Fix prevent issue

- src/sap.c: overrun-local
Overrunning static array of size 0 bytes at byte position 0 by accessing
with pointer "&req_atr" through dereference in call to "memset(void *, int,
size_t)". (The dereference is assumed on the basis of the 'nonnull'
parameter attribute.)

diff --git a/packaging/tel-plugin-dbus_tapi.spec b/packaging/tel-plugin-dbus_tapi.spec
index a5d65cc..44749c9 100644 (file)
--- a/packaging/tel-plugin-dbus_tapi.spec
+++ b/packaging/tel-plugin-dbus_tapi.spec
@@ -1,6 +1,6 @@
 %define major 0
 %define minor 1
-%define patchlevel 215
+%define patchlevel 216
 Name: tel-plugin-dbus_tapi
 Summary: dbus-tapi plugin for telephony
 Version:    %{major}.%{minor}.%{patchlevel}

diff --git a/src/sap.c b/src/sap.c
index 2b1ef52..d7e39d8 100644 (file)
--- a/src/sap.c
+++ b/src/sap.c
@@ -71,15 +71,12 @@ static gboolean on_sap_disconnect(TelephonySap *sap, GDBusMethodInvocation *invo
        struct custom_data *ctx = user_data;
        UserRequest *ur = NULL;
        TReturn ret;
-       struct treq_sap_req_disconnect req_disconn;
 
        if (check_access_control(invocation, AC_SAP, "x") == FALSE)
                return FALSE;
 
        ur = MAKE_UR(ctx, sap, invocation);
-       memset(&req_disconn, 0, sizeof(struct treq_sap_req_disconnect));
 
-       tcore_user_request_set_data(ur, sizeof(struct treq_sap_req_disconnect), &req_disconn);
        tcore_user_request_set_command(ur, TREQ_SAP_REQ_DISCONNECT);
        ret = tcore_communicator_dispatch_request(ctx->comm, ur);
        if(ret != TCORE_RETURN_SUCCESS) {
@@ -95,15 +92,12 @@ static gboolean on_sap_get_status(TelephonySap *sap, GDBusMethodInvocation *invo
        struct custom_data *ctx = user_data;
        UserRequest *ur = NULL;
        TReturn ret;
-       struct treq_sap_req_status req_status;
 
        if (check_access_control(invocation, AC_SAP, "r") == FALSE)
                return FALSE;
 
        ur = MAKE_UR(ctx, sap, invocation);
-       memset(&req_status, 0, sizeof(struct treq_sap_req_status));
 
-       tcore_user_request_set_data(ur, sizeof(struct treq_sap_req_status), &req_status);
        tcore_user_request_set_command(ur, TREQ_SAP_REQ_STATUS);
        ret = tcore_communicator_dispatch_request(ctx->comm, ur);
        if(ret != TCORE_RETURN_SUCCESS) {
@@ -119,15 +113,12 @@ static gboolean on_sap_get_atr(TelephonySap *sap, GDBusMethodInvocation *invocat
        struct custom_data *ctx = user_data;
        UserRequest *ur = NULL;
        TReturn ret;
-       struct treq_sap_req_atr req_atr;
 
        if (check_access_control(invocation, AC_SAP, "r") == FALSE)
                return FALSE;
 
        ur = MAKE_UR(ctx, sap, invocation);
-       memset(&req_atr, 0, sizeof(struct treq_sap_req_atr));
 
-       tcore_user_request_set_data(ur, sizeof(struct treq_sap_req_atr), &req_atr);
        tcore_user_request_set_command(ur, TREQ_SAP_REQ_ATR);
        ret = tcore_communicator_dispatch_request(ctx->comm, ur);
        if(ret != TCORE_RETURN_SUCCESS) {
@@ -256,15 +247,12 @@ static gboolean on_sap_get_card_reader_status(TelephonySap *sap, GDBusMethodInvo
        struct custom_data *ctx = user_data;
        UserRequest *ur = NULL;
        TReturn ret;
-       struct treq_sap_req_cardreaderstatus req_reader;
 
        if (check_access_control(invocation, AC_SAP, "r") == FALSE)
                return FALSE;
 
        ur = MAKE_UR(ctx, sap, invocation);
-       memset(&req_reader, 0, sizeof(struct treq_sap_req_cardreaderstatus));
 
-       tcore_user_request_set_data(ur, sizeof(struct treq_sap_req_cardreaderstatus), &req_reader);
        tcore_user_request_set_command(ur, TREQ_SAP_REQ_CARDREADERSTATUS);
        ret = tcore_communicator_dispatch_request(ctx->comm, ur);
        if(ret != TCORE_RETURN_SUCCESS) {