From 068ef45cc7f3e7073a5af738b59876f1c7ac0a48 Mon Sep 17 00:00:00 2001 From: "wootak.jung" Date: Thu, 27 Jun 2013 10:43:46 +0900 Subject: [PATCH] Fix prevent issue - src/sap.c: overrun-local Overrunning static array of size 0 bytes at byte position 0 by accessing with pointer "&req_atr" through dereference in call to "memset(void *, int, size_t)". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.) --- packaging/tel-plugin-dbus_tapi.spec | 2 +- src/sap.c | 12 ------------ 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/packaging/tel-plugin-dbus_tapi.spec b/packaging/tel-plugin-dbus_tapi.spec index a5d65cc..44749c9 100644 --- a/packaging/tel-plugin-dbus_tapi.spec +++ b/packaging/tel-plugin-dbus_tapi.spec @@ -1,6 +1,6 @@ %define major 0 %define minor 1 -%define patchlevel 215 +%define patchlevel 216 Name: tel-plugin-dbus_tapi Summary: dbus-tapi plugin for telephony Version: %{major}.%{minor}.%{patchlevel} diff --git a/src/sap.c b/src/sap.c index 2b1ef52..d7e39d8 100644 --- a/src/sap.c +++ b/src/sap.c @@ -71,15 +71,12 @@ static gboolean on_sap_disconnect(TelephonySap *sap, GDBusMethodInvocation *invo struct custom_data *ctx = user_data; UserRequest *ur = NULL; TReturn ret; - struct treq_sap_req_disconnect req_disconn; if (check_access_control(invocation, AC_SAP, "x") == FALSE) return FALSE; ur = MAKE_UR(ctx, sap, invocation); - memset(&req_disconn, 0, sizeof(struct treq_sap_req_disconnect)); - tcore_user_request_set_data(ur, sizeof(struct treq_sap_req_disconnect), &req_disconn); tcore_user_request_set_command(ur, TREQ_SAP_REQ_DISCONNECT); ret = tcore_communicator_dispatch_request(ctx->comm, ur); if(ret != TCORE_RETURN_SUCCESS) { @@ -95,15 +92,12 @@ static gboolean on_sap_get_status(TelephonySap *sap, GDBusMethodInvocation *invo struct custom_data *ctx = user_data; UserRequest *ur = NULL; TReturn ret; - struct treq_sap_req_status req_status; if (check_access_control(invocation, AC_SAP, "r") == FALSE) return FALSE; ur = MAKE_UR(ctx, sap, invocation); - memset(&req_status, 0, sizeof(struct treq_sap_req_status)); - tcore_user_request_set_data(ur, sizeof(struct treq_sap_req_status), &req_status); tcore_user_request_set_command(ur, TREQ_SAP_REQ_STATUS); ret = tcore_communicator_dispatch_request(ctx->comm, ur); if(ret != TCORE_RETURN_SUCCESS) { @@ -119,15 +113,12 @@ static gboolean on_sap_get_atr(TelephonySap *sap, GDBusMethodInvocation *invocat struct custom_data *ctx = user_data; UserRequest *ur = NULL; TReturn ret; - struct treq_sap_req_atr req_atr; if (check_access_control(invocation, AC_SAP, "r") == FALSE) return FALSE; ur = MAKE_UR(ctx, sap, invocation); - memset(&req_atr, 0, sizeof(struct treq_sap_req_atr)); - tcore_user_request_set_data(ur, sizeof(struct treq_sap_req_atr), &req_atr); tcore_user_request_set_command(ur, TREQ_SAP_REQ_ATR); ret = tcore_communicator_dispatch_request(ctx->comm, ur); if(ret != TCORE_RETURN_SUCCESS) { @@ -256,15 +247,12 @@ static gboolean on_sap_get_card_reader_status(TelephonySap *sap, GDBusMethodInvo struct custom_data *ctx = user_data; UserRequest *ur = NULL; TReturn ret; - struct treq_sap_req_cardreaderstatus req_reader; if (check_access_control(invocation, AC_SAP, "r") == FALSE) return FALSE; ur = MAKE_UR(ctx, sap, invocation); - memset(&req_reader, 0, sizeof(struct treq_sap_req_cardreaderstatus)); - tcore_user_request_set_data(ur, sizeof(struct treq_sap_req_cardreaderstatus), &req_reader); tcore_user_request_set_command(ur, TREQ_SAP_REQ_CARDREADERSTATUS); ret = tcore_communicator_dispatch_request(ctx->comm, ur); if(ret != TCORE_RETURN_SUCCESS) { -- 2.7.4