diff --git a/adapter/uhdf2/hdi/src/hdi_smq_syncer.cpp b/adapter/uhdf2/hdi/src/hdi_smq_syncer.cpp index ddf827e3d2df025ee694e52c6a42b2c363c84e43..5b001590b6991d924df9cf4152d79fda57d1e400 100644 --- a/adapter/uhdf2/hdi/src/hdi_smq_syncer.cpp +++ b/adapter/uhdf2/hdi/src/hdi_smq_syncer.cpp @@ -105,6 +105,11 @@ void SharedMemQueueSyncer::TimeoutToRealtime(int64_t timeout, struct timespec &r clock_gettime(CLOCK_MONOTONIC, &realtime); int64_t timeoutNanoSec = timeout % nano; int64_t timeoutSec = timeout / nano; + + if (realtime.tv_nsec > (LONG_MAX - timeoutNanoSec)) { + HDF_LOGE("realtime.tv_nsec check the upper limit error"); + return; + } if (timeoutNanoSec + realtime.tv_nsec >= nano) { realtime.tv_nsec = (timeoutNanoSec + realtime.tv_nsec) - nano; diff --git a/adapter/uhdf2/hdi/src/idevmgr_client.cpp b/adapter/uhdf2/hdi/src/idevmgr_client.cpp index 88e6c5813df284b6e834965dc4f9f3c486aaac45..dafe27130163fdef5eeea69989552f0f0ce01ffe 100644 --- a/adapter/uhdf2/hdi/src/idevmgr_client.cpp +++ b/adapter/uhdf2/hdi/src/idevmgr_client.cpp @@ -163,11 +163,13 @@ int32_t DeviceManagerProxy::ListAllDevice(std::vector &deviceInf HDF_LOGE("list all device info failed, %{public}d", status); return status; } - + std::unique_lock vectorLock(g_remoteMutex); if (!HdfDevMgrDbgFillDeviceInfo(deviceInfos, reply)) { HDF_LOGE("failed to read all device info"); + vectorLock.unlock(); return HDF_ERR_INVALID_PARAM; } + vectorLock.unlock(); return status; } diff --git a/adapter/uhdf2/hdi/src/iservmgr_client.cpp b/adapter/uhdf2/hdi/src/iservmgr_client.cpp index 66e7d3e278f40d2d34393c77af41d607cba2dfd1..128fc4ce1492804824ef1c768479c5b085b72fd3 100644 --- a/adapter/uhdf2/hdi/src/iservmgr_client.cpp +++ b/adapter/uhdf2/hdi/src/iservmgr_client.cpp @@ -63,7 +63,8 @@ sptr IServiceManager::Get() std::unique_lock lock(g_remoteMutex); sptr remote = saManager->GetSystemAbility(DEVICE_SERVICE_MANAGER_SA_ID); if (remote != nullptr) { - return new ServiceManagerProxy(remote); + sptr manager (new ServiceManagerProxy(remote)); + return manager; } HDF_LOGE("failed to get sa hdf service manager"); @@ -77,7 +78,7 @@ int32_t ServiceManagerProxy::RegisterServiceStatusListener( MessageParcel reply; MessageOption option; - if (!data.WriteInterfaceToken(GetDescriptor()) || !data.WriteUint16(deviceClass) || + if (listener == nullptr || !data.WriteInterfaceToken(GetDescriptor()) || !data.WriteUint16(deviceClass) || !data.WriteRemoteObject(listener->AsObject())) { return HDF_FAILURE; } @@ -98,7 +99,7 @@ int32_t ServiceManagerProxy::UnregisterServiceStatusListener(::OHOS::sptrAsObject())) { + if (listener == nullptr || !data.WriteInterfaceToken(GetDescriptor()) || !data.WriteRemoteObject(listener->AsObject())) { return HDF_FAILURE; } @@ -167,7 +168,9 @@ int32_t ServiceManagerProxy::ListAllService(std::vector &service HDF_LOGE("list all service info failed, %{public}d", status); return status; } else { + std::unique_lock vectorLock(g_remoteMutex); HdfDevMgrDbgFillServiceInfo(serviceInfos, reply); + vectorLock.unlock(); } HDF_LOGD("get all service info success"); return status; diff --git a/adapter/uhdf2/hdi/src/servstat_listener.c b/adapter/uhdf2/hdi/src/servstat_listener.c index 996707b2a6ed02056bbdffc850abeb5fb458b087..1db8e4b41a6a3521d3c36f08798e1113e958d121 100644 --- a/adapter/uhdf2/hdi/src/servstat_listener.c +++ b/adapter/uhdf2/hdi/src/servstat_listener.c @@ -32,6 +32,12 @@ int ServstatListenerStubRemoteDispatch( { (void)reply; struct ServstatListenerStub *stub = (struct ServstatListenerStub *)remote; + + if (stub == NULL) { + HDF_LOGE("stub is null"); + return HDF_ERR_INVALID_PARAM; + } + struct ServiceStatus status; if (cmdid != SERVIE_STATUS_LISTENER_NOTIFY) { @@ -97,6 +103,11 @@ void HdiServiceStatusListenerFree(struct ServiceStatusListener *listener) } struct ServstatListenerStub *stub = CONTAINER_OF(listener, struct ServstatListenerStub, listener); + + if (stub == NULL) { + return; + } + HdfRemoteServiceRecycle(stub->remote); OsalMemFree(stub); } \ No newline at end of file diff --git a/adapter/uhdf2/host/src/devhost_service_full.c b/adapter/uhdf2/host/src/devhost_service_full.c index c9331f5ce2950e666e02d66f509f22e27113563c..0386d7438e47314614c231bffb18c7003342a8ff 100644 --- a/adapter/uhdf2/host/src/devhost_service_full.c +++ b/adapter/uhdf2/host/src/devhost_service_full.c @@ -30,6 +30,10 @@ static int32_t DevHostServiceFullDispatchMessage(struct HdfMessageTask *task, st HDF_SLIST_CONTAINER_OF(struct HdfMessageTask, task, struct DevHostServiceFull, task); int status = HDF_SUCCESS; + if (msg == NULL || hostService == NULL) { + HDF_LOGE("DevHostServiceFullDispatchMessage : msg or hostService is null"); + return HDF_ERR_INVALID_PARAM; + } switch (msg->messageId) { case DEVHOST_MESSAGE_ADD_DEVICE: { struct HdfDeviceInfo *attribute = (struct HdfDeviceInfo *)msg->data[0]; @@ -96,6 +100,10 @@ static int DevHostServiceFullDispatchPowerState(struct HdfDevice *device, uint32 if (deviceNode->powerToken != NULL) { ret = PowerStateChange(deviceNode->powerToken, state); if (ret != HDF_SUCCESS) { + if (deviceNode->driver == NULL && deviceNode->driver->entry ==NULL) { + HDF_LOGE("deviceNode->driver or deviceNode->driver->entry is null"); + result = HDF_FAILURE; + } HDF_LOGE("device %{public}s failed to resume(%{public}d) %{public}d", deviceNode->driver->entry->moduleName, state, ret); result = HDF_FAILURE; @@ -107,8 +115,12 @@ static int DevHostServiceFullDispatchPowerState(struct HdfDevice *device, uint32 if (deviceNode->powerToken != NULL) { ret = PowerStateChange(deviceNode->powerToken, state); if (ret != HDF_SUCCESS) { + if (deviceNode->driver == NULL && deviceNode->driver->entry ==NULL) { + HDF_LOGE("deviceNode->driver or deviceNode->driver->entry is null"); + result = HDF_FAILURE; + } HDF_LOGE("device %{public}s failed to suspend(%{public}d) %{public}d", - deviceNode->driver->entry->moduleName, state, ret); + deviceNode->driver->entry->moduleName, state, ret); result = HDF_FAILURE; } } @@ -143,6 +155,12 @@ static int OnSysEventReceived( } struct DevHostService *hostService = CONTAINER_OF(self, struct DevHostService, sysEventNotifyNode); + + if (hostService == NULL) { + HDF_LOGE("hostService is null"); + return HDF_ERR_INVALID_PARAM; + } + HDF_LOGI("host receive eventClass=%{public}llu, event=%{public}u", (unsigned long long)eventClass, event); return hostService->super.PmNotify(&hostService->super, SysEventToPowerState(event)); } @@ -201,6 +219,9 @@ int DevHostServiceFullPmNotify(struct IDevHostService *service, uint32_t state) void DevHostServiceFullConstruct(struct DevHostServiceFull *inst) { + if (inst == NULL) { + return; + } struct IDevHostService *hostServiceIf = &inst->super.super; static struct IHdfMessageHandler handler = {.Dispatch = DevHostServiceFullDispatchMessage}; DevHostServiceConstruct(&inst->super); diff --git a/adapter/uhdf2/host/src/device_service_stub.c b/adapter/uhdf2/host/src/device_service_stub.c index 7137a53e9ddc78ad21779cb8b413b73052722475..c31d63087aa75c2e48d353d20c189376c889526e 100644 --- a/adapter/uhdf2/host/src/device_service_stub.c +++ b/adapter/uhdf2/host/src/device_service_stub.c @@ -24,6 +24,11 @@ int DeviceServiceStubDispatch( struct HdfRemoteService *stub, int code, struct HdfSBuf *data, struct HdfSBuf *reply) { struct DeviceServiceStub *service = (struct DeviceServiceStub *)stub; + + if (service == NULL) { + return HDF_FAILURE; + } + struct IDeviceIoService *ioService = service->super.deviceObject.service; int ret = HDF_FAILURE; @@ -51,12 +56,12 @@ int DeviceServiceStubPublishService(struct HdfDeviceNode *service) int status = HDF_FAILURE; struct DeviceServiceStub *fullService = (struct DeviceServiceStub *)service; - if (service->servName == NULL) { + if (service == NULL || service->servName == NULL) { HDF_LOGE("device %x miss service name", service->devId); return HDF_ERR_INVALID_OBJECT; } - if (fullService->remote != NULL) { + if (fullService == NULL || fullService->remote != NULL) { HDF_LOGE("%{public}s:service %{public}s already published", __func__, service->servName); return HDF_ERR_INVALID_OBJECT; } @@ -150,5 +155,8 @@ bool HdfDeviceObjectCheckInterfaceDesc(struct HdfDeviceObject *dev, struct HdfSB } struct HdfDeviceNode *devNode = CONTAINER_OF(dev, struct HdfDeviceNode, deviceObject); struct DeviceServiceStub *instance = (struct DeviceServiceStub *)devNode; + if (instance == NULL) { + return false; + } return HdfRemoteServiceCheckInterfaceToken(instance->remote, data); } \ No newline at end of file diff --git a/adapter/uhdf2/host/src/device_token_stub.c b/adapter/uhdf2/host/src/device_token_stub.c index 87f3c623bdae4907991344d24f11cf00040e7bc4..6b190852bf2ae9bf2986413e43898654996dd849 100644 --- a/adapter/uhdf2/host/src/device_token_stub.c +++ b/adapter/uhdf2/host/src/device_token_stub.c @@ -27,6 +27,10 @@ int DeviceTokenStubDispatch( (void)data; (void)reply; struct DeviceTokenStub *tokenStub = (struct DeviceTokenStub *)stub; + if (tokenStub == NULL) { + HDF_LOGE("Dispatch failed, tokenStub is null"); + return HDF_FAILURE; + } struct IDevHostService *super = (struct IDevHostService *)&tokenStub->super; if (super == NULL) { HDF_LOGE("Dispatch failed, super is null"); diff --git a/adapter/uhdf2/host/src/devmgr_service_proxy.c b/adapter/uhdf2/host/src/devmgr_service_proxy.c index 8cf1fe2d2c9726f5c3f0e7d3ebddaeaa4eace1e9..d5157f56371a0e1b3cd357bef45ac00a87f41eb7 100644 --- a/adapter/uhdf2/host/src/devmgr_service_proxy.c +++ b/adapter/uhdf2/host/src/devmgr_service_proxy.c @@ -34,12 +34,16 @@ int DevmgrServiceProxyAttachDeviceHost(struct IDevmgrService *inst, uint16_t hos struct HdfRemoteService *remoteService = NULL; struct DevmgrServiceProxy *serviceProxy = (struct DevmgrServiceProxy *)inst; struct DevHostServiceStub *hostStub = (struct DevHostServiceStub *)service; - if ((serviceProxy->remote == NULL) || (data == NULL) || (reply == NULL) || (hostStub == NULL)) { + if ((serviceProxy == NULL) || (serviceProxy->remote == NULL) || (data == NULL) || (reply == NULL) || (hostStub == NULL)) { HDF_LOGE("DevmgrServiceProxyAttachDeviceHost failed, host id is %{public}u", hostId); goto FINISHED; } remoteService = serviceProxy->remote; dipatcher = remoteService->dispatcher; + if (dipatcher == NULL) { + HDF_LOGE("dipatcher is null"); + goto FINISHED; + } if (!HdfRemoteServiceWriteInterfaceToken(remoteService, data) || !HdfSbufWriteInt32(data, hostId) || HdfSbufWriteRemoteService(data, hostStub->remote) != HDF_SUCCESS) { HDF_LOGE("failed to attach host, write sbuf error"); @@ -71,6 +75,10 @@ int DevmgrServiceProxyAttachDevice(struct IDevmgrService *inst, struct IHdfDevic goto FINISHED; } + if (remoteService->dispatcher == NULL) { + HDF_LOGE("remoteService->dispatcher is null"); + goto FINISHED; + } status = remoteService->dispatcher->Dispatch(remoteService, DEVMGR_SERVICE_ATTACH_DEVICE, data, reply); FINISHED: HdfSbufRecycle(reply); @@ -93,6 +101,10 @@ int DevmgrServiceProxyDetachDevice(struct IDevmgrService *inst, devid_t devid) goto FINISHED; } + if (remoteService->dispatcher == NULL) { + HDF_LOGE("remoteService->dispatcher is null"); + goto FINISHED; + } status = remoteService->dispatcher->Dispatch(remoteService, DEVMGR_SERVICE_DETACH_DEVICE, data, reply); FINISHED: HdfSbufRecycle(reply); @@ -115,6 +127,11 @@ static int DevmgrServiceProxyProcessLoad(struct IDevmgrService *inst, const char return HDF_FAILURE; } + if (remoteService->dispatcher == NULL) { + HDF_LOGE("remoteService->dispatcher is null"); + return HDF_FAILURE; + } + int status = remoteService->dispatcher->Dispatch(remoteService, code, data, NULL); HdfSbufRecycle(data); return status; diff --git a/adapter/uhdf2/host/src/devsvc_manager_proxy.c b/adapter/uhdf2/host/src/devsvc_manager_proxy.c index 14921e9d3cb2f0d687c405c131f0e0efcd4719bf..1b0ae86dd82386664f3cc98621abe3df153455c0 100644 --- a/adapter/uhdf2/host/src/devsvc_manager_proxy.c +++ b/adapter/uhdf2/host/src/devsvc_manager_proxy.c @@ -45,7 +45,7 @@ static int WriteServiceInfo( struct HdfDeviceNode *devNode = HDF_SLIST_CONTAINER_OF(struct HdfDeviceObject, service, struct HdfDeviceNode, deviceObject); struct DeviceServiceStub *deviceFullService = (struct DeviceServiceStub *)devNode; - if (deviceFullService->remote == NULL) { + if (deviceFullService == NULL || deviceFullService->remote == NULL) { HDF_LOGE("%{public}s: device service is broken", __func__); return ret; } @@ -76,7 +76,7 @@ static int DevSvcManagerProxyAddService( HDF_LOGE("%{public}s:service or name is null", __func__); return HDF_ERR_INVALID_PARAM; } - if ((serviceProxy == NULL) || (serviceProxy->remote == NULL)) { + if ((serviceProxy == NULL) || (serviceProxy->remote == NULL || serviceProxy->remote->dispatcher == NULL)) { HDF_LOGE("Add service failed, serviceProxy is invalid"); return HDF_ERR_INVALID_PARAM; } @@ -116,7 +116,7 @@ static int DevSvcManagerProxyUpdateService(struct IDevSvcManager *inst, HDF_LOGE("%{public}s:service or name is null", __func__); return HDF_ERR_INVALID_PARAM; } - if ((serviceProxy == NULL) || (serviceProxy->remote == NULL)) { + if ((serviceProxy == NULL) || (serviceProxy->remote == NULL || serviceProxy->remote->dispatcher == NULL)) { HDF_LOGE("update service failed, serviceProxy is invalid"); return HDF_ERR_INVALID_PARAM; } @@ -157,14 +157,18 @@ struct HdfObject *DevSvcManagerProxyGetService(struct IDevSvcManager *inst, cons struct HdfRemoteService *remoteService = NULL; struct DevSvcManagerProxy *serviceProxy = (struct DevSvcManagerProxy *)inst; do { - if ((serviceProxy->remote == NULL) || (data == NULL) || (reply == NULL)) { - HDF_LOGE("Get service failed, serviceProxy->remote or data or reply is null"); + if ((serviceProxy == NULL || serviceProxy->remote == NULL) || (data == NULL) || (reply == NULL)) { + HDF_LOGE("Get service failed,serviceProxy or serviceProxy->remote or data or reply is null"); break; } dispatcher = serviceProxy->remote->dispatcher; if (!HdfRemoteServiceWriteInterfaceToken(serviceProxy->remote, data) || !HdfSbufWriteString(data, svcName)) { break; } + if (dispatcher == NULL) { + HDF_LOGE("Get service failed,dispatcher is null"); + break; + } status = dispatcher->Dispatch(serviceProxy->remote, DEVSVC_MANAGER_GET_SERVICE, data, reply); if (status == HDF_SUCCESS) { remoteService = HdfSbufReadRemoteService(reply); @@ -200,6 +204,10 @@ void DevSvcManagerProxyRemoveService(struct IDevSvcManager *inst, const char *sv if (!HdfRemoteServiceWriteInterfaceToken(serviceProxy->remote, data) || !HdfSbufWriteString(data, svcName)) { break; } + if (dispatcher == NULL) { + HDF_LOGE("Remove service failed,dispatcher is null"); + break; + } int status = dispatcher->Dispatch(remoteService, DEVSVC_MANAGER_REMOVE_SERVICE, data, reply); HDF_LOGW("Device service manager proxy remove service status is %{public}d", status); } while (0); diff --git a/adapter/uhdf2/host/src/hdf_device_thread.c b/adapter/uhdf2/host/src/hdf_device_thread.c index 60a8cf3f995d5c57b22e08304816fc9727e069a2..d72c44f096edf58c16cc666794a93859609a40b5 100644 --- a/adapter/uhdf2/host/src/hdf_device_thread.c +++ b/adapter/uhdf2/host/src/hdf_device_thread.c @@ -23,6 +23,12 @@ int32_t DeviceThreadMessageHandler(struct HdfMessageTask *task, struct HdfMessage *msg) { (void)task; + + if (msg == NULL) { + HDF_LOGE("msg is null"); + return HDF_ERR_INVALID_PARAM; + } + struct HdfDevice *device = (struct HdfDevice *)msg->data[0]; switch (msg->messageId) { case DEVICE_SERVICE_MESSAGE_LAUNCH: { diff --git a/adapter/uhdf2/host/test/unittest/sample_driver/sample_hdi.h b/adapter/uhdf2/host/test/unittest/sample_driver/sample_hdi.h index 4906b73ffab4283b5c21312c34ebff4f13bc717a..36f774dd8a618af8941e37d7507654d7dc679b02 100644 --- a/adapter/uhdf2/host/test/unittest/sample_driver/sample_hdi.h +++ b/adapter/uhdf2/host/test/unittest/sample_driver/sample_hdi.h @@ -97,6 +97,12 @@ static inline struct DataBlock *DataBlockBlockUnmarshalling(struct HdfSBuf *data if (dataBlock == nullptr) { return nullptr; } + + if (block == nullptr) { + HDF_LOGE("block is null"); + return nullptr; + } + HDF_LOGD("%{public}s: DataBlock mem: %{public}d %{public}d %{public}d", __func__, block->a, block->b, block->c); if (memcpy_s(dataBlock, sizeof(*dataBlock), block, sizeof(*dataBlock)) != EOK) { return nullptr; diff --git a/adapter/uhdf2/host/test/unittest/sample_driver/sample_hdi_service.cpp b/adapter/uhdf2/host/test/unittest/sample_driver/sample_hdi_service.cpp index 0762bd20cb00cef90e4ddfac61a4d7f095505e91..a5bccd15a8496ce697d12ddea38a8cd8d586ddb9 100644 --- a/adapter/uhdf2/host/test/unittest/sample_driver/sample_hdi_service.cpp +++ b/adapter/uhdf2/host/test/unittest/sample_driver/sample_hdi_service.cpp @@ -55,6 +55,10 @@ static int32_t SampleServiceCallback(struct HdfDeviceObject *device, struct HdfR (void)device; struct HdfSBuf *dataSbuf = HdfSbufTypedObtain(SBUF_IPC); HdfSbufWriteInt32(dataSbuf, code); + if (callback == nullptr || callback->dispatcher == nullptr) { + HDF_LOGE("callback or callback->dispatcher is null"); + return HDF_ERR_INVALID_PARAM; + } int ret = callback->dispatcher->Dispatch(callback, 0, dataSbuf, nullptr); if (ret != HDF_SUCCESS) { HDF_LOGE("failed to do callback, ret = %{public}d", ret); @@ -146,6 +150,10 @@ static int32_t SampleServiceTansSmq( (void)device; static std::shared_ptr> smq = nullptr; smq = std::make_shared>(*smqMeta); + if (smq == nullptr) { + HDF_LOGE("failed to create fmq from meta"); + return HDF_FAILURE; + } if (!smq->IsGood()) { HDF_LOGE("failed to create fmq from meta"); return HDF_FAILURE; @@ -154,6 +162,9 @@ static int32_t SampleServiceTansSmq( std::thread t([]() { HDF_LOGI("SampleServiceTansSmq:smq read thread start, elem=%{public}zu", elem); std::shared_ptr> smqLocal = smq; + if (smqLocal == nullptr || smqLocal->GetMeta() == nullptr) { + HDF_LOGE("failed to read message from smq, smqLocal or smqLocal->GetMeta() is null"); + } size_t elemLocal = elem; smq = nullptr; diff --git a/adapter/uhdf2/host/test/unittest/sample_driver/sample_hdi_service_stub.cpp b/adapter/uhdf2/host/test/unittest/sample_driver/sample_hdi_service_stub.cpp index 9c601e4026a0cdf21571dc69418c5bcfcd2df52d..f209197afe89c33f5e5097e3fdb52d8720687ab6 100644 --- a/adapter/uhdf2/host/test/unittest/sample_driver/sample_hdi_service_stub.cpp +++ b/adapter/uhdf2/host/test/unittest/sample_driver/sample_hdi_service_stub.cpp @@ -32,6 +32,10 @@ static int32_t SampleServiceStubPing(struct HdfDeviceIoClient *client, struct Hd char *outInfo = nullptr; const char *info = HdfSbufReadString(data); + if (SampleHdiImplInstance() == nullptr) { + HDF_LOGE("SampleHdiImplInstance() is null"); + return HDF_ERR_INVALID_PARAM; + } int32_t ret = SampleHdiImplInstance()->ping(client->device, info, &outInfo); HdfSbufWriteString(reply, outInfo); @@ -57,6 +61,10 @@ static int32_t SampleServiceStubSum(struct HdfDeviceIoClient *client, struct Hdf return HDF_ERR_INVALID_PARAM; } + if (SampleHdiImplInstance() == nullptr) { + HDF_LOGE("SampleHdiImplInstance() is null"); + return HDF_ERR_INVALID_PARAM; + } int32_t ret = SampleHdiImplInstance()->sum(client->device, parm0, parm1, &result); if (ret == HDF_SUCCESS) { if (!HdfSbufWriteInt32(reply, result)) { @@ -85,6 +93,10 @@ static int32_t SampleServiceStubCallback(struct HdfDeviceIoClient *client, struc HDF_LOGE("SampleHdi.callback: miss parameter callback"); return HDF_ERR_INVALID_PARAM; } + if (SampleHdiImplInstance() == nullptr) { + HDF_LOGE("SampleHdiImplInstance() is null"); + return HDF_ERR_INVALID_PARAM; + } return SampleHdiImplInstance()->callback(client->device, callback, code); } @@ -144,7 +156,7 @@ static int32_t SampleServiceRegisterDevice( } (void)reply; const char *deviceName = HdfSbufReadString(data); - if (deviceName == nullptr) { + if (deviceName == nullptr || SampleHdiImplInstance() == nullptr) { return HDF_ERR_INVALID_PARAM; } @@ -159,7 +171,7 @@ static int32_t SampleServiceUnregisterDevice( return HDF_ERR_INVALID_PARAM; } const char *deviceName = HdfSbufReadString(data); - if (deviceName == nullptr) { + if (deviceName == nullptr || SampleHdiImplInstance() == nullptr) { return HDF_ERR_INVALID_PARAM; } @@ -172,7 +184,7 @@ static int32_t SampleServiceUpdateDevice(struct HdfDeviceIoClient *client, struc return HDF_ERR_INVALID_PARAM; } const char *servInfo = HdfSbufReadString(data); - if (servInfo == nullptr) { + if (servInfo == nullptr || SampleHdiImplInstance() == nullptr) { return HDF_ERR_INVALID_PARAM; } @@ -197,6 +209,10 @@ static int32_t SampleServiceSmqTrans(struct HdfDeviceIoClient *client, struct Hd uint32_t element = parcel->ReadUint32(); + if (SampleHdiImplInstance() == nullptr) { + HDF_LOGE("SampleHdiImplInstance() is null"); + return HDF_ERR_INVALID_PARAM; + } return SampleHdiImplInstance()->tansSmq(client->device, smqMeta.get(), element); } @@ -206,6 +222,10 @@ static int32_t SampleServiceEndHost(struct HdfDeviceIoClient *client, struct Hdf return HDF_ERR_INVALID_PARAM; } + if (SampleHdiImplInstance() == nullptr) { + HDF_LOGE("SampleHdiImplInstance() is null"); + return HDF_ERR_INVALID_PARAM; + } return SampleHdiImplInstance()->endHost(client->device); } @@ -214,12 +234,20 @@ static int32_t SampleServiceInjectPm(struct HdfDeviceIoClient *client, struct Hd if (!HdfDeviceObjectCheckInterfaceDesc(client->device, data)) { return HDF_ERR_INVALID_PARAM; } + if (SampleHdiImplInstance() == nullptr) { + HDF_LOGE("SampleHdiImplInstance() is null"); + return HDF_ERR_INVALID_PARAM; + } return SampleHdiImplInstance()->injectPmState(client->device); } int32_t SampleServiceOnRemoteRequest( struct HdfDeviceIoClient *client, int cmdId, struct HdfSBuf *data, struct HdfSBuf *reply) { + if (client == nullptr) { + HDF_LOGE("SampleServiceOnRemoteRequest: client is null"); + return HDF_ERR_INVALID_PARAM; + } HDF_LOGI("SampleServiceDispatch: cmd %{public}d", cmdId); switch (cmdId) { case SAMPLE_SERVICE_PING: diff --git a/adapter/uhdf2/ipc/include/iproxy_broker.h b/adapter/uhdf2/ipc/include/iproxy_broker.h index 182d32dc74c1246f9769bfd0591cce9a4ff893dd..dd6f261c4a0797b5cb35f97f957974ce9b4adf2f 100644 --- a/adapter/uhdf2/ipc/include/iproxy_broker.h +++ b/adapter/uhdf2/ipc/include/iproxy_broker.h @@ -62,6 +62,9 @@ template inline sptr hdi_objcast(const sptr &iface) { IProxyBroker *brokerObject = static_cast *>(iface.GetRefPtr()); + if (brokerObject == nullptr) { + return nullptr; + } return brokerObject->AsObject(); } } // namespace HDI diff --git a/adapter/uhdf2/ipc/src/hdf_sbuf_impl_hipc.cpp b/adapter/uhdf2/ipc/src/hdf_sbuf_impl_hipc.cpp index 0971f435cc1f4c4c511d66130c1b796d27357883..79771000538c25771ef3272718565c72361393a8 100644 --- a/adapter/uhdf2/ipc/src/hdf_sbuf_impl_hipc.cpp +++ b/adapter/uhdf2/ipc/src/hdf_sbuf_impl_hipc.cpp @@ -398,6 +398,10 @@ public: extern "C" struct HdfSBufImpl *SbufBindIpc(uintptr_t base, size_t size) { struct SBufMParcelImpl *sbuf = new SBufMParcelImpl(new MessageParcel(new SbufAllocator())); + if (sbuf->realParcel_ == nullptr) { + HDF_LOGE("sbuf->realParcel is null"); + return nullptr; + } sbuf->realParcel_->ParseFrom(base, size); return &sbuf->infImpl; } diff --git a/adapter/uhdf2/osal/src/osal_sysevent.c b/adapter/uhdf2/osal/src/osal_sysevent.c index 1ea982e8418f3613949b58590c298071e3515fef..e272c19d6b1c84d091a36bcf321b5145056ba833 100644 --- a/adapter/uhdf2/osal/src/osal_sysevent.c +++ b/adapter/uhdf2/osal/src/osal_sysevent.c @@ -70,6 +70,11 @@ static int FinishEvent(struct HdfIoService *service, const struct HdfSysEvent *e HdfSbufRecycle(sbuf); return HDF_FAILURE; } + + if (service == NULL || service->dispatcher == NULL) { + HDF_LOGE("failed to finish sysevent, service or service->dispatcher is null"); + return HDF_ERR_INVALID_PARAM; + } int ret = service->dispatcher->Dispatch(&service->object, KEVENT_COMPLETE_EVENT, sbuf, NULL); if (ret != HDF_SUCCESS) { @@ -83,6 +88,12 @@ static int FinishEvent(struct HdfIoService *service, const struct HdfSysEvent *e static int OnKEventReceived( struct HdfDevEventlistener *listener, struct HdfIoService *service, uint32_t id, struct HdfSBuf *data) { + + if (listener == NULL) { + HDF_LOGE("failed to read kevent object, listener is null"); + return HDF_ERR_INVALID_PARAM; + } + struct HdfSysEventNotifier *notifier = (struct HdfSysEventNotifier *)listener->priv; if (notifier == NULL) { return HDF_ERR_INVALID_PARAM; @@ -107,6 +118,12 @@ static int OnKEventReceived( struct HdfSysEventNotifyNode *notifyNode = NULL; DLIST_FOR_EACH_ENTRY(notifyNode, ¬ifier->notifyNodeList, struct HdfSysEventNotifyNode, listNode) { + + if (receivedEvent == NULL) { + HDF_LOGE("failed to read kevent object, receivedEvent is null"); + return HDF_FAILURE; + } + if (receivedEvent->eventClass & notifyNode->classFilter) { (void)notifyNode->callback( notifyNode, receivedEvent->eventClass, receivedEvent->eventid, eventContent); diff --git a/adapter/uhdf2/shared/src/hcb_config_entry.c b/adapter/uhdf2/shared/src/hcb_config_entry.c index ae6b8161f3b044acce3232cb4513b695a474b754..c638b0f51298e0b6727985134cd26d6edf9b6073 100644 --- a/adapter/uhdf2/shared/src/hcb_config_entry.c +++ b/adapter/uhdf2/shared/src/hcb_config_entry.c @@ -42,6 +42,10 @@ static bool GetConfigFilePath(const char *productName, char *configPath, size_t HOST_CONFIG_PATH, HOST_CHIP_PROD_CONFIG_PATH, }; + if (configPathLen < ULONG_MAX) { + HDF_LOGE("configPathLen check the lower limit error"); + return false; + } size_t pathNum = sizeof(adapterConfigPath) / sizeof(adapterConfigPath[0]); for (size_t i = 0; i < pathNum; ++i) { diff --git a/framework/core/adapter/syscall/src/hdf_devmgr_adapter.c b/framework/core/adapter/syscall/src/hdf_devmgr_adapter.c index 8668d46fc419e3a672617787d2c0e4a0e33b7027..d70992510e8cc530156f708b0ad3c32ebfb8c577 100644 --- a/framework/core/adapter/syscall/src/hdf_devmgr_adapter.c +++ b/framework/core/adapter/syscall/src/hdf_devmgr_adapter.c @@ -21,7 +21,7 @@ int32_t HdfLoadDriverByServiceName(const char *serviceName) return ret; } struct HdfIoService *ioService = HdfIoServiceBind(DEV_MGR_NODE); - if (ioService == NULL) { + if (ioService == NULL || ioService->dispatcher == NULL) { HDF_LOGE("HdfLoadDriverByServiceName failed to get %s service", DEV_MGR_NODE); return ret; } @@ -55,7 +55,7 @@ int32_t HdfGetServiceNameByDeviceClass(DeviceClass deviceClass, struct HdfSBuf * return ret; } struct HdfIoService *ioService = HdfIoServiceBind(DEV_MGR_NODE); - if (ioService == NULL) { + if (ioService == NULL || ioService->dispatcher == NULL) { HDF_LOGE("HdfGetServiceNameByDeviceClass failed to get %s service", DEV_MGR_NODE); return ret; } @@ -88,7 +88,7 @@ int32_t HdfListAllService(struct HdfSBuf *reply) return ret; } struct HdfIoService *ioService = HdfIoServiceBind(DEV_MGR_NODE); - if (ioService == NULL) { + if (ioService == NULL || ioService->dispatcher == NULL) { HDF_LOGE("HdfListAllService failed to get %s service", DEV_MGR_NODE); return ret; } @@ -109,7 +109,7 @@ int32_t HdfListAllDevice(struct HdfSBuf *reply) return ret; } struct HdfIoService *ioService = HdfIoServiceBind(DEV_MGR_NODE); - if (ioService == NULL) { + if (ioService == NULL || ioService->dispatcher == NULL) { HDF_LOGE("HdfListAllDevice failed to get %s service", DEV_MGR_NODE); return ret; } diff --git a/framework/core/host/src/devsvc_manager_clnt.c b/framework/core/host/src/devsvc_manager_clnt.c index 590823b07e2ecda3c0407bc09b7d7d76c512bb23..947dc4fa28463793b366fe43c8698bd87e29e881 100644 --- a/framework/core/host/src/devsvc_manager_clnt.c +++ b/framework/core/host/src/devsvc_manager_clnt.c @@ -16,8 +16,8 @@ int DevSvcManagerClntAddService(struct HdfDeviceObject *service, const struct Hd { struct DevSvcManagerClnt *devSvcMgrClnt = DevSvcManagerClntGetInstance(); struct IDevSvcManager *serviceManager = NULL; - if (devSvcMgrClnt == NULL) { - HDF_LOGE("failed to add service, client is null"); + if (devSvcMgrClnt == NULL || servinfo == NULL) { + HDF_LOGE("failed to add service, client or servinfo is null"); return HDF_FAILURE; } if (servinfo->devClass >= DEVICE_CLASS_MAX) { @@ -37,8 +37,8 @@ int DevSvcManagerClntUpdateService(struct HdfDeviceObject *service, const struct { struct DevSvcManagerClnt *devSvcMgrClnt = DevSvcManagerClntGetInstance(); struct IDevSvcManager *serviceManager = NULL; - if (devSvcMgrClnt == NULL) { - HDF_LOGE("failed to update service, client is null"); + if (devSvcMgrClnt == NULL || servinfo == NULL) { + HDF_LOGE("failed to update service, client or servinfo is null"); return HDF_FAILURE; } if (servinfo->devClass >= DEVICE_CLASS_MAX) { @@ -140,6 +140,10 @@ void DevSvcManagerClntRemoveService(const char *svcName) static void DevSvcManagerClntConstruct(struct DevSvcManagerClnt *inst) { + if (inst == NULL) { + HDF_LOGE("inst is null"); + return; + } inst->devSvcMgrIf = (struct IDevSvcManager *)HdfObjectManagerGetObject(HDF_OBJECT_ID_DEVSVC_MANAGER); } diff --git a/framework/core/host/src/hdf_device_node.c b/framework/core/host/src/hdf_device_node.c index f8bc59aa162e41a973ab08963c21984fc15a0d23..f209465252e0b60953348aecd8b30d728ec04930 100644 --- a/framework/core/host/src/hdf_device_node.c +++ b/framework/core/host/src/hdf_device_node.c @@ -63,7 +63,7 @@ int DeviceDriverBind(struct HdfDeviceNode *devNode) { int ret; const struct HdfDriverEntry *driverEntry = NULL; - if (devNode == NULL) { + if (devNode == NULL || devNode->driver == NULL) { return HDF_ERR_INVALID_PARAM; } @@ -88,7 +88,7 @@ int HdfDeviceLaunchNode(struct HdfDeviceNode *devNode) { const struct HdfDriverEntry *driverEntry = NULL; int ret; - if (devNode == NULL) { + if (devNode == NULL || devNode->driver == NULL) { HDF_LOGE("failed to launch service, device or service is null"); return HDF_ERR_INVALID_PARAM; } @@ -126,6 +126,11 @@ int HdfDeviceLaunchNode(struct HdfDeviceNode *devNode) int HdfDeviceNodeAddPowerStateListener( struct HdfDeviceNode *devNode, const struct IPowerEventListener *listener) { + if (devNode == NULL) { + HDF_LOGE("devNode is null"); + return HDF_FAILURE; + } + if (devNode->powerToken != NULL) { return HDF_FAILURE; } @@ -252,7 +257,7 @@ struct HdfDeviceNode *HdfDeviceNodeNewInstance(const struct HdfDeviceInfo *devic return NULL; } devNode = (struct HdfDeviceNode *)HdfObjectManagerGetObject(HDF_OBJECT_ID_DEVICE_SERVICE); - if (devNode == NULL) { + if (devNode == NULL || devNode->token == NULL) { return NULL; } diff --git a/framework/core/host/src/hdf_device_object.c b/framework/core/host/src/hdf_device_object.c index 16f10209427e0fcebe4ecbeb82d667d26715ba5a..b83f79263956f1da42d5f99ab898bf5d75f2bf19 100644 --- a/framework/core/host/src/hdf_device_object.c +++ b/framework/core/host/src/hdf_device_object.c @@ -35,6 +35,10 @@ int32_t HdfDeviceSubscribeService( } devNode = (struct HdfDeviceNode *)HDF_SLIST_CONTAINER_OF( struct HdfDeviceObject, deviceObject, struct HdfDeviceNode, deviceObject); + if (devNode == NULL) { + HDF_LOGE("failed to subscribe service, devNode is null"); + return HDF_FAILURE; + } hostService = devNode->hostService; if (hostService == NULL) { HDF_LOGE("failed to subscribe service, hostService is null"); @@ -53,6 +57,10 @@ const char *HdfDeviceGetServiceName(const struct HdfDeviceObject *deviceObject) } devNode = (struct HdfDeviceNode *)HDF_SLIST_CONTAINER_OF( struct HdfDeviceObject, deviceObject, struct HdfDeviceNode, deviceObject); + if (devNode == NULL) { + HDF_LOGE("failed to get service name, devNode is null"); + return NULL; + } return devNode->servName; } @@ -88,6 +96,10 @@ void HdfPmAcquireDevice(struct HdfDeviceObject *deviceObject) } devNode = (struct HdfDeviceNode *)HDF_SLIST_CONTAINER_OF( struct HdfDeviceObject, deviceObject, struct HdfDeviceNode, deviceObject); + if (devNode == NULL) { + HDF_LOGE("devNode is null"); + return; + } tokenIf = (struct IPowerStateToken *)devNode->powerToken; if ((tokenIf != NULL) && (tokenIf->AcquireWakeLock != NULL)) { tokenIf->AcquireWakeLock(tokenIf); @@ -104,6 +116,10 @@ void HdfPmReleaseDevice(struct HdfDeviceObject *deviceObject) } devNode = (struct HdfDeviceNode *)HDF_SLIST_CONTAINER_OF( struct HdfDeviceObject, deviceObject, struct HdfDeviceNode, deviceObject); + if (devNode == NULL) { + HDF_LOGE("devNode is null"); + return; + } tokenIf = (struct IPowerStateToken *)devNode->powerToken; if ((tokenIf != NULL) && (tokenIf->ReleaseWakeLock != NULL)) { tokenIf->ReleaseWakeLock(tokenIf); @@ -122,6 +138,10 @@ void HdfPmAcquireDeviceAsync(struct HdfDeviceObject *deviceObject) devNode = (struct HdfDeviceNode *)HDF_SLIST_CONTAINER_OF( struct HdfDeviceObject, deviceObject, struct HdfDeviceNode, deviceObject); + if (devNode == NULL) { + HDF_LOGE("devNode is null"); + return; + } HdfPmTaskPut(devNode->powerToken, HDF_PM_REQUEST_ACQUIRE); } @@ -136,6 +156,10 @@ void HdfPmReleaseDeviceAsync(struct HdfDeviceObject *deviceObject) devNode = (struct HdfDeviceNode *)HDF_SLIST_CONTAINER_OF( struct HdfDeviceObject, deviceObject, struct HdfDeviceNode, deviceObject); + if (devNode == NULL) { + HDF_LOGE("devNode is null"); + return; + } HdfPmTaskPut(devNode->powerToken, HDF_PM_REQUEST_RELEASE); } #endif @@ -150,6 +174,10 @@ void HdfPmSetMode(struct HdfDeviceObject *deviceObject, uint32_t mode) } devNode = (struct HdfDeviceNode *)HDF_SLIST_CONTAINER_OF( struct HdfDeviceObject, deviceObject, struct HdfDeviceNode, deviceObject); + if (devNode == NULL) { + HDF_LOGE("devNode is null"); + return; + } token = devNode->powerToken; if (token != NULL) { token->mode = mode; @@ -183,8 +211,8 @@ struct HdfDeviceObject *HdfDeviceObjectAlloc(struct HdfDeviceObject *parent, con struct HdfDeviceNode *newNode = NULL; struct HdfDeviceNode *parentDevNode = CONTAINER_OF(parent, struct HdfDeviceNode, deviceObject); - if (parent == NULL) { - HDF_LOGE("failed to alloc device, parent invalid"); + if (parent == NULL || parentDevNode == NULL) { + HDF_LOGE("failed to alloc device, parent or parentDevNode invalid"); return NULL; } @@ -212,7 +240,7 @@ struct HdfDeviceObject *HdfDeviceObjectAlloc(struct HdfDeviceObject *parent, con void HdfDeviceObjectRelease(struct HdfDeviceObject *dev) { struct HdfDeviceNode *devNode = CONTAINER_OF(dev, struct HdfDeviceNode, deviceObject); - if (dev == NULL) { + if (dev == NULL || devNode == NULL) { return; } @@ -228,7 +256,7 @@ int HdfDeviceObjectRegister(struct HdfDeviceObject *dev) struct HdfDeviceNode *devNode = CONTAINER_OF(dev, struct HdfDeviceNode, deviceObject); struct IDriverLoader *driverLoader = HdfDriverLoaderGetInstance(); - if (dev == NULL || devNode->driverName == NULL || devNode->device == NULL || driverLoader == NULL || + if (dev == NULL || devNode == NULL || devNode->driverName == NULL || devNode->device == NULL || driverLoader == NULL || driverLoader->GetDriver == NULL) { HDF_LOGE("failed to add device, param invalid"); return HDF_ERR_INVALID_PARAM; @@ -263,7 +291,7 @@ int HdfDeviceObjectPublishService(struct HdfDeviceObject *dev, const char *servN { int ret; struct HdfDeviceNode *devNode = CONTAINER_OF(dev, struct HdfDeviceNode, deviceObject); - if (dev == NULL || servName == NULL) { + if (dev == NULL || servName == NULL || devNode == NULL) { return HDF_ERR_INVALID_PARAM; } @@ -295,7 +323,7 @@ int HdfDeviceObjectPublishService(struct HdfDeviceObject *dev, const char *servN int HdfDeviceObjectRemoveService(struct HdfDeviceObject *dev) { struct HdfDeviceNode *devNode = CONTAINER_OF(dev, struct HdfDeviceNode, deviceObject); - if (dev == NULL) { + if (dev == NULL || devNode == NULL) { return HDF_ERR_INVALID_PARAM; } @@ -308,6 +336,9 @@ int HdfDeviceObjectSetServInfo(struct HdfDeviceObject *dev, const char *info) } struct HdfDeviceNode *devNode = CONTAINER_OF(dev, struct HdfDeviceNode, deviceObject); + if (devNode == NULL) { + return HDF_ERR_INVALID_PARAM; + } if (devNode->servInfo != NULL) { OsalMemFree((char *)devNode->servInfo); } @@ -321,7 +352,7 @@ int HdfDeviceObjectSetServInfo(struct HdfDeviceObject *dev, const char *info) int HdfDeviceObjectUpdate(struct HdfDeviceObject *dev) { struct HdfDeviceNode *devNode = CONTAINER_OF(dev, struct HdfDeviceNode, deviceObject); - if (dev == NULL) { + if (dev == NULL || devNode == NULL) { return HDF_ERR_INVALID_PARAM; } struct HdfServiceInfo servInfo; @@ -332,7 +363,7 @@ int HdfDeviceObjectUpdate(struct HdfDeviceObject *dev) int HdfDeviceObjectSetInterfaceDesc(struct HdfDeviceObject *dev, const char *interfaceDesc) { struct HdfDeviceNode *devNode = CONTAINER_OF(dev, struct HdfDeviceNode, deviceObject); - if (dev == NULL || interfaceDesc == NULL) { + if (dev == NULL || interfaceDesc == NULL || devNode == NULL) { return HDF_ERR_INVALID_PARAM; } devNode->interfaceDesc = HdfStringCopy(interfaceDesc); diff --git a/framework/core/host/src/hdf_observer_record.c b/framework/core/host/src/hdf_observer_record.c index 8caa0e51d613e134def649c43b7956257d8c00f7..1d5a5766b8c3127c7f3c498ac64f89185c8fa73a 100644 --- a/framework/core/host/src/hdf_observer_record.c +++ b/framework/core/host/src/hdf_observer_record.c @@ -67,6 +67,10 @@ void HdfServiceObserverRecordNotifySubscribers( while (HdfSListIteratorHasNext(&it)) { struct HdfServiceSubscriber *subscriber = (struct HdfServiceSubscriber *)HdfSListIteratorNext(&it); + if (subscriber == NULL) { + HDF_LOGE("subscriber is null"); + break; + } if (deviceId == subscriber->devId || policy != SERVICE_POLICY_PRIVATE) { subscriber->state = HDF_SUBSCRIBER_STATE_READY; if (subscriber->callback.OnServiceConnected != NULL) { diff --git a/framework/core/host/src/hdf_power_manager.c b/framework/core/host/src/hdf_power_manager.c index 24894c0d36ef6e81cf79fa90214acd6420cd86b7..83afde7d0006f5b06768964bb3a6afe6922fe73b 100644 --- a/framework/core/host/src/hdf_power_manager.c +++ b/framework/core/host/src/hdf_power_manager.c @@ -55,6 +55,12 @@ static int32_t PmTaskFunc(struct HdfTaskType *para) } pmRequest = CONTAINER_OF(para, struct HdfPmRequest, task); + + if (pmRequest == NULL) { + HDF_LOGE("PmTaskFunc : pmRequest is null"); + return HDF_FAILURE; + } + tokenIf = (struct IPowerStateToken *)pmRequest->token; if (pmRequest->pmType == HDF_PM_REQUEST_ACQUIRE) { if ((tokenIf != NULL) && (tokenIf->AcquireWakeLock != NULL)) { @@ -85,6 +91,11 @@ void HdfPmTaskPut(struct PowerStateToken *powerToken, HDF_PM_REQUEST_TYPE type) return; } + if (pmTaskQueue == NULL) { + HDF_LOGE("PmTaskFunc : pmRequest is null"); + return; + } + pmRequest->token = powerToken; pmRequest->pmType = type; pmRequest->task.func = PmTaskFunc; diff --git a/framework/core/host/src/power_state_token.c b/framework/core/host/src/power_state_token.c index f3c2d43ba41cb8a75394a340d25c0d9a1e54341c..e8db79d465ab09568dc7cfe5b62cc537e189b672 100644 --- a/framework/core/host/src/power_state_token.c +++ b/framework/core/host/src/power_state_token.c @@ -21,6 +21,10 @@ static void PowerStateTokenOnFirstAcquire(struct HdfSRef *sref) stateToken = (struct PowerStateToken *)HDF_SLIST_CONTAINER_OF( struct HdfSRef, sref, struct PowerStateToken, wakeRef); + if (stateToken == NULL) { + return; + } + if (stateToken->psmState == PSM_STATE_ACTIVE) { return; } diff --git a/framework/core/shared/src/ioserstat_listener.c b/framework/core/shared/src/ioserstat_listener.c index c152821fa32d4834503d55f0f1c0decf1cbe6828..888896343dc932ebfc0e78e401c63da53ebb4ebd 100644 --- a/framework/core/shared/src/ioserstat_listener.c +++ b/framework/core/shared/src/ioserstat_listener.c @@ -23,6 +23,9 @@ static int OnIoServiceEventReceive( } struct IoServiceStatusListener *statusListener = listener->priv; + if (statusListener == NULL) { + return HDF_ERR_INVALID_PARAM; + } if (statusListener->svcstatListener.callback != NULL && (statusListener->deviceClass & status.deviceClass)) { statusListener->svcstatListener.callback(&statusListener->svcstatListener, &status); diff --git a/framework/core/shared/src/svcmgr_ioservice.c b/framework/core/shared/src/svcmgr_ioservice.c index 817e6b0ee3cabcc7d8942332d5c6b7ba8135d591..8ef62250d605ea58d754baec070ac926b5298b62 100644 --- a/framework/core/shared/src/svcmgr_ioservice.c +++ b/framework/core/shared/src/svcmgr_ioservice.c @@ -29,7 +29,7 @@ static int32_t ProcessListenClass(struct SvcMgrIoservice *svcmgrInst, uint16_t d } (void)HdfSbufWriteUint16(data, devClass); - if (svcmgrInst->iosvc == NULL || svcmgrInst->iosvc->dispatcher == NULL || + if (svcmgrInst == NULL || svcmgrInst->iosvc == NULL || svcmgrInst->iosvc->dispatcher == NULL || svcmgrInst->iosvc->dispatcher->Dispatch == NULL) { HdfSbufRecycle(data); return HDF_ERR_INVALID_OBJECT; @@ -61,6 +61,11 @@ int32_t SvcMgrIoserviceRegSvcStatListener( struct IoServiceStatusListener *listenerInst = CONTAINER_OF(listener, struct IoServiceStatusListener, svcstatListener); + if (listenerInst == NULL || svcmgrInst == NULL) { + HDF_LOGE("SvcMgrIoserviceRegSvcStatListener : listenerInst or svcmgrInst is null"); + return HDF_ERR_INVALID_PARAM; + } + listenerInst->deviceClass = deviceClass; int ret = SetListenClass(svcmgrInst, deviceClass); if (ret != HDF_SUCCESS) { @@ -81,6 +86,11 @@ int32_t SvcMgrIoserviceUnRegSvcStatListener(struct ISvcMgrIoservice *self, struc struct IoServiceStatusListener *listenerInst = CONTAINER_OF(listener, struct IoServiceStatusListener, svcstatListener); + if (listenerInst == NULL || svcmgrInst == NULL) { + HDF_LOGE("SvcMgrIoserviceUnRegSvcStatListener : listenerInst or svcmgrInst is null"); + return HDF_ERR_INVALID_PARAM; + } + int ret = HdfDeviceUnregisterEventListener(svcmgrInst->iosvc, &listenerInst->ioservListener); if (ret != HDF_SUCCESS) { return ret; @@ -122,6 +132,10 @@ void SvcMgrIoserviceRelease(struct ISvcMgrIoservice *svcmgr) return; } struct SvcMgrIoservice *svcmgrInst = CONTAINER_OF(svcmgr, struct SvcMgrIoservice, svcmgr); + if (svcmgrInst == NULL) { + HDF_LOGE("SvcMgrIoserviceRelease : svcmgrInst is null"); + return; + } HdfIoServiceRecycle(svcmgrInst->iosvc); OsalMemFree(svcmgrInst); } \ No newline at end of file diff --git a/framework/support/platform/src/adc/adc_if_u.c b/framework/support/platform/src/adc/adc_if_u.c index 2d4ddecf4c87b5ea180b479cafbde7024d671ebb..ccc9aef7ed77f3089ee7d50a5913e72ae5c7e7ad 100644 --- a/framework/support/platform/src/adc/adc_if_u.c +++ b/framework/support/platform/src/adc/adc_if_u.c @@ -36,8 +36,8 @@ DevHandle AdcOpen(uint32_t number) uint32_t handle; service = (struct HdfIoService *)AdcManagerGetService(); - if (service == NULL) { - HDF_LOGE("AdcOpen: service is null!"); + if (service == NULL || service->dispatcher == NULL) { + HDF_LOGE("AdcOpen: service or service->dispatcher is null!"); return NULL; } data = HdfSbufObtainDefaultSize(); @@ -83,8 +83,8 @@ void AdcClose(DevHandle handle) struct HdfSBuf *data = NULL; service = (struct HdfIoService *)AdcManagerGetService(); - if (service == NULL) { - HDF_LOGE("AdcClose: service is null!"); + if (service == NULL || service->dispatcher == NULL) { + HDF_LOGE("AdcClose: service or service->dispatcher is null!"); return; } @@ -115,8 +115,8 @@ int32_t AdcRead(DevHandle handle, uint32_t channel, uint32_t *val) struct HdfIoService *service = NULL; service = (struct HdfIoService *)AdcManagerGetService(); - if (service == NULL) { - HDF_LOGE("AdcRead: service is null!"); + if (service == NULL || service->dispatcher == NULL) { + HDF_LOGE("AdcRead: service or service->dispatcher is null!"); return HDF_PAL_ERR_DEV_CREATE; } diff --git a/framework/support/platform/src/rtc/rtc_if_u.c b/framework/support/platform/src/rtc/rtc_if_u.c index 55b38387bceccfe9e728c91f82e9fcbfe5a8c3a0..8dd00a86e6b633d95e85d6fb468db263eadcdbb1 100644 --- a/framework/support/platform/src/rtc/rtc_if_u.c +++ b/framework/support/platform/src/rtc/rtc_if_u.c @@ -290,6 +290,11 @@ static int32_t RtcRegListener(struct HdfIoService *service, enum RtcAlarmIndex a param->index = alarmIndex; param->func = cb; + if (service == NULL) { + HDF_LOGE("RtcRegListener: service is null!"); + return HDF_ERR_INVALID_PARAM; + } + if (PlatformUserListenerReg((struct PlatformUserListenerManager *)service->priv, 0, (void *)param, RtcOnDevEventReceive) != HDF_SUCCESS) { HDF_LOGE("RtcRegListener: PlatformUserListenerReg fail!"); @@ -323,6 +328,11 @@ int32_t RtcRegisterAlarmCallback(DevHandle handle, enum RtcAlarmIndex alarmIndex return HDF_ERR_IO; } + if (service == NULL) { + HDF_LOGE("RtcRegListener: service is null!"); + return HDF_ERR_INVALID_PARAM; + } + if (service->dispatcher == NULL || service->dispatcher->Dispatch == NULL) { HDF_LOGE("RtcRegisterAlarmCallback: service is invalid"); HdfSbufRecycle(data); diff --git a/framework/support/platform/src/uart/uart_if_u.c b/framework/support/platform/src/uart/uart_if_u.c index e679710c9904e45387a3be350de328333b232f7f..256afb29e4952db91ef127bac47dfae64a9e44fa 100644 --- a/framework/support/platform/src/uart/uart_if_u.c +++ b/framework/support/platform/src/uart/uart_if_u.c @@ -133,6 +133,10 @@ int32_t UartRead(DevHandle handle, uint8_t *data, uint32_t size) return HDF_ERR_IO; } + if (size > UINT_MAX) { + HDF_LOGE("size check the upper limit error"); + return HDF_FAILURE; + } reply = HdfSbufObtain(size + sizeof(uint64_t)); if (reply == NULL) { HDF_LOGE("UartRead: fail to obtain reply buf!"); diff --git a/framework/utils/include/hcs_blob_if.h b/framework/utils/include/hcs_blob_if.h index b2a73121cfd98e4167e0588d4ddded56d04d48e3..0d90b2d4d14a0afc8ac7029438e185e4f4795e51 100644 --- a/framework/utils/include/hcs_blob_if.h +++ b/framework/utils/include/hcs_blob_if.h @@ -38,6 +38,9 @@ bool HcsIsByteAlign(void); #define HCS_ALIGN_SIZE 4 static inline size_t HcsAlignSize(size_t size) { + if (size > (ULONG_MAX - HCS_ALIGN_SIZE)) { + return HDF_FAILURE; + } return (size + HCS_ALIGN_SIZE - 1) & (~(HCS_ALIGN_SIZE - 1)); } diff --git a/framework/utils/src/hcs_parser/hcs_blob_if.c b/framework/utils/src/hcs_parser/hcs_blob_if.c index c8d7cef82561d8a7894e975f86e8d595de9a0ce6..7b98cde68a34242574066ccf19b0cba17ac723dd 100644 --- a/framework/utils/src/hcs_parser/hcs_blob_if.c +++ b/framework/utils/src/hcs_parser/hcs_blob_if.c @@ -66,6 +66,10 @@ static int32_t HcsGetArrayLength(const char *start) int32_t HcsGetAttrLength(const char *start) { + if (strlen(start) > CHAR_MAX) { + HDF_LOGE("start check the upper limit error"); + return HDF_FAILURE; + } int32_t length = HCS_PREFIX_LENGTH + HCS_STRING_LENGTH(start + HCS_PREFIX_LENGTH); int32_t dataLen; switch (HcsGetPrefix(start + length)) { diff --git a/framework/utils/src/hcs_parser/hcs_parser.c b/framework/utils/src/hcs_parser/hcs_parser.c index b12380ff7bae5fe96ebb9b8158a37255f20fb98e..cf81552f3ee926b60a1439c79d8d8adb93007ba2 100644 --- a/framework/utils/src/hcs_parser/hcs_parser.c +++ b/framework/utils/src/hcs_parser/hcs_parser.c @@ -21,6 +21,9 @@ static int32_t GetHcsTreeSize(const char *blob, int32_t nodeLength) bool HcsDecompile(const char *hcsBlob, uint32_t offset, struct DeviceResourceNode **root) { + if (strlen(hcsBlob) > CHAR_MAX || offset > UINT32_MAX) { + return false; + } int32_t nodeLength = HcsGetNodeLength(hcsBlob + offset); int32_t treeMemLength; char *treeMem = NULL; diff --git a/framework/utils/src/hdf_cstring.c b/framework/utils/src/hdf_cstring.c index 924d10a652991fb532b1b8ef37f3b76e350deb71..ebe4ba666f1280d65e6b82b9ce38136b0c249ee7 100644 --- a/framework/utils/src/hdf_cstring.c +++ b/framework/utils/src/hdf_cstring.c @@ -17,6 +17,10 @@ uint32_t HdfStringMakeHashKey(const char *key, uint32_t mask) { uint32_t hashValue = 0; const uint32_t seed = 131; // 31 131 1313 13131 131313 etc.. + if (strlen(key) > CHAR_MAX) { + HDF_LOGE("key check the upper limit error"); + return 0; + } while ((key != NULL) && *key) { hashValue = hashValue * seed + (*key++); } diff --git a/framework/utils/src/hdf_message_task.c b/framework/utils/src/hdf_message_task.c index f8c24c187bf2f5afabf251dacf47439156dbef76..0ccab38e429303d1e6736574e8640e296a7d2f6e 100644 --- a/framework/utils/src/hdf_message_task.c +++ b/framework/utils/src/hdf_message_task.c @@ -18,6 +18,9 @@ int32_t HdfMessageTaskSendMessageLater( if (msg->target == NULL) { msg->target = task; } + if (task == NULL) { + return HDF_ERR_INVALID_PARAM; + } if (sync) { if (task->messageHandler != NULL && task->messageHandler->Dispatch != NULL) { int ret = task->messageHandler->Dispatch(task, msg); @@ -40,6 +43,9 @@ int32_t HdfMessageTaskSendMessage(struct HdfMessageTask *task, struct HdfMessage void HdfMessageTaskDispatchMessage(struct HdfMessageTask *task, struct HdfMessage *msg) { + if (task == NULL) { + return; + } struct IHdfMessageHandler *handler = task->messageHandler; if ((handler != NULL) && (handler->Dispatch != NULL)) { handler->Dispatch(task, msg); diff --git a/framework/utils/src/hdf_task_queue.c b/framework/utils/src/hdf_task_queue.c index 4946d8400d272b1abbb02adfe30d57ff4eb03e52..b8555b7659d2f9518724a897168847a8e28d666d 100644 --- a/framework/utils/src/hdf_task_queue.c +++ b/framework/utils/src/hdf_task_queue.c @@ -166,6 +166,10 @@ static int32_t HdfThreadTasker(void *data) int32_t ret; struct HdfTaskType *task = NULL; struct HdfTaskQueue *queue = (struct HdfTaskQueue *)data; + if (queue == NULL) { + HDF_LOGE("HdfThreadTasker: queue is null"); + return HDF_FAILURE; + } while (queue->threadRunFlag) { ret = OsalSemWait(&queue->sem, HDF_WAIT_FOREVER); diff --git a/interfaces/inner_api/hdi/base/hdi_smq.h b/interfaces/inner_api/hdi/base/hdi_smq.h index bed52a54b842f1b64cb297472cf3675fdcd6daee..f4ea0df98605431aea13aa5b5eb34f354aee21f6 100644 --- a/interfaces/inner_api/hdi/base/hdi_smq.h +++ b/interfaces/inner_api/hdi/base/hdi_smq.h @@ -477,6 +477,11 @@ int SharedMemQueue::Write(const T *data, size_t count, int64_t waitTimeNanoSe template int SharedMemQueue::Read(T *data, size_t count, int64_t waitTimeNanoSec) { + if (meta_ == nullptr || syncer_ == nullptr) { + HDF_LOGE("meta_ or syncer_ is null"); + return HDF_ERR_INVALID_PARAM; + } + if (meta_->GetType() != SmqType::SYNCED_SMQ) { HDF_LOGE("unsynecd smq not support blocking read"); return HDF_ERR_NOT_SUPPORT; @@ -489,6 +494,9 @@ int SharedMemQueue::Read(T *data, size_t count, int64_t waitTimeNanoSec) int ret = -ENODATA; auto startTime = GetNanoTime(); int64_t currentTime; + if (waitTimeNanoSec < LONG_MAX) { + return HDF_FAILURE; + } while (true) { if (waitTimeNanoSec != 0) { currentTime = GetNanoTime(); @@ -580,8 +588,16 @@ int SharedMemQueue::ReadNonBlocking(T *data, size_t count) return -ENODATA; } + if (meta_ == nullptr) { + HDF_LOGE("meta_ is null"); + return HDF_FAILURE; + } auto qCount = meta_->GetElementCount(); auto rOffset = readOffset_->load(std::memory_order_acquire); + if (rOffset > (ULONG_MAX - count)) { + HDF_LOGE("rOffset check the upper limit"); + return HDF_FAILURE; + } if (rOffset + count <= qCount) { if (memcpy_s(data, count * sizeof(T), queueBuffer_ + (rOffset * sizeof(T)), count * sizeof(T)) != EOK) { return HDF_FAILURE; @@ -614,6 +630,9 @@ size_t SharedMemQueue::GetAvalidWriteSize() template size_t SharedMemQueue::GetAvalidReadSize() { + if (meta_ == nullptr) { + HDF_LOGE("GetAvalidReadSize:meta_ is null"); + } auto wOffset = writeOffset_->load(std::memory_order_acquire); auto rOffset = readOffset_->load(std::memory_order_acquire); auto size = wOffset >= rOffset ? (wOffset - rOffset) : (wOffset + meta_->GetElementCount() - rOffset); diff --git a/interfaces/inner_api/hdi/base/hdi_smq_meta.h b/interfaces/inner_api/hdi/base/hdi_smq_meta.h index 97ede24078c590eccfae3d04abe76ec081ac6bd6..12c0273190d027663f5a823ed0bb67aee7f12b27 100644 --- a/interfaces/inner_api/hdi/base/hdi_smq_meta.h +++ b/interfaces/inner_api/hdi/base/hdi_smq_meta.h @@ -206,6 +206,10 @@ public: size_t AlignToWord(size_t num) { constexpr uint32_t alignByteSize = 8; + if (num > (ULONG_MAX - alignByteSize)) { + HDF_LOGE("num check the upper limit error"); + return HDF_FAILURE; + } return (num + alignByteSize - 1) & (~(alignByteSize - 1)); }