summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMinje Ahn <minje.ahn@samsung.com>2018-02-09 13:11:54 +0900
committerMinje Ahn <minje.ahn@samsung.com>2018-02-09 13:11:54 +0900
commit3f3a1003bf42841945cfd0a0607b8e991b8ef87f (patch)
tree77ccfa8ceffb668d3c0e036a640aa4b62b85405f
parentb3ceefb00b997a50a3da4288b6af3a56f89385c3 (diff)
downloadlibmedia-thumbnail-3f3a1003bf42841945cfd0a0607b8e991b8ef87f.tar.gz
libmedia-thumbnail-3f3a1003bf42841945cfd0a0607b8e991b8ef87f.tar.bz2
libmedia-thumbnail-3f3a1003bf42841945cfd0a0607b8e991b8ef87f.zip
[SATIZENVUL-1315,1316] Reinforced the missing codesubmit/tizen/20180208.063721accepted/tizen/unified/20180213.132810
Change-Id: Ia42ba6850a64b360e36b16c42df2d125772685c4 Signed-off-by: Minje Ahn <minje.ahn@samsung.com>
-rwxr-xr-xserver/thumb-server-internal.c2
-rwxr-xr-xsrc/ipc/media-thumb-ipc.c14
2 files changed, 14 insertions, 2 deletions
diff --git a/server/thumb-server-internal.c b/server/thumb-server-internal.c
index 9116c05..4217b2e 100755
--- a/server/thumb-server-internal.c
+++ b/server/thumb-server-internal.c
@@ -117,7 +117,7 @@ gboolean _thumb_server_read_socket(GIOChannel *src, GIOCondition condition, gpoi
SAFE_FREE(credentials.smack);
SAFE_FREE(credentials.uid);
- thumb_warn_slog("Received [%d] %s(%d) from PID(%d)", recv_msg.msg_type, recv_msg.org_path, strlen(recv_msg.org_path), recv_msg.pid);
+ thumb_warn_slog("Received [%d] %.*s(%d) from PID(%d)", recv_msg.msg_type, MAX_FILEPATH_LEN, recv_msg.org_path, strlen(recv_msg.org_path), recv_msg.pid);
if (recv_msg.msg_type != THUMB_REQUEST_KILL_SERVER)
_thumb_daemon_process_job(&recv_msg, &res_msg);
diff --git a/src/ipc/media-thumb-ipc.c b/src/ipc/media-thumb-ipc.c
index 4fb6cd8..9f652a2 100755
--- a/src/ipc/media-thumb-ipc.c
+++ b/src/ipc/media-thumb-ipc.c
@@ -270,7 +270,19 @@ int _media_thumb_recv_msg(int sock, int header_size, thumbMsg *msg)
}
memcpy(msg, buf, header_size);
- //thumb_dbg("thumb_size : %d", msg->thumb_size);
+
+ if (strlen(msg->org_path) == 0 || strlen(msg->org_path) >= MAX_FILEPATH_LEN) {
+ thumb_err("org_path size is invalid %d", strlen(msg->org_path));
+
+ return MS_MEDIA_ERR_SOCKET_RECEIVE;
+ }
+
+ /* it can be empty string */
+ if (strlen(msg->dst_path) >= MAX_FILEPATH_LEN) {
+ thumb_err("dst_path size is invalid %d", strlen(msg->dst_path));
+
+ return MS_MEDIA_ERR_SOCKET_RECEIVE;
+ }
SAFE_FREE(buf);
if (msg->thumb_size < 0) {