Skip to content

Commit 4b38205

Browse files
xujuntwt95329xujuntwt95329
authored
Fix some issues reported by klocwork (#1233)
Change memcpy to bh_memcpy_s and add some asserts to enhance the security.
1 parent 188d5e7 commit 4b38205

File tree

6 files changed

+38
-22
lines changed

6 files changed

+38
-22
lines changed

core/iwasm/aot/aot_loader.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -152,7 +152,7 @@ GET_U64_FROM_ADDR(uint32 *addr)
152152
#define read_byte_array(p, p_end, addr, len) \
153153
do { \
154154
CHECK_BUF(p, p_end, len); \
155-
memcpy(addr, p, len); \
155+
bh_memcpy_s(addr, len, p, len); \
156156
p += len; \
157157
} while (0)
158158

@@ -1847,7 +1847,7 @@ do_text_relocation(AOTModule *module, AOTRelocationGroup *group,
18471847
return false;
18481848
}
18491849
}
1850-
memcpy(symbol, relocation->symbol_name, symbol_len);
1850+
bh_memcpy_s(symbol, symbol_len, relocation->symbol_name, symbol_len);
18511851
symbol[symbol_len] = '\0';
18521852

18531853
if (!strncmp(symbol, AOT_FUNC_PREFIX, strlen(AOT_FUNC_PREFIX))) {

core/iwasm/common/wasm_application.c

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -485,7 +485,7 @@ execute_func(WASMModuleInstanceCommon *module_inst, const char *name,
485485
u.ieee.ieee_little_endian.negative = 1;
486486
else
487487
u.ieee.ieee_big_endian.negative = 1;
488-
memcpy(&f32, &u.f, sizeof(float));
488+
bh_memcpy_s(&f32, sizeof(float), &u.f, sizeof(float));
489489
}
490490
if (endptr[0] == ':') {
491491
uint32 sig;
@@ -496,10 +496,11 @@ execute_func(WASMModuleInstanceCommon *module_inst, const char *name,
496496
u.ieee.ieee_little_endian.mantissa = sig;
497497
else
498498
u.ieee.ieee_big_endian.mantissa = sig;
499-
memcpy(&f32, &u.f, sizeof(float));
499+
bh_memcpy_s(&f32, sizeof(float), &u.f, sizeof(float));
500500
}
501501
}
502-
memcpy(&argv1[p++], &f32, sizeof(float));
502+
bh_memcpy_s(&argv1[p], total_size - p, &f32, sizeof(float));
503+
p++;
503504
break;
504505
}
505506
case VALUE_TYPE_F64:
@@ -517,7 +518,8 @@ execute_func(WASMModuleInstanceCommon *module_inst, const char *name,
517518
ud.ieee.ieee_little_endian.negative = 1;
518519
else
519520
ud.ieee.ieee_big_endian.negative = 1;
520-
memcpy(&u.val, &ud.d, sizeof(double));
521+
bh_memcpy_s(&u.val, sizeof(double), &ud.d,
522+
sizeof(double));
521523
}
522524
if (endptr[0] == ':') {
523525
uint64 sig;
@@ -532,7 +534,8 @@ execute_func(WASMModuleInstanceCommon *module_inst, const char *name,
532534
ud.ieee.ieee_big_endian.mantissa0 = sig >> 32;
533535
ud.ieee.ieee_big_endian.mantissa1 = (uint32)sig;
534536
}
535-
memcpy(&u.val, &ud.d, sizeof(double));
537+
bh_memcpy_s(&u.val, sizeof(double), &ud.d,
538+
sizeof(double));
536539
}
537540
}
538541
argv1[p++] = u.parts[0];

core/iwasm/common/wasm_runtime_common.c

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1245,6 +1245,8 @@ wasm_func_get_param_count(WASMFunctionInstanceCommon *const func_inst,
12451245
{
12461246
WASMType *type =
12471247
wasm_runtime_get_function_type(func_inst, module_inst->module_type);
1248+
bh_assert(type);
1249+
12481250
return type->param_count;
12491251
}
12501252

@@ -1254,6 +1256,8 @@ wasm_func_get_result_count(WASMFunctionInstanceCommon *const func_inst,
12541256
{
12551257
WASMType *type =
12561258
wasm_runtime_get_function_type(func_inst, module_inst->module_type);
1259+
bh_assert(type);
1260+
12571261
return type->result_count;
12581262
}
12591263

@@ -1288,6 +1292,8 @@ wasm_func_get_param_types(WASMFunctionInstanceCommon *const func_inst,
12881292
wasm_runtime_get_function_type(func_inst, module_inst->module_type);
12891293
uint32 i;
12901294

1295+
bh_assert(type);
1296+
12911297
for (i = 0; i < type->param_count; i++) {
12921298
param_types[i] = val_type_to_val_kind(type->types[i]);
12931299
}
@@ -1302,6 +1308,8 @@ wasm_func_get_result_types(WASMFunctionInstanceCommon *const func_inst,
13021308
wasm_runtime_get_function_type(func_inst, module_inst->module_type);
13031309
uint32 i;
13041310

1311+
bh_assert(type);
1312+
13051313
for (i = 0; i < type->result_count; i++) {
13061314
result_types[i] =
13071315
val_type_to_val_kind(type->types[type->param_count + i]);

core/iwasm/libraries/debug-engine/handler.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -374,6 +374,8 @@ send_thread_stop_status(WASMGDBServer *server, uint32 status, korp_tid tid)
374374

375375
exec_env = wasm_debug_instance_get_current_env(
376376
(WASMDebugInstance *)server->thread->debug_instance);
377+
bh_assert(exec_env);
378+
377379
exception =
378380
wasm_runtime_get_exception(wasm_runtime_get_module_inst(exec_env));
379381
if (exception) {

core/shared/platform/common/math/math.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1091,7 +1091,7 @@ static float
10911091
freebsd_fminf(float x, float y)
10921092
{
10931093
if (is_little_endian()) {
1094-
IEEEf2bits_L u[2];
1094+
IEEEf2bits_L u[2] = { 0 };
10951095

10961096
u[0].f = x;
10971097
u[1].f = y;
@@ -1107,7 +1107,7 @@ freebsd_fminf(float x, float y)
11071107
return (u[u[1].bits.sign].f);
11081108
}
11091109
else {
1110-
IEEEf2bits_B u[2];
1110+
IEEEf2bits_B u[2] = { 0 };
11111111

11121112
u[0].f = x;
11131113
u[1].f = y;
@@ -1130,7 +1130,7 @@ static float
11301130
freebsd_fmaxf(float x, float y)
11311131
{
11321132
if (is_little_endian()) {
1133-
IEEEf2bits_L u[2];
1133+
IEEEf2bits_L u[2] = { 0 };
11341134

11351135
u[0].f = x;
11361136
u[1].f = y;
@@ -1146,7 +1146,7 @@ freebsd_fmaxf(float x, float y)
11461146
return (u[u[0].bits.sign].f);
11471147
}
11481148
else {
1149-
IEEEf2bits_B u[2];
1149+
IEEEf2bits_B u[2] = { 0 };
11501150

11511151
u[0].f = x;
11521152
u[1].f = y;

core/shared/utils/bh_vector.c

Lines changed: 14 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,8 @@ extend_vector(Vector *vector, size_t length)
4242
return false;
4343
}
4444

45-
memcpy(data, vector->data, vector->size_elem * vector->max_elems);
45+
bh_memcpy_s(data, vector->size_elem * length, vector->data,
46+
vector->size_elem * vector->max_elems);
4647
BH_FREE(vector->data);
4748

4849
vector->data = data;
@@ -109,8 +110,8 @@ bh_vector_set(Vector *vector, uint32 index, const void *elem_buf)
109110

110111
if (vector->lock)
111112
os_mutex_lock(vector->lock);
112-
memcpy(vector->data + vector->size_elem * index, elem_buf,
113-
vector->size_elem);
113+
bh_memcpy_s(vector->data + vector->size_elem * index, vector->size_elem,
114+
elem_buf, vector->size_elem);
114115
if (vector->lock)
115116
os_mutex_unlock(vector->lock);
116117
return true;
@@ -131,8 +132,8 @@ bh_vector_get(Vector *vector, uint32 index, void *elem_buf)
131132

132133
if (vector->lock)
133134
os_mutex_lock(vector->lock);
134-
memcpy(elem_buf, vector->data + vector->size_elem * index,
135-
vector->size_elem);
135+
bh_memcpy_s(elem_buf, vector->size_elem,
136+
vector->data + vector->size_elem * index, vector->size_elem);
136137
if (vector->lock)
137138
os_mutex_unlock(vector->lock);
138139
return true;
@@ -165,11 +166,12 @@ bh_vector_insert(Vector *vector, uint32 index, const void *elem_buf)
165166

166167
p = vector->data + vector->size_elem * vector->num_elems;
167168
for (i = vector->num_elems - 1; i > index; i--) {
168-
memcpy(p, p - vector->size_elem, vector->size_elem);
169+
bh_memcpy_s(p, vector->size_elem, p - vector->size_elem,
170+
vector->size_elem);
169171
p -= vector->size_elem;
170172
}
171173

172-
memcpy(p, elem_buf, vector->size_elem);
174+
bh_memcpy_s(p, vector->size_elem, elem_buf, vector->size_elem);
173175
vector->num_elems++;
174176
ret = true;
175177

@@ -199,8 +201,8 @@ bh_vector_append(Vector *vector, const void *elem_buf)
199201
goto unlock_return;
200202
}
201203

202-
memcpy(vector->data + vector->size_elem * vector->num_elems, elem_buf,
203-
vector->size_elem);
204+
bh_memcpy_s(vector->data + vector->size_elem * vector->num_elems,
205+
vector->size_elem, elem_buf, vector->size_elem);
204206
vector->num_elems++;
205207
ret = true;
206208

@@ -232,11 +234,12 @@ bh_vector_remove(Vector *vector, uint32 index, void *old_elem_buf)
232234
p = vector->data + vector->size_elem * index;
233235

234236
if (old_elem_buf) {
235-
memcpy(old_elem_buf, p, vector->size_elem);
237+
bh_memcpy_s(old_elem_buf, vector->size_elem, p, vector->size_elem);
236238
}
237239

238240
for (i = index; i < vector->num_elems - 1; i++) {
239-
memcpy(p, p + vector->size_elem, vector->size_elem);
241+
bh_memcpy_s(p, vector->size_elem, p + vector->size_elem,
242+
vector->size_elem);
240243
p += vector->size_elem;
241244
}
242245

0 commit comments

Comments
 (0)