diff --git a/services/sensor/src/sensor_dump.cpp b/services/sensor/src/sensor_dump.cpp index fbc9b7c5b89a7e9eeb8284420c48f6856a08df5f..c115e7e95711febd0bab5216a3f725570a0431e4 100644 --- a/services/sensor/src/sensor_dump.cpp +++ b/services/sensor/src/sensor_dump.cpp @@ -108,9 +108,17 @@ void SensorDump::ParseCommand(int32_t fd, const std::vector &args, }; char **argv = new (std::nothrow) char *[args.size()]; CHKPV(argv); + if (memset_s(argv, args.size() * sizeof(char *), 0, args.size() * sizeof(char *)) != EOK) { + SEN_HILOGE("Call memset_s failed"); + delete[] argv; + return; + } for (size_t i = 0; i < args.size(); ++i) { argv[i] = new (std::nothrow) char[args[i].size() + 1]; - CHKPV(argv[i]); + if (argv[i] == nullptr) { + SEN_HILOGE("alloc failure"); + goto RELEASE_RES; + } if (strcpy_s(argv[i], args[i].size() + 1, args[i].c_str()) != EOK) { SEN_HILOGE("strcpy_s error"); goto RELEASE_RES; diff --git a/services/sensor/src/sensor_service.cpp b/services/sensor/src/sensor_service.cpp index d668b21e32262f0fcfc96f48899a139f93b07b50..cc6a103be8b07296051c4cddbf440f22460fefc5 100644 --- a/services/sensor/src/sensor_service.cpp +++ b/services/sensor/src/sensor_service.cpp @@ -38,6 +38,7 @@ constexpr HiLogLabel LABEL = { LOG_CORE, SENSOR_LOG_DOMAIN, "SensorService" }; constexpr uint32_t INVALID_SENSOR_ID = -1; constexpr int32_t INVALID_PID = -1; constexpr int64_t MAX_EVENT_COUNT = 1000; +constexpr int32_t MAX_DUMP_PARAMETERS = 32; enum { FLUSH = 0, SET_MODE, @@ -425,8 +426,8 @@ void SensorService::UnregisterClientDeathRecipient(sptr sensorCli int32_t SensorService::Dump(int32_t fd, const std::vector &args) { CALL_LOG_ENTER; - if (fd < 0) { - SEN_HILOGE("fd is invalid"); + if (fd < 0 || args.size() > MAX_DUMP_PARAMETERS) { + SEN_HILOGE("fd is invalid or wrong number of parameters"); return DUMP_PARAM_ERR; } SensorDump &sensorDump = SensorDump::GetInstance();