From 50aaaae089aa60b0633b562ff0a42e84227962e2 Mon Sep 17 00:00:00 2001
From: trupthi1403 <thrupthibp14@gmail.com>
Date: Wed, 25 Mar 2026 15:01:14 +0530
Subject: [PATCH] RDKEMW-16005-1: Resolve critical priority coverity issues

Reason for change: Changes to fix FORWARD_NULL, TOCTOU coverity issue
Test Procedure: Refer Ticket
Risks: Low
Priority: P2
---
 westeros-compositor.cpp | 43 +++++++++++++++++++++++++++++++++--------
 1 file changed, 35 insertions(+), 8 deletions(-)

diff --git a/westeros-compositor.cpp b/westeros-compositor.cpp
index c12d386..d1e4110 100644
--- a/westeros-compositor.cpp
+++ b/westeros-compositor.cpp
@@ -5675,9 +5675,12 @@ static WstSurface* wstSurfaceCreate( WstCompositor *wctx)
          wstSurfaceInsertSurface( ctx, surface );
       }
       #ifdef ENABLE_LEXPSYNCPROTOCOL
-      WstLExpSyncClear(&surface->createdBufferSync);
-      WstLExpSyncClear(&surface->attachedBufferSync);
-      WstLExpSyncClear(&surface->detachedBufferSync);
+      if ( surface )
+      {
+      	WstLExpSyncClear(&surface->createdBufferSync);
+      	WstLExpSyncClear(&surface->attachedBufferSync);
+      	WstLExpSyncClear(&surface->detachedBufferSync);
+      }
       #endif
    }
    
@@ -10191,6 +10194,7 @@ static void wstPruneOrphanFiles( WstContext *ctx )
    int prefixLen;
    int pid, rc;
    char work[34];
+   char filepath[64];
    if ( NULL != (dir = opendir( "/tmp" )) )
    {
       prefixLen= strlen(TEMPFILE_PREFIX);
@@ -10202,15 +10206,38 @@ static void wstPruneOrphanFiles( WstContext *ctx )
             snprintf( work, sizeof(work), "%s/%s", "/tmp", result->d_name);
             if ( sscanf( work, TEMPFILE_TEMPLATE, &pid ) == 1 )
             {
-               // Check if the pid of this temp file is still valid
                snprintf(work, sizeof(work), "/proc/%d", pid);
                rc= stat( work, &fileinfo );
                if ( rc )
                {
-                  // The pid is not valid, delete the file
-                  snprintf( work, sizeof(work), "%s/%s", "/tmp", result->d_name);
-                  INFO("removing temp file: %s", work);
-                  remove( work );
+		       int fd;
+                  snprintf( filepath, sizeof(filepath), "%s/%s", "/tmp", result->d_name);
+
+                  fd = open( filepath, O_RDONLY | O_NOFOLLOW | O_CLOEXEC );
+                  if ( fd >= 0 )
+                  {
+                     if ( fstat( fd, &fileinfo ) == 0 )
+                     {
+                        if ( S_ISREG(fileinfo.st_mode) )
+                        {
+                           INFO("removing temp file: %s", filepath);
+                           if ( unlink( filepath ) != 0 )
+                           {
+                              WARNING("Failed to remove temp file: %s (errno: %d)", filepath, errno);
+                           }
+			   	close( fd );
+                        }
+                        else
+                        {
+                           close( fd );
+                           WARNING("Skipping non-regular file: %s (mode: 0%o)", filepath, fileinfo.st_mode);
+                        }
+                     }
+                     else
+                     {
+                        close( fd );
+                     }
+                  }
                }
             }
          }