diff --git a/frameworks/ans/src/notification_conversational_content.cpp b/frameworks/ans/src/notification_conversational_content.cpp index f63c5300d34eff731e67f8e70cc973101e8e589c..f52a0babd2466bad7b6bae82de76f3bcb00466a5 100644 --- a/frameworks/ans/src/notification_conversational_content.cpp +++ b/frameworks/ans/src/notification_conversational_content.cpp @@ -14,6 +14,8 @@ */ #include "notification_conversational_content.h" + +#include "ans_const_define.h" #include "ans_log_wrapper.h" namespace OHOS { @@ -253,8 +255,11 @@ bool NotificationConversationalContent::ReadFromParcel(Parcel &parcel) return false; } messageUser_ = *pUser; + delete pUser; + pUser = nullptr; auto vsize = parcel.ReadUint64(); + vsize = (vsize < MAX_CONVERSATIONAL_NUM) ? vsize : MAX_CONVERSATIONAL_NUM; for (uint64_t it = 0; it < vsize; ++it) { auto valid = parcel.ReadBool(); if (!valid) { diff --git a/frameworks/ans/src/notification_conversational_message.cpp b/frameworks/ans/src/notification_conversational_message.cpp index b439abab97edb9e73cf622a69c8bfc916f075c6d..16b787d62016a9c3736b16b4562c0365b7a672e7 100644 --- a/frameworks/ans/src/notification_conversational_message.cpp +++ b/frameworks/ans/src/notification_conversational_message.cpp @@ -200,6 +200,8 @@ bool NotificationConversationalMessage::ReadFromParcel(Parcel &parcel) return false; } sender_ = *pUser; + delete pUser; + pUser = nullptr; auto valid = parcel.ReadBool(); if (valid) { diff --git a/frameworks/ans/src/notification_request.cpp b/frameworks/ans/src/notification_request.cpp index c046ff2af3dd4d8668b30a3084dce765c4429616..2dd3bedf807dedc740eb8494f1f4a93743ae24ef 100644 --- a/frameworks/ans/src/notification_request.cpp +++ b/frameworks/ans/src/notification_request.cpp @@ -44,6 +44,7 @@ const uint32_t NotificationRequest::COLOR_DEFAULT {0}; const uint32_t NotificationRequest::COLOR_MASK {0xFF000000}; const std::size_t NotificationRequest::MAX_USER_INPUT_HISTORY {5}; const std::size_t NotificationRequest::MAX_ACTION_BUTTONS {3}; +const std::size_t NotificationRequest::MAX_MESSAGE_USERS {1000}; NotificationRequest::NotificationRequest(int32_t notificationId) : notificationId_(notificationId) { @@ -1357,6 +1358,7 @@ bool NotificationRequest::ReadFromParcel(Parcel &parcel) } auto vsize = parcel.ReadUint64(); + vsize = (vsize < NotificationRequest::MAX_ACTION_BUTTONS) ? vsize : NotificationRequest::MAX_ACTION_BUTTONS; for (uint64_t it = 0; it < vsize; ++it) { auto member = parcel.ReadParcelable(); if (member == nullptr) { @@ -1368,6 +1370,7 @@ bool NotificationRequest::ReadFromParcel(Parcel &parcel) } vsize = parcel.ReadUint64(); + vsize = (vsize < NotificationRequest::MAX_MESSAGE_USERS) ? vsize : NotificationRequest::MAX_MESSAGE_USERS; for (uint64_t it = 0; it < vsize; ++it) { auto member = parcel.ReadParcelable(); if (member == nullptr) { @@ -1389,6 +1392,8 @@ bool NotificationRequest::ReadFromParcel(Parcel &parcel) return false; } distributedOptions_ = *pOpt; + delete pOpt; + pOpt = nullptr; valid = parcel.ReadBool(); if (valid) { diff --git a/frameworks/ans/src/notification_sorting_map.cpp b/frameworks/ans/src/notification_sorting_map.cpp index 1263637ca33c0023a2a478ce02ae3ba2558afbc7..919c88a8cfbc1d512383450de848f81ef650a4fd 100644 --- a/frameworks/ans/src/notification_sorting_map.cpp +++ b/frameworks/ans/src/notification_sorting_map.cpp @@ -99,6 +99,8 @@ NotificationSortingMap *NotificationSortingMap::Unmarshalling(Parcel &parcel) if (sorting != nullptr) { sortings.push_back(*sorting); } + delete sorting; + sorting = nullptr; } NotificationSortingMap *sortingMap = new (std::nothrow) NotificationSortingMap(sortings); diff --git a/frameworks/ans/src/notification_user_input.cpp b/frameworks/ans/src/notification_user_input.cpp index 84d928dd73fad84f20cf994413462f92ed12337b..67b358e7cca8bade50ffbdd9638e300d0929053a 100644 --- a/frameworks/ans/src/notification_user_input.cpp +++ b/frameworks/ans/src/notification_user_input.cpp @@ -15,6 +15,7 @@ #include "notification_user_input.h" +#include "ans_const_define.h" #include "ans_log_wrapper.h" #include "want_params_wrapper.h" @@ -393,6 +394,7 @@ bool NotificationUserInput::ReadFromParcel(Parcel &parcel) } auto ssize = parcel.ReadUint64(); + ssize = (ssize < MAX_PERMIT_MIME_TYPE_NUM) ? ssize : MAX_PERMIT_MIME_TYPE_NUM; for (uint64_t it = 0; it < ssize; ++it) { std::string member {}; if (!parcel.ReadString(member)) { diff --git a/frameworks/ans/src/reminder_request.cpp b/frameworks/ans/src/reminder_request.cpp index 04f1034ff7493458296ae642c95a86b96a1080b7..0f7dced3314f3b084766869c6e821e52c1a3fb6b 100644 --- a/frameworks/ans/src/reminder_request.cpp +++ b/frameworks/ans/src/reminder_request.cpp @@ -15,6 +15,7 @@ #include "reminder_request.h" +#include "ans_const_define.h" #include "ans_log_wrapper.h" #include "bundle_mgr_interface.h" #include "if_system_ability_manager.h" @@ -1094,6 +1095,8 @@ bool ReminderRequest::ReadFromParcel(Parcel &parcel) ANSR_LOGE("Failed to read buttonMapSize"); return false; } + + buttonMapSize = (buttonMapSize < MAX_ACTION_BUTTON_NUM) ? buttonMapSize : MAX_ACTION_BUTTON_NUM; for (uint64_t i = 0; i < buttonMapSize; i++) { uint8_t buttonType = static_cast(ActionButtonType::INVALID); if (!parcel.ReadUint8(buttonType)) { diff --git a/frameworks/core/common/include/ans_const_define.h b/frameworks/core/common/include/ans_const_define.h index bfd0d5309e4adb66365dce922249d664c49a4bdf..bfb99410fff7afa24202433870b7545c0f3017ef 100644 --- a/frameworks/core/common/include/ans_const_define.h +++ b/frameworks/core/common/include/ans_const_define.h @@ -33,6 +33,11 @@ constexpr uint32_t MAX_ICON_SIZE = 50 * 1024; constexpr uint32_t MAX_PICTURE_SIZE = 2 * 1024 * 1024; constexpr bool SUPPORT_DO_NOT_DISTRUB = true; constexpr uint32_t SYSTEM_SERVICE_UID = 1000; +constexpr uint32_t MAX_CONVERSATIONAL_NUM = 10000; +constexpr uint32_t MAX_PERMIT_MIME_TYPE_NUM = 10000; +constexpr uint32_t MAX_ACTION_BUTTON_NUM = 3; +constexpr uint32_t MAX_PARCELABLE_VECTOR_NUM = 10000; + constexpr int32_t SUBSCRIBE_USER_INIT = -1; constexpr int32_t SUBSCRIBE_USER_ALL = -2; diff --git a/frameworks/core/src/ans_manager_proxy.cpp b/frameworks/core/src/ans_manager_proxy.cpp index f2541675563fddca0ff1b103643aa80fdcae9718..a0cc314da5c738d60f065e1419220e8bc9df8f13 100644 --- a/frameworks/core/src/ans_manager_proxy.cpp +++ b/frameworks/core/src/ans_manager_proxy.cpp @@ -2245,6 +2245,7 @@ bool AnsManagerProxy::ReadParcelableVector(std::vector> &parcelableInfos } parcelableInfos.clear(); + infoSize = (infoSize < MAX_PARCELABLE_VECTOR_NUM) ? infoSize : MAX_PARCELABLE_VECTOR_NUM; for (int32_t index = 0; index < infoSize; index++) { sptr info = reply.ReadStrongParcelable(); if (info == nullptr) { diff --git a/frameworks/core/src/ans_manager_stub.cpp b/frameworks/core/src/ans_manager_stub.cpp index b660dab928de4dce96f68e9ea767fb4bc8ce4031..7dd543ed63aec27c6df3152599f69f29ec4ce369 100644 --- a/frameworks/core/src/ans_manager_stub.cpp +++ b/frameworks/core/src/ans_manager_stub.cpp @@ -1547,6 +1547,7 @@ bool AnsManagerStub::ReadParcelableVector(std::vector> &parcelableInfos, } parcelableInfos.clear(); + infoSize = (infoSize < MAX_PARCELABLE_VECTOR_NUM) ? infoSize : MAX_PARCELABLE_VECTOR_NUM; for (int32_t index = 0; index < infoSize; index++) { sptr info = data.ReadStrongParcelable(); if (info == nullptr) { diff --git a/interfaces/inner_api/notification_request.h b/interfaces/inner_api/notification_request.h index 0124bda67858d8dc3d9bed5c5be1b215c4c91fd8..853dd3a8f2a7a5b4a54528d98560c40029b6911d 100644 --- a/interfaces/inner_api/notification_request.h +++ b/interfaces/inner_api/notification_request.h @@ -1085,6 +1085,11 @@ private: */ static const std::size_t MAX_ACTION_BUTTONS; + /** + * the maximum number of message users is 1000. + */ + static const std::size_t MAX_MESSAGE_USERS; + private: /** * @brief Read a NotificationRequest object from a Parcel.