gnh1201/wasm-micro-runtime
1
0
Fork 0
mirror of https://github.com/bytecodealliance/wasm-micro-runtime.git synced 2025-05-11 20:21:11 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Fix some issues reported by klocwork (#1233)

Browse Source 
Change memcpy to bh_memcpy_s and add some asserts to
enhance the security.
This commit is contained in:
Xu Jun 2022-06-16 19:50:47 +08:00 committed by GitHub
parent 188d5e70e9
commit 4b38205023
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 38 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/iwasm/aot/aot_loader.c
View File

@ -152,7 +152,7 @@ GET_U64_FROM_ADDR(uint32 *addr)
#define read_byte_array(p, p_end, addr, len) \
do { \
CHECK_BUF(p, p_end, len); \
memcpy(addr, p, len); \
bh_memcpy_s(addr, len, p, len); \
p += len; \
} while (0)
@ -1847,7 +1847,7 @@ do_text_relocation(AOTModule *module, AOTRelocationGroup *group,
return false;
}
}
memcpy(symbol, relocation->symbol_name, symbol_len);
bh_memcpy_s(symbol, symbol_len, relocation->symbol_name, symbol_len);
symbol[symbol_len] = '\0';
if (!strncmp(symbol, AOT_FUNC_PREFIX, strlen(AOT_FUNC_PREFIX))) {

13
core/iwasm/common/wasm_application.c
View File

@ -485,7 +485,7 @@ execute_func(WASMModuleInstanceCommon *module_inst, const char *name,
u.ieee.ieee_little_endian.negative = 1;
else
u.ieee.ieee_big_endian.negative = 1;
memcpy(&f32, &u.f, sizeof(float));
bh_memcpy_s(&f32, sizeof(float), &u.f, sizeof(float));
}
if (endptr[0] == ':') {
uint32 sig;
@ -496,10 +496,11 @@ execute_func(WASMModuleInstanceCommon *module_inst, const char *name,
u.ieee.ieee_little_endian.mantissa = sig;
else
u.ieee.ieee_big_endian.mantissa = sig;
memcpy(&f32, &u.f, sizeof(float));
bh_memcpy_s(&f32, sizeof(float), &u.f, sizeof(float));
}
}
memcpy(&argv1[p++], &f32, sizeof(float));
bh_memcpy_s(&argv1[p], total_size - p, &f32, sizeof(float));
p++;
break;
}
case VALUE_TYPE_F64:
@ -517,7 +518,8 @@ execute_func(WASMModuleInstanceCommon *module_inst, const char *name,
ud.ieee.ieee_little_endian.negative = 1;
else
ud.ieee.ieee_big_endian.negative = 1;
memcpy(&u.val, &ud.d, sizeof(double));
bh_memcpy_s(&u.val, sizeof(double), &ud.d,
sizeof(double));
}
if (endptr[0] == ':') {
uint64 sig;
@ -532,7 +534,8 @@ execute_func(WASMModuleInstanceCommon *module_inst, const char *name,
ud.ieee.ieee_big_endian.mantissa0 = sig >> 32;
ud.ieee.ieee_big_endian.mantissa1 = (uint32)sig;
}
memcpy(&u.val, &ud.d, sizeof(double));
bh_memcpy_s(&u.val, sizeof(double), &ud.d,
sizeof(double));
}
}
argv1[p++] = u.parts[0];

8
core/iwasm/common/wasm_runtime_common.c
View File

@ -1245,6 +1245,8 @@ wasm_func_get_param_count(WASMFunctionInstanceCommon *const func_inst,
{
WASMType *type =
wasm_runtime_get_function_type(func_inst, module_inst->module_type);
bh_assert(type);
return type->param_count;
}
@ -1254,6 +1256,8 @@ wasm_func_get_result_count(WASMFunctionInstanceCommon *const func_inst,
{
WASMType *type =
wasm_runtime_get_function_type(func_inst, module_inst->module_type);
bh_assert(type);
return type->result_count;
}
@ -1288,6 +1292,8 @@ wasm_func_get_param_types(WASMFunctionInstanceCommon *const func_inst,
wasm_runtime_get_function_type(func_inst, module_inst->module_type);
uint32 i;
bh_assert(type);
for (i = 0; i < type->param_count; i++) {
param_types[i] = val_type_to_val_kind(type->types[i]);
}
@ -1302,6 +1308,8 @@ wasm_func_get_result_types(WASMFunctionInstanceCommon *const func_inst,
wasm_runtime_get_function_type(func_inst, module_inst->module_type);
uint32 i;
bh_assert(type);
for (i = 0; i < type->result_count; i++) {
result_types[i] =
val_type_to_val_kind(type->types[type->param_count + i]);

2
core/iwasm/libraries/debug-engine/handler.c
View File

@ -374,6 +374,8 @@ send_thread_stop_status(WASMGDBServer *server, uint32 status, korp_tid tid)
exec_env = wasm_debug_instance_get_current_env(
(WASMDebugInstance *)server->thread->debug_instance);
bh_assert(exec_env);
exception =
wasm_runtime_get_exception(wasm_runtime_get_module_inst(exec_env));
if (exception) {

8
core/shared/platform/common/math/math.c
View File

@ -1091,7 +1091,7 @@ static float
freebsd_fminf(float x, float y)
{
if (is_little_endian()) {
IEEEf2bits_L u[2];
IEEEf2bits_L u[2] = { 0 };
u[0].f = x;
u[1].f = y;
@ -1107,7 +1107,7 @@ freebsd_fminf(float x, float y)
return (u[u[1].bits.sign].f);
}
else {
IEEEf2bits_B u[2];
IEEEf2bits_B u[2] = { 0 };
u[0].f = x;
u[1].f = y;
@ -1130,7 +1130,7 @@ static float
freebsd_fmaxf(float x, float y)
{
if (is_little_endian()) {
IEEEf2bits_L u[2];
IEEEf2bits_L u[2] = { 0 };
u[0].f = x;
u[1].f = y;
@ -1146,7 +1146,7 @@ freebsd_fmaxf(float x, float y)
return (u[u[0].bits.sign].f);
}
else {
IEEEf2bits_B u[2];
IEEEf2bits_B u[2] = { 0 };
u[0].f = x;
u[1].f = y;

25
core/shared/utils/bh_vector.c
View File

@ -42,7 +42,8 @@ extend_vector(Vector *vector, size_t length)
return false;
}
memcpy(data, vector->data, vector->size_elem * vector->max_elems);
bh_memcpy_s(data, vector->size_elem * length, vector->data,
vector->size_elem * vector->max_elems);
BH_FREE(vector->data);
vector->data = data;
@ -109,8 +110,8 @@ bh_vector_set(Vector *vector, uint32 index, const void *elem_buf)
if (vector->lock)
os_mutex_lock(vector->lock);
memcpy(vector->data + vector->size_elem * index, elem_buf,
vector->size_elem);
bh_memcpy_s(vector->data + vector->size_elem * index, vector->size_elem,
elem_buf, vector->size_elem);
if (vector->lock)
os_mutex_unlock(vector->lock);
return true;
@ -131,8 +132,8 @@ bh_vector_get(Vector *vector, uint32 index, void *elem_buf)
if (vector->lock)
os_mutex_lock(vector->lock);
memcpy(elem_buf, vector->data + vector->size_elem * index,
vector->size_elem);
bh_memcpy_s(elem_buf, vector->size_elem,
vector->data + vector->size_elem * index, vector->size_elem);
if (vector->lock)
os_mutex_unlock(vector->lock);
return true;
@ -165,11 +166,12 @@ bh_vector_insert(Vector *vector, uint32 index, const void *elem_buf)
p = vector->data + vector->size_elem * vector->num_elems;
for (i = vector->num_elems - 1; i > index; i--) {
memcpy(p, p - vector->size_elem, vector->size_elem);
bh_memcpy_s(p, vector->size_elem, p - vector->size_elem,
vector->size_elem);
p -= vector->size_elem;
}
memcpy(p, elem_buf, vector->size_elem);
bh_memcpy_s(p, vector->size_elem, elem_buf, vector->size_elem);
vector->num_elems++;
ret = true;
@ -199,8 +201,8 @@ bh_vector_append(Vector *vector, const void *elem_buf)
goto unlock_return;
}
memcpy(vector->data + vector->size_elem * vector->num_elems, elem_buf,
vector->size_elem);
bh_memcpy_s(vector->data + vector->size_elem * vector->num_elems,
vector->size_elem, elem_buf, vector->size_elem);
vector->num_elems++;
ret = true;
@ -232,11 +234,12 @@ bh_vector_remove(Vector *vector, uint32 index, void *old_elem_buf)
p = vector->data + vector->size_elem * index;
if (old_elem_buf) {
memcpy(old_elem_buf, p, vector->size_elem);
bh_memcpy_s(old_elem_buf, vector->size_elem, p, vector->size_elem);
}
for (i = index; i < vector->num_elems - 1; i++) {
memcpy(p, p + vector->size_elem, vector->size_elem);
bh_memcpy_s(p, vector->size_elem, p + vector->size_elem,
vector->size_elem);
p += vector->size_elem;
}