From da8a55aa1a194ce09c05a95b6a598e4a9713f963 Mon Sep 17 00:00:00 2001 From: linan24 Date: Wed, 6 Aug 2025 10:15:00 +0800 Subject: [PATCH] fix sandbox double free coredump Signed-off-by: linan24 --- interfaces/common/include/sandbox_helper.h | 3 -- interfaces/common/src/sandbox_helper.cpp | 31 +++++++++---------- ...getincrementallocalcapabilities_fuzzer.cpp | 1 - 3 files changed, 14 insertions(+), 21 deletions(-) diff --git a/interfaces/common/include/sandbox_helper.h b/interfaces/common/include/sandbox_helper.h index ce5fcefd6..e650cf4d6 100644 --- a/interfaces/common/include/sandbox_helper.h +++ b/interfaces/common/include/sandbox_helper.h @@ -25,8 +25,6 @@ namespace AppFileService { class SandboxHelper { private: static std::mutex mapMutex_; - static std::unordered_map sandboxPathMap_; - static std::unordered_map backupSandboxPathMap_; static bool GetSandboxPathMap(); static bool GetBackupSandboxPathMap(); static void* libMediaHandle_; @@ -44,7 +42,6 @@ public: static void GetNetworkIdFromUri(const std::string &fileUri, std::string &networkId); static std::string GetLowerDir(std::string &lowerPathHead, const std::string &userId, const std::string &bundleName, const std::string &networkId); - static void ClearBackupSandboxPathMap(); }; } // namespace AppFileService } // namespace OHOS diff --git a/interfaces/common/src/sandbox_helper.cpp b/interfaces/common/src/sandbox_helper.cpp index 0536ab7fd..d0a2e6f55 100644 --- a/interfaces/common/src/sandbox_helper.cpp +++ b/interfaces/common/src/sandbox_helper.cpp @@ -58,6 +58,11 @@ namespace { const std::string AMPERSAND = "&"; } +namespace { + std::unordered_map g_sandboxPathMap; + std::unordered_map g_backupSandboxPathMap; +} + struct MediaUriInfo { string mediaType; string fileId; @@ -65,8 +70,6 @@ struct MediaUriInfo { string displayName; }; -std::unordered_map SandboxHelper::sandboxPathMap_; -std::unordered_map SandboxHelper::backupSandboxPathMap_; std::mutex SandboxHelper::mapMutex_; void* SandboxHelper::libMediaHandle_; @@ -158,7 +161,7 @@ string SandboxHelper::GetLowerDir(string &lowerPathHead, const string &userId, c bool SandboxHelper::GetSandboxPathMap() { lock_guard lock(mapMutex_); - if (sandboxPathMap_.size() > 0) { + if (g_sandboxPathMap.size() > 0) { return true; } @@ -178,10 +181,10 @@ bool SandboxHelper::GetSandboxPathMap() for (size_t i = 0; i < mountPathMap.size(); i++) { string srcPath = mountPathMap[i][PHYSICAL_PATH_KEY]; string sandboxPath = mountPathMap[i][SANDBOX_PATH_KEY]; - sandboxPathMap_[sandboxPath] = srcPath; + g_sandboxPathMap[sandboxPath] = srcPath; } - if (sandboxPathMap_.size() == 0) { + if (g_sandboxPathMap.size() == 0) { return false; } @@ -191,7 +194,7 @@ bool SandboxHelper::GetSandboxPathMap() bool SandboxHelper::GetBackupSandboxPathMap() { lock_guard lock(mapMutex_); - if (backupSandboxPathMap_.size() > 0) { + if (g_backupSandboxPathMap.size() > 0) { return true; } @@ -211,10 +214,10 @@ bool SandboxHelper::GetBackupSandboxPathMap() for (size_t i = 0; i < mountPathMap.size(); i++) { string srcPath = mountPathMap[i][PHYSICAL_PATH_KEY]; string sandboxPath = mountPathMap[i][SANDBOX_PATH_KEY]; - backupSandboxPathMap_[sandboxPath] = srcPath; + g_backupSandboxPathMap[sandboxPath] = srcPath; } - if (backupSandboxPathMap_.size() == 0) { + if (g_backupSandboxPathMap.size() == 0) { return false; } @@ -419,7 +422,7 @@ int32_t SandboxHelper::GetPhysicalDir(const std::string &fileUri, const std::str string lowerPathTail = ""; string lowerPathHead = ""; - DoGetPhysicalPath(lowerPathTail, lowerPathHead, sandboxPath, sandboxPathMap_); + DoGetPhysicalPath(lowerPathTail, lowerPathHead, sandboxPath, g_sandboxPathMap); if (lowerPathHead == "") { LOGE("lowerPathHead is invalid"); @@ -459,7 +462,7 @@ int32_t SandboxHelper::GetPhysicalPath(const std::string &fileUri, const std::st string lowerPathTail = ""; string lowerPathHead = ""; - DoGetPhysicalPath(lowerPathTail, lowerPathHead, sandboxPath, sandboxPathMap_); + DoGetPhysicalPath(lowerPathTail, lowerPathHead, sandboxPath, g_sandboxPathMap); if (lowerPathHead == "") { LOGE("lowerPathHead is invalid"); @@ -499,7 +502,7 @@ int32_t SandboxHelper::GetBackupPhysicalPath(const std::string &fileUri, const s string lowerPathTail = ""; string lowerPathHead = ""; - DoGetPhysicalPath(lowerPathTail, lowerPathHead, sandboxPath, backupSandboxPathMap_); + DoGetPhysicalPath(lowerPathTail, lowerPathHead, sandboxPath, g_backupSandboxPathMap); if (lowerPathHead == "") { LOGE("lowerPathHead is invalid"); @@ -552,12 +555,6 @@ bool SandboxHelper::CheckValidPath(const std::string &filePath) return true; } - -void SandboxHelper::ClearBackupSandboxPathMap() -{ - lock_guard lock(mapMutex_); - backupSandboxPathMap_.clear(); -} } // namespace AppFileService } // namespace OHOS diff --git a/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/backupsagetincrementallocalcapabilities_fuzzer.cpp b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/backupsagetincrementallocalcapabilities_fuzzer.cpp index 226d8255b..315619cee 100644 --- a/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/backupsagetincrementallocalcapabilities_fuzzer.cpp +++ b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/backupsagetincrementallocalcapabilities_fuzzer.cpp @@ -325,7 +325,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) OHOS::CheckIfDirForIncludesFuzzTest(data, size); OHOS::GetPathWildCardFuzzTest(data, size); OHOS::CmdCheckOverLongPath(data, size); - OHOS::AppFileService::SandboxHelper::ClearBackupSandboxPathMap(); } catch (OHOS::FileManagement::Backup::BError &err) { HILOGE("BackupSaFuzzTest error"); } catch (...) { -- Gitee