From 56ded75716ba0e6011e6205a82ebe74f365beb23 Mon Sep 17 00:00:00 2001 From: wuzhihuitmac Date: Thu, 28 Jul 2022 01:36:47 +0000 Subject: [PATCH 1/2] Add memset return value judgment Signed-off-by: wuzhihuitmac Change-Id: Id1768d89d1cdd8d0c6868051bf74b6e1ae829b30 --- services/sensor/src/sensor_dump.cpp | 9 ++++++++- services/sensor/src/sensor_service.cpp | 5 +++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/services/sensor/src/sensor_dump.cpp b/services/sensor/src/sensor_dump.cpp index fbc9b7c5..4a975499 100644 --- a/services/sensor/src/sensor_dump.cpp +++ b/services/sensor/src/sensor_dump.cpp @@ -108,9 +108,16 @@ void SensorDump::ParseCommand(int32_t fd, const std::vector &args, }; char **argv = new (std::nothrow) char *[args.size()]; CHKPV(argv); + if (memset_s(argv, args.size() * sizeof(char *), 0, args.size() * sizeof(char *)) != EOK) { + SEN_HILOGE("Call memset_s failed"); + return; + } for (size_t i = 0; i < args.size(); ++i) { argv[i] = new (std::nothrow) char[args[i].size() + 1]; - CHKPV(argv[i]); + if (argv[i] == nullptr) { + SEN_HILOGE("alloc failure"); + goto RELEASE_RES; + } if (strcpy_s(argv[i], args[i].size() + 1, args[i].c_str()) != EOK) { SEN_HILOGE("strcpy_s error"); goto RELEASE_RES; diff --git a/services/sensor/src/sensor_service.cpp b/services/sensor/src/sensor_service.cpp index d668b21e..cc6a103b 100644 --- a/services/sensor/src/sensor_service.cpp +++ b/services/sensor/src/sensor_service.cpp @@ -38,6 +38,7 @@ constexpr HiLogLabel LABEL = { LOG_CORE, SENSOR_LOG_DOMAIN, "SensorService" }; constexpr uint32_t INVALID_SENSOR_ID = -1; constexpr int32_t INVALID_PID = -1; constexpr int64_t MAX_EVENT_COUNT = 1000; +constexpr int32_t MAX_DUMP_PARAMETERS = 32; enum { FLUSH = 0, SET_MODE, @@ -425,8 +426,8 @@ void SensorService::UnregisterClientDeathRecipient(sptr sensorCli int32_t SensorService::Dump(int32_t fd, const std::vector &args) { CALL_LOG_ENTER; - if (fd < 0) { - SEN_HILOGE("fd is invalid"); + if (fd < 0 || args.size() > MAX_DUMP_PARAMETERS) { + SEN_HILOGE("fd is invalid or wrong number of parameters"); return DUMP_PARAM_ERR; } SensorDump &sensorDump = SensorDump::GetInstance(); -- Gitee From a70fd5b025670a15d8bac58970a6c16d36fe5e0b Mon Sep 17 00:00:00 2001 From: wuzhihuitmac Date: Thu, 28 Jul 2022 07:39:26 +0000 Subject: [PATCH 2/2] add source release Signed-off-by: wuzhihuitmac Change-Id: I8e1479f01170c26696c5d35da336ce0022f88a94 --- services/sensor/src/sensor_dump.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/services/sensor/src/sensor_dump.cpp b/services/sensor/src/sensor_dump.cpp index 4a975499..c115e7e9 100644 --- a/services/sensor/src/sensor_dump.cpp +++ b/services/sensor/src/sensor_dump.cpp @@ -110,6 +110,7 @@ void SensorDump::ParseCommand(int32_t fd, const std::vector &args, CHKPV(argv); if (memset_s(argv, args.size() * sizeof(char *), 0, args.size() * sizeof(char *)) != EOK) { SEN_HILOGE("Call memset_s failed"); + delete[] argv; return; } for (size_t i = 0; i < args.size(); ++i) { -- Gitee