From 9464af395b5af107bfab3872f2be5f34912fb2aa Mon Sep 17 00:00:00 2001 From: Shunqian Zheng Date: Tue, 28 Apr 2020 11:27:14 +0800 Subject: [PATCH] [misc]: Terminate soc_name to fix out of bounds 1. Terminate soc_name string to fix memory out of bounds 2. Fix all snprintf/strnlen warning Change-Id: I4525c6e289a00d1509bc30ee69545d92f2f4b9cb Signed-off-by: Shunqian Zheng --- mpp/base/mpp_buffer_impl.cpp | 2 +- osal/allocator/allocator_ion.c | 4 +++- osal/mpp_platform.cpp | 5 +++-- osal/mpp_time.cpp | 5 +++-- utils/mpi_enc_utils.c | 4 ++-- 5 files changed, 12 insertions(+), 8 deletions(-) diff --git a/mpp/base/mpp_buffer_impl.cpp b/mpp/base/mpp_buffer_impl.cpp index 39d8c8b0..d8b4f017 100644 --- a/mpp/base/mpp_buffer_impl.cpp +++ b/mpp/base/mpp_buffer_impl.cpp @@ -585,7 +585,7 @@ MppBufferGroupImpl *mpp_buffer_get_misc_group(MppBufferMode mode, MppBufferType AutoMutex auto_lock(MppBufferService::get_lock()); MppBufferGroupImpl *misc = MppBufferService::get_instance()->get_misc(mode, type); if (NULL == misc) { - char tag[16]; + char tag[32]; RK_S32 offset = 0; offset += snprintf(tag + offset, sizeof(tag) - offset, "misc"); diff --git a/osal/allocator/allocator_ion.c b/osal/allocator/allocator_ion.c index 1dc056d7..e5afae8c 100755 --- a/osal/allocator/allocator_ion.c +++ b/osal/allocator/allocator_ion.c @@ -206,13 +206,15 @@ static RK_S32 find_dir_in_path(char *path, const char *dir_name, return new_path_len; } +#define MAX_PATH_NAME_SIZE 256 + static RK_S32 check_sysfs_iommu() { RK_U32 i = 0; RK_U32 dts_info_found = 0; RK_U32 ion_info_found = 0; RK_S32 ret = ION_DETECT_IOMMU_DISABLE; - char path[256]; + char path[MAX_PATH_NAME_SIZE]; static char *dts_devices[] = { "vpu_service", "hevc_service", diff --git a/osal/mpp_platform.cpp b/osal/mpp_platform.cpp index 6b84a5d0..6bbba7a0 100644 --- a/osal/mpp_platform.cpp +++ b/osal/mpp_platform.cpp @@ -23,7 +23,7 @@ #include "mpp_common.h" #include "mpp_platform.h" -#define MAX_SOC_NAME_LENGTH 64 +#define MAX_SOC_NAME_LENGTH 128 class MppPlatformService; @@ -195,9 +195,10 @@ MppPlatformService::MppPlatformService() snprintf(soc_name, MAX_SOC_NAME_LENGTH, "unknown"); soc_name_len = read(fd, soc_name, MAX_SOC_NAME_LENGTH - 1); if (soc_name_len > 0) { + soc_name[soc_name_len] = '\0'; /* replacing the termination character to space */ for (char *ptr = soc_name;; ptr = soc_name) { - ptr += strnlen (soc_name, MAX_SOC_NAME_LENGTH); + ptr += strnlen(soc_name, MAX_SOC_NAME_LENGTH); if (ptr >= soc_name + soc_name_len - 1) break; *ptr = ' '; diff --git a/osal/mpp_time.cpp b/osal/mpp_time.cpp index a61c5224..92945a97 100644 --- a/osal/mpp_time.cpp +++ b/osal/mpp_time.cpp @@ -264,7 +264,8 @@ static void *mpp_timer_thread(void *ctx) if (fd_cnt && (events.events & EPOLLIN) && (events.data.fd == timer_fd)) { RK_U64 exp = 0; - read(timer_fd, &exp, sizeof(exp)); + ssize_t cnt = read(timer_fd, &exp, sizeof(exp)); + mpp_assert(cnt == sizeof(exp)); impl->func(impl->ctx); } } @@ -308,7 +309,7 @@ MppTimer mpp_timer_get(const char *name) impl->initial = 1000; impl->interval = 1000; impl->check = timer_name; - snprintf(impl->name, sizeof(impl->name) - 1, name, NULL); + snprintf(impl->name, sizeof(impl->name), name, NULL); return impl; } while (0); diff --git a/utils/mpi_enc_utils.c b/utils/mpi_enc_utils.c index 3c28d30d..5b9ea66f 100644 --- a/utils/mpi_enc_utils.c +++ b/utils/mpi_enc_utils.c @@ -68,7 +68,7 @@ MPP_RET mpi_enc_test_cmd_update_by_args(MpiEncTestArgs* cmd, int argc, char **ar size_t len = strnlen(next, MAX_FILE_NAME_LENGTH); if (len) { cmd->file_input = mpp_calloc(char, len + 1); - strncpy(cmd->file_input, next, len); + strcpy(cmd->file_input, next); name_to_frame_format(cmd->file_input, &cmd->format); } } else { @@ -81,7 +81,7 @@ MPP_RET mpi_enc_test_cmd_update_by_args(MpiEncTestArgs* cmd, int argc, char **ar size_t len = strnlen(next, MAX_FILE_NAME_LENGTH); if (len) { cmd->file_output = mpp_calloc(char, len + 1); - strncpy(cmd->file_output, next, len); + strcpy(cmd->file_output, next); name_to_coding_type(cmd->file_output, &cmd->type); } } else {