
                                if (player->track[type].active_track_index == INVALID_TRACK_INDEX) {
                                        int stream_index = INVALID_TRACK_INDEX;
@@ -2109,7 +2114,7 @@ __mmplayer_gst_bus_msg_callback(GstMessage *msg, gpointer data)
                                }
                                gst_object_unref(stream);
                        }
-                       gst_object_unref (collection);
+                       gst_object_unref(collection);
                }
        } break;
 
@@ -4206,7 +4211,7 @@ _mmplayer_gst_get_buffer_position(mmplayer_t *player, int *start_pos, int *end_p
                                g_object_get(G_OBJECT(mainbin[MMPLAYER_M_DEMUXED_S_BUFFER].gst),
                                        "curr-size-bytes", &curr_size_bytes, NULL);
                                LOGD("curr_size_bytes of multiqueue = %d", curr_size_bytes);
-                               buffered_total += curr_size_bytes;
+                               buffered_total += (gint64)curr_size_bytes;
                        }
 
                        if (avg_byterate > 0)

diff --git a/src/mm_player_priv.c b/src/mm_player_priv.c
index 1925e54..aadaca9 100644 (file)
--- a/src/mm_player_priv.c
+++ b/src/mm_player_priv.c
@@ -6078,12 +6078,10 @@ _mmplayer_typefind_have_type(GstElement *tf, guint probability,
 
        MMPLAYER_RETURN_IF_FAIL(player && tf && caps);
 
-       MMPLAYER_LOG_GST_CAPS_TYPE(caps);
        MMPLAYER_FREEIF(player->type_caps_str);
        player->type_caps_str = gst_caps_to_string(caps);
-       if (player->type_caps_str)
-               LOGD("[handle: %p] media type %s found, probability %d%% / %d",
-                               player, player->type_caps_str, probability, gst_caps_get_size(caps));
+       LOGD("[handle: %p] media type %s found, probability %d%% / %d",
+                       player, player->type_caps_str, probability, gst_caps_get_size(caps));
 
        if ((!MMPLAYER_IS_RTSP_STREAMING(player)) &&
                (g_strrstr(player->type_caps_str, "audio/x-raw-int"))) {