From ab9e562436e936443a936baf5bf47efdd4533536 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E5=8F=8B=E6=9D=BE?= Date: Mon, 17 Mar 2025 16:25:02 +0800 Subject: [PATCH] =?UTF-8?q?cfi=20=E5=BC=80=E5=85=B3=E6=89=93=E5=BC=80=20Si?= =?UTF-8?q?gned-off-by:=20=E9=82=B9=E5=8F=8B=E6=9D=BE=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- services/engine/BUILD.gn | 4 ++++ services/engine/cfi_blocklist.txt | 15 +++++++++++++++ .../firmware/check/include/firmware_icheck.h | 17 ++++++++++++----- 3 files changed, 31 insertions(+), 5 deletions(-) create mode 100644 services/engine/cfi_blocklist.txt diff --git a/services/engine/BUILD.gn b/services/engine/BUILD.gn index e4569252..c3ae8190 100644 --- a/services/engine/BUILD.gn +++ b/services/engine/BUILD.gn @@ -35,6 +35,10 @@ ohos_prebuilt_etc("updater_sa.cfg") { ohos_shared_library("$updateengine_library_name") { sanitize = { boundary_sanitize = true + cfi = true + cfi_cross_dso = true + debug = false + blocklist = "./cfi_blocklist.txt" } shlib_type = "sa" include_dirs = sa_include_dirs diff --git a/services/engine/cfi_blocklist.txt b/services/engine/cfi_blocklist.txt new file mode 100644 index 00000000..a4a141cc --- /dev/null +++ b/services/engine/cfi_blocklist.txt @@ -0,0 +1,15 @@ +# Copyright (C) 2022-2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +[cfi] +src:*/commonlibrary/c_utils/base/include/refbase.h diff --git a/services/firmware/check/include/firmware_icheck.h b/services/firmware/check/include/firmware_icheck.h index 98b547b1..706521fc 100644 --- a/services/firmware/check/include/firmware_icheck.h +++ b/services/firmware/check/include/firmware_icheck.h @@ -122,15 +122,22 @@ private: { response.content.assign(buffer.begin(), buffer.end()); response.status = static_cast(HttpConstant::SUCCESS); - cJSONPtr root(cJSON_Parse(buffer.data()), cJSON_Delete); - ENGINE_CHECK(root != nullptr, return -1, "Error get root"); - cJSON *item = cJSON_GetObjectItem(root.get(), "searchStatus"); - ENGINE_CHECK(item != nullptr, return -1, "Error get searchStatus"); + cJSON *root = cJSON_Parse(buffer.data()); + ENGINE_CHECK(root != nullptr, + cJSON_Delete(root); + return -1, "Error get root"); + cJSON *item = cJSON_GetObjectItem(root, "searchStatus"); + ENGINE_CHECK(item != nullptr, + cJSON_Delete(root); + return -1, "Error get searchStatus"); if (!cJSON_IsNumber(item)) { FIRMWARE_LOGE("Error json parse"); + cJSON_Delete(root); return -1; } - return CAST_INT(static_cast(item->valueint)); + int32_t ret = item->valueint; + cJSON_Delete(root); + return ret; } int32_t ReadDataFromSSL(int32_t engineSocket, NetworkResponse &response) -- Gitee