Fix string buffer size related warningstizen_7.0_m2_releasetizen_6.5.m2_releasetizen_6.0.m2_releasesubmit/tizen_6.5/20211028.164101submit/tizen_6.0_hotfix/20201103.115105submit/tizen_6.0_hotfix/20201102.192905submit/tizen_6.0/20201029.205505submit/tizen/20200107.073356accepted/tizen/unified/20200109.065447accepted/tizen/7.0/unified/hotfix/20221116.112116accepted/tizen/7.0/unified/20221110.060544accepted/tizen/6.5/unified/20211028.224635accepted/tizen/6.0/unified/hotfix/20201103.045452accepted/tizen/6.0/unified/20201030.102641tizen_7.0_hotfixtizen_7.0tizen_6.5tizen_6.0_hotfixtizen_6.0tizenaccepted/tizen_unifiedaccepted/tizen_7.0_unified_hotfixaccepted/tizen_7.0_unifiedaccepted/tizen_6.5_unifiedaccepted/tizen_6.0_unified_hotfixaccepted/tizen_6.0_unified

This is for fixing build error with gcc 9

Change-Id: I52aae2a0dc9adc45c6513ad25c6d52f5e12e9600
Signed-off-by: Semun Lee <semun.lee@samsung.com>

5 files changed, 56 insertions, 42 deletions

diff --git a/include/ciss-types.h b/include/ciss-types.h
index da4d623..d3e8ac0 100644
--- a/include/ciss-types.h
+++ b/include/ciss-types.h
@@ -36,7 +36,7 @@
 #define MAX_SC_LEN				3		/**< Maximum length of service code */
 #define ENCODE_TYPE_GSM			0x0F	/**< the value of the GSM encoding fromat for ussd */
 #define CISS_MMI_MAX_USSD_RESP_STRING	300
-#define CISS_MMI_MAX_SS_RESP_STRING	1664
+#define CISS_MMI_MAX_SS_RESP_STRING	(1664 + 384)	/**< tags can be added to the resp string. so size need to be larger than 1664 */
 #define POPUP_DISPLAY_DURATION		70.0
 #define TAPI_EVENT_SS_USSD_IND		100
 #define TAPI_EVENT_SS_USSD_RESP		101
diff --git a/src/ciss-parser.c b/src/ciss-parser.c
index 62aad30..ab8dfc5 100644
--- a/src/ciss-parser.c
+++ b/src/ciss-parser.c
@@ -196,7 +196,8 @@ static unsigned char __ciss_parse_mmi_string(ciss_mmi_context_t *mmi_ctx, int *e
 		DBG("[CISS-ENGINE] sia = %s, sib = %s, sic = %s", sia, sib, sic);
 	}
 
-	strncpy(mmi_ctx->ss_code, ss_code, MAX_SC_LEN);
+	strncpy(mmi_ctx->ss_code, ss_code, MAX_SC_LEN + 1);
+	mmi_ctx->ss_code[MAX_SC_LEN] = '\0';
 	if ((ss_operation != registerPassword) &&
 			(ss_operation != NULL_SS_OPERATION)) {
 		if (!_ciss_convert_sc_to_tapi_flavor(ss_code, &tapi_flavor, &ss_type)) {
@@ -208,15 +209,17 @@ static unsigned char __ciss_parse_mmi_string(ciss_mmi_context_t *mmi_ctx, int *e
 	}
 
 	if (ss_operation != NULL_SS_OPERATION) {
-		if ((ss_operation != registerPassword) && 
+		if ((ss_operation != registerPassword) &&
 				((ss_type == CISS_SERVICE_FORWARDING) ||
 				 (ss_type == CISS_SERVICE_BARRING))) {
-				strncpy(bsg, sib, MAX_SIB_LEN);
+				strncpy(bsg, sib, MAX_SIA_LEN + 1);
+				bsg[MAX_SIA_LEN] = '\0';
 		} else if (ss_type == CISS_SERVICE_WAITING) {
 			if ((sib[0] != 0) || (sic[0] != 0)) {
 				ss_operation = NULL_SS_OPERATION;
 			} else {
-				strncpy(bsg, sia, MAX_SIA_LEN);
+				strncpy(bsg, sia, MAX_SIA_LEN + 1);
+				bsg[MAX_SIA_LEN] = '\0';
 			}
 		} else {
 			bsg[0] = '\0';
@@ -235,8 +238,9 @@ static unsigned char __ciss_parse_mmi_string(ciss_mmi_context_t *mmi_ctx, int *e
 	if (ss_operation != NULL_SS_OPERATION) {
 		if (ss_type == CISS_SERVICE_FORWARDING) {
 			if (sia[0] != '\0') {
-				memset(mmi_ctx->forward_number, 0, CISS_NUMBER_LEN_MAX+1);
-				strncpy(mmi_ctx->forward_number, sia, CISS_NUMBER_LEN_MAX);
+				memset(mmi_ctx->forward_number, 0, CISS_NUMBER_LEN_MAX + 1);
+				strncpy(mmi_ctx->forward_number, sia, CISS_NUMBER_LEN_MAX + 1);
+				mmi_ctx->forward_number[CISS_NUMBER_LEN_MAX] = '\0';
 			}
 		}
 	}
diff --git a/src/ciss-resp.c b/src/ciss-resp.c
index be2e286..45477ab 100644
--- a/src/ciss-resp.c
+++ b/src/ciss-resp.c
@@ -328,8 +328,9 @@ static void __ciss_ui_mmi_create_mmi_result_string(ciss_result_t *pSSResult, int
 	DBG("Enter");
 	ret_if(pSSResult == NULL);
 	ret_if(result_string == NULL);
-	char mszBuffer[CISS_TEXT_LEN_MAX*5];
-	char szBuffer[CISS_TEXT_LEN_MAX];
+	int ret;
+	char mszBuffer[CISS_TEXT_LEN_MAX * 5];
+	char szBuffer[CISS_TEXT_LEN_MAX + 16];
 	char service[CISS_TEXT_LEN_MAX];
 	char teleservice[CISS_TEXT_LEN_MAX];
 	char flavor[CISS_TEXT_LEN_MAX];
@@ -344,59 +345,61 @@ static void __ciss_ui_mmi_create_mmi_result_string(ciss_result_t *pSSResult, int
 	mszBuffer[CISS_TEXT_LEN_MAX - 1] = '\0';
 
 	if (strlen(teleservice)) {
-		strncat(mszBuffer, "<br>", strlen("<br>"));
-		strncat(mszBuffer, " -", strlen(" -"));
-		strncat(mszBuffer, teleservice, strlen(teleservice));
+		strncat(mszBuffer, "<br>", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+		strncat(mszBuffer, " -", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+		strncat(mszBuffer, teleservice, sizeof(mszBuffer) - strlen(mszBuffer) - 1);
 	}
 	DBG("create_result_string: Label Text(telecommSvc) = %d\n", pSSResult->szBearer[index]);
 
 	if (pSSResult->szSsType == CISS_SERVICE_FORWARDING) {
 		if ((strcmp(flavor, CISS_STR_CALL_FORWARDING_ACTIVE_C_WHEN_NOREPLY) == 0) &&
 				(pSSResult->nForwardWaitingTime[index] != 0)) {
-			snprintf(szBuffer, CISS_TEXT_LEN_MAX, "%s %02ds", flavor, pSSResult->nForwardWaitingTime[index]);
+			snprintf(szBuffer, sizeof(szBuffer), "%s %02ds", flavor, pSSResult->nForwardWaitingTime[index]);
 		} else {
 			strncpy(szBuffer, flavor, CISS_TEXT_LEN_MAX - 1);
 			szBuffer[CISS_TEXT_LEN_MAX - 1] = '\0';
 		}
 
 		if (strlen(flavor) > 1) {
-			strncat(mszBuffer, "<br>", strlen("<br>"));
-			strncat(mszBuffer, " -", strlen(" -"));
-			strncat(mszBuffer, szBuffer, strlen(szBuffer));
+			strncat(mszBuffer, "<br>", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+			strncat(mszBuffer, " -", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+			strncat(mszBuffer, szBuffer, sizeof(mszBuffer) - strlen(mszBuffer) - 1);
 		}
 		DBG("\n [CISS-MMI] create_result_string: Label Text(flavor) = %s\n", flavor);
 
-		strncat(mszBuffer, "<br>", strlen("<br>"));
-		strncat(mszBuffer, " -", strlen(" -"));
-		strncat(mszBuffer, status, strlen(status));
+		strncat(mszBuffer, "<br>", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+		strncat(mszBuffer, " -", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+		strncat(mszBuffer, status, sizeof(mszBuffer) - strlen(mszBuffer) - 1);
 
 		if (strlen(pSSResult->szForwardedToNumber[index]) &&
 				(strcmp(status, CISS_STR_ACTIVATED) == 0)) {
 			DBG("\n [CISS-MMI] create_result_string: Forwarded to number = %s\n",
 				pSSResult->szForwardedToNumber[index]);
 
-			strncat(mszBuffer, "<br>", strlen("<br>"));
-			strncat(mszBuffer, " ", strlen(" "));
-			strncat(mszBuffer, pSSResult->szForwardedToNumber[index], strlen(pSSResult->szForwardedToNumber[index]));
+			strncat(mszBuffer, "<br>", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+			strncat(mszBuffer, " ", sizeof(mszBuffer) - strlen(mszBuffer) -1);
+			strncat(mszBuffer, pSSResult->szForwardedToNumber[index], sizeof(mszBuffer) - strlen(mszBuffer) - 1);
 		} else {
 			DBG("\n [CISS-MMI] create_result_string: Forwarded to number is not need");
 		}
 	} else if (pSSResult->szSsType == CISS_SERVICE_BARRING) {
 		if (strlen(flavor) > 1) {
-			strncat(mszBuffer, "<br>", strlen("<br>"));
-			strncat(mszBuffer, " -", strlen(" -"));
-			strncat(mszBuffer, flavor, strlen(flavor));
+			strncat(mszBuffer, "<br>", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+			strncat(mszBuffer, " -", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+			strncat(mszBuffer, flavor, sizeof(mszBuffer) - strlen(mszBuffer) - 1);
 		}
 
-		strncat(mszBuffer, "<br>", strlen("<br>"));
-		strncat(mszBuffer, " -", strlen(" -"));
-		strncat(mszBuffer, status, strlen(status));
+		strncat(mszBuffer, "<br>", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+		strncat(mszBuffer, " -", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+		strncat(mszBuffer, status, sizeof(mszBuffer) - strlen(mszBuffer) - 1);
 	} else if (pSSResult->szSsType == CISS_SERVICE_WAITING) {
-		strncat(mszBuffer, "<br>", strlen("<br>"));
-		strncat(mszBuffer, " -", strlen("< ->"));
-		strncat(mszBuffer, status, strlen(status));
+		strncat(mszBuffer, "<br>", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+		strncat(mszBuffer, " -", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+		strncat(mszBuffer, status, sizeof(mszBuffer) - strlen(mszBuffer) - 1);
 	}
-	strncpy(result_string, mszBuffer, sizeof(mszBuffer) - 1);
+	ret = snprintf(result_string, CISS_USSD_DATA_SIZE_MAX, "%s", mszBuffer);
+	if (ret >= CISS_USSD_DATA_SIZE_MAX)
+		WARN("result_string is truncated");
 
 	DBG("Result String:%s\n", result_string);
 	DBG("Leave");
@@ -521,10 +524,11 @@ static int __ciss_create_ss_result_string(char *ss_result_string /*out */, ciss_
 		__ciss_ui_mmi_create_cnap_result_string(ciss_result, resultstring[0], ad);
 	} else if (ciss_result->nRecordNum == 0) {
 		DBG("\n [CISS-MMI] result.nRecordNum == 0  \n");
-		strncpy(resultstring[0], CISS_STR_SUCCESS, CISS_TEXT_LEN_MAX - 1);
-		strncat(ss_result_string, "<br> ", strlen("<br> "));
-		strncat(ss_result_string, resultstring[0], CISS_USSD_DATA_SIZE_MAX);
-		strncat(ss_result_string, "<br> ", strlen("<br> "));
+		strncpy(resultstring[0], CISS_STR_SUCCESS, CISS_TEXT_LEN_MAX);
+		resultstring[0][CISS_TEXT_LEN_MAX - 1] = '\0';
+		strncat(ss_result_string, "<br> ", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1);
+		strncat(ss_result_string, resultstring[0], CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1);
+		strncat(ss_result_string, "<br> ", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1);
 	} else {
 		int g_count = 0;
 		for (g_count = 0; g_count < ciss_result->nRecordNum; g_count++) {
@@ -534,9 +538,9 @@ static int __ciss_create_ss_result_string(char *ss_result_string /*out */, ciss_
 	}
 
 	for (count = 0; count < ciss_result->nRecordNum; count++) {
-		strncat(ss_result_string, "<br> ", strlen("<br> "));
-		strncat(ss_result_string, resultstring[count], CISS_USSD_DATA_SIZE_MAX);
-		strncat(ss_result_string, "<br> ", strlen("<br> "));
+		strncat(ss_result_string, "<br> ", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1);
+		strncat(ss_result_string, resultstring[count], CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1);
+		strncat(ss_result_string, "<br> ", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1);
 	}
 	DBG("Final Result string : %s ", ss_result_string);
 	DBG("Leave");
diff --git a/src/ciss-ussd.c b/src/ciss-ussd.c
index 65cbcef..d004081 100644
--- a/src/ciss-ussd.c
+++ b/src/ciss-ussd.c
@@ -27,6 +27,7 @@ static int __ciss_get_ussd_string(char *ss_result_string, int length, char *szSt
 	DBG("Enter");
 	retv_if(ss_result_string == NULL, -1);
 	retv_if(szString == NULL, -1);
+	int ret;
 
 	char *ptr = NULL;
 	char *temp_ptr = NULL;
@@ -39,7 +40,12 @@ static int __ciss_get_ussd_string(char *ss_result_string, int length, char *szSt
 		while ((ptr = strtok_r(NULL, "\n", &temp_ptr))) {
 			char temp_str[CISS_MMI_MAX_USSD_RESP_STRING];
 			strncpy(temp_str, ss_result_string, CISS_MMI_MAX_USSD_RESP_STRING - 1);
-			snprintf(ss_result_string, CISS_MMI_MAX_USSD_RESP_STRING, "%s<br>%s", temp_str, ptr);
+			temp_str[CISS_MMI_MAX_USSD_RESP_STRING - 1] = '\0';
+			ret = snprintf(ss_result_string, CISS_MMI_MAX_USSD_RESP_STRING, "%s<br>%s", temp_str, ptr);
+			if (ret >= CISS_MMI_MAX_USSD_RESP_STRING) {
+				ERR("USSD string is truncated");
+				return -1;
+			}
 		}
 	} else {
 		strncpy(ss_result_string, "", CISS_MMI_MAX_USSD_RESP_STRING - 1);
diff --git a/src/ciss-util.c b/src/ciss-util.c
index 3b29406..aedfaed 100644
--- a/src/ciss-util.c
+++ b/src/ciss-util.c
@@ -29,7 +29,7 @@ char *_ciss_strcpy(char *pBuffer, int nBufCount, const char *pszString)
 	memset(pBuffer, 0, nBufCount * sizeof(char));
 
 	if ((nBufCount - 1) >= (int)strlen(pszString)) {
-		strncpy(pBuffer, pszString, (int)strlen(pszString));
+		strncpy(pBuffer, pszString, nBufCount);
 		pBuffer[(int)strlen(pszString)] = '\0';
 	} else {
 		DBG("\n [CISS-ENGINE] _ciss_strcpy:short of buffer..BufCount=%d, strlen=%zu, str=%s\n", nBufCount, strlen(pszString), pszString);
@@ -219,7 +219,7 @@ unsigned int _ciss_util_get_mcc()
 		snprintf(plmn_string, 10, "%d", plmn_value);
 
 		/*First 3 digits of plmn value constitutes the mcc value */
-		strncpy(mcc_value, plmn_string, 3);
+		stpncpy(mcc_value, plmn_string, 3);
 		mcc = (unsigned int)atoi(mcc_value);
 	} else {
 		ERR("vconf_get_int failed..[%d]", ret);