diff options
| author | Haesu Gwon <haesu.gwon@samsung.com> | 2016-09-29 21:22:55 +0900 |
|---|---|---|
| committer | Haesu Gwon <haesu.gwon@samsung.com> | 2016-09-30 11:44:56 +0900 |
| commit | f8aba8cb35e6ccc480ba20576acafa888b5b7c58 (patch) | |
| tree | af783e740a730b0277c97a83218e108014660bc9 | |
| parent | d6a9050d12494a42a006a6e95d98641fd64ceafb (diff) | |
| download | camera-f8aba8cb35e6ccc480ba20576acafa888b5b7c58.tar.gz camera-f8aba8cb35e6ccc480ba20576acafa888b5b7c58.tar.bz2 camera-f8aba8cb35e6ccc480ba20576acafa888b5b7c58.zip | |
Fix TSAM-7948submit/tizen_3.0_ivi/20161010.000010submit/tizen_3.0_ivi/20161010.000000submit/tizen/20160930.030513accepted/tizen/wearable/20160930.083621accepted/tizen/tv/20160930.083737accepted/tizen/mobile/20160930.083658accepted/tizen/ivi/20160930.083759accepted/tizen/common/20160930.174725accepted/tizen/3.0/ivi/20161011.053531
Received message is at risk for corruption with previous message. So '\0' char is added at end of tokenized message.
[Version] 0.2.76
[Profile] Common
[Issue Type] Bug fix
[Dependency module] N/A
[Dependency commit] N/A
[Test] [W(T) - Boot=(OK), sdb=(OK), Home=(OK), Touch=(OK), Version=tizen-wearable_20160929.1]
Change-Id: Icca98962da0f955ce32c0acc660ccc40754510e2
Signed-off-by: Haesu Gwon <haesu.gwon@samsung.com>
| -rw-r--r-- | include/camera_private.h | 4 | ||||
| -rw-r--r-- | packaging/capi-media-camera.spec | 2 | ||||
| -rw-r--r-- | src/camera.c | 30 |
3 files changed, 25 insertions, 11 deletions
diff --git a/include/camera_private.h b/include/camera_private.h index 8d84f75..7cbd9e1 100644 --- a/include/camera_private.h +++ b/include/camera_private.h @@ -34,7 +34,7 @@ extern "C" { #endif /* BUFFER_MAX_PLANE_NUM */ #define BUFFER_MAX_PLANE_NUM 4 -#define CAMERA_PARSE_STRING_SIZE 20 +#define CAMERA_PARSED_STRING_NUM_MAX 20 #define CAMERA_CB_TIMEOUT 5 #define CAMERA_CB_TIMEOUT_LONG 8 @@ -113,7 +113,7 @@ typedef struct _camera_cb_info_s { /* message receive thread */ GThread *msg_recv_thread; gint msg_recv_running; - gchar recv_msg[MUSE_CAMERA_MSG_MAX_LENGTH]; + gchar recv_msg[MUSE_CAMERA_MSG_MAX_LENGTH * CAMERA_PARSED_STRING_NUM_MAX]; GCond api_cond[MUSE_CAMERA_API_MAX]; GMutex api_mutex[MUSE_CAMERA_API_MAX]; gint api_activating[MUSE_CAMERA_API_MAX]; diff --git a/packaging/capi-media-camera.spec b/packaging/capi-media-camera.spec index 259c444..909ab32 100644 --- a/packaging/capi-media-camera.spec +++ b/packaging/capi-media-camera.spec @@ -1,6 +1,6 @@ Name: capi-media-camera Summary: A Camera API -Version: 0.2.75 +Version: 0.2.76 Release: 0 Group: Multimedia/API License: Apache-2.0 diff --git a/src/camera.c b/src/camera.c index f98d43b..d499594 100644 --- a/src/camera.c +++ b/src/camera.c @@ -1784,6 +1784,7 @@ static void *_camera_msg_recv_func(gpointer data) int num_token = 0; int str_pos = 0; int prev_pos = 0; + int msg_length = 0; char *error_msg = NULL; char *recv_msg = NULL; char **parse_str = NULL; @@ -1796,13 +1797,13 @@ static void *_camera_msg_recv_func(gpointer data) LOGD("start"); - parse_str = (char **)malloc(sizeof(char *) * CAMERA_PARSE_STRING_SIZE); + parse_str = (char **)malloc(sizeof(char *) * CAMERA_PARSED_STRING_NUM_MAX); if (parse_str == NULL) { LOGE("parse_str malloc failed"); return NULL; } - for (i = 0 ; i < CAMERA_PARSE_STRING_SIZE ; i++) { + for (i = 0 ; i < CAMERA_PARSED_STRING_NUM_MAX ; i++) { parse_str[i] = (char *)malloc(sizeof(char) * MUSE_CAMERA_MSG_MAX_LENGTH); if (parse_str[i] == NULL) { LOGE("parse_str[%d] malloc failed", i); @@ -1829,13 +1830,26 @@ static void *_camera_msg_recv_func(gpointer data) /*LOGD("recvMSg : %s, length : %d", recv_msg, ret);*/ /* Need to split the combined entering msgs. - This module supports up to 200 combined msgs. */ + This module supports up to 20 combined msgs. */ for (str_pos = 0; str_pos < ret; str_pos++) { if (recv_msg[str_pos] == '}') { - strncpy(parse_str[num_token], recv_msg + prev_pos, str_pos - prev_pos + 1); - /*LOGD("splitted msg : [%s], Index : %d", parse_str[num_token], num_token);*/ + msg_length = str_pos - prev_pos + 1; + + if (msg_length < MUSE_CAMERA_MSG_MAX_LENGTH) { + strncpy(parse_str[num_token], recv_msg + prev_pos, msg_length); + parse_str[num_token][msg_length] = '\0'; + num_token++; + /*LOGD("splitted msg : [%s], Index : %d", parse_str[num_token], num_token);*/ + } else { + LOGW("too long message : length %d [%s]", msg_length, recv_msg + prev_pos); + } + prev_pos = str_pos + 1; - num_token++; + + if (num_token >= CAMERA_PARSED_STRING_NUM_MAX) { + LOGE("There's too many tokens. Remained msg : %s", recv_msg[++str_pos]); + break; + } } } @@ -1843,7 +1857,7 @@ static void *_camera_msg_recv_func(gpointer data) /* Re-construct to the useful single msg. */ for (i = 0; i < num_token; i++) { - if (i >= CAMERA_PARSE_STRING_SIZE) { + if (i >= CAMERA_PARSED_STRING_NUM_MAX) { LOGE("invalid token index %d", i); break; } @@ -1942,7 +1956,7 @@ static void *_camera_msg_recv_func(gpointer data) CB_HANDLER_EXIT: if (parse_str) { - for (i = 0 ; i < CAMERA_PARSE_STRING_SIZE ; i++) { + for (i = 0 ; i < CAMERA_PARSED_STRING_NUM_MAX ; i++) { if (parse_str[i]) { free(parse_str[i]); parse_str[i] = NULL; |