diff options
author | Michael Butler <butlermichael@google.com> | 2017-04-19 18:47:55 -0700 |
---|---|---|
committer | Michael Butler <butlermichael@google.com> | 2017-04-20 16:01:08 -0700 |
commit | ca451c3280b6265a9b79273b4bf89e121a050cab (patch) | |
tree | 8830ef5cc93e61b60cd1a0ee8b7324e8dcd5df6e | |
parent | 8467325c6d80de30bb86b7665cc41dff0c276e8d (diff) | |
download | rs-ca451c3280b6265a9b79273b4bf89e121a050cab.tar.gz |
Fix clang-analyzer-security warnings for RenderScript
Replace unsafe strcpy and strcat with bounded strlcpy and strlcat.
Bug: 32511607
Test: mma, cts, vts
Change-Id: I92bc8142f82eaf78f4465bf061871cad864c53b8
-rw-r--r-- | cpu_ref/rsCpuCore.cpp | 4 | ||||
-rw-r--r-- | cpu_ref/rsCpuExecutable.cpp | 24 | ||||
-rw-r--r-- | rsFont.cpp | 5 | ||||
-rw-r--r-- | rsg_generator.c | 3 |
4 files changed, 22 insertions, 14 deletions
diff --git a/cpu_ref/rsCpuCore.cpp b/cpu_ref/rsCpuCore.cpp index 43e45218..f4f9c4c9 100644 --- a/cpu_ref/rsCpuCore.cpp +++ b/cpu_ref/rsCpuCore.cpp @@ -483,7 +483,7 @@ static const int kFormatInBytesMax = 16; // ": " + 2 digits per byte + 1 separator between bytes + "..." + null typedef char FormatBuf[2 + kFormatInBytesMax*2 + (kFormatInBytesMax - 1) + 3 + 1]; static const char *format_bytes(FormatBuf *outBuf, const uint8_t *inBuf, const int inBytes) { - strcpy(*outBuf, ": "); + strlcpy(*outBuf, ": ", sizeof(FormatBuf)); int pos = 2; const int lim = std::min(kFormatInBytesMax, inBytes); for (int i = 0; i < lim; ++i) { @@ -495,7 +495,7 @@ static const char *format_bytes(FormatBuf *outBuf, const uint8_t *inBuf, const i pos += 2; } if (kFormatInBytesMax < inBytes) - strcpy(*outBuf + pos, "..."); + strlcpy(*outBuf + pos, "...", sizeof(FormatBuf) - pos); return *outBuf; } diff --git a/cpu_ref/rsCpuExecutable.cpp b/cpu_ref/rsCpuExecutable.cpp index 91d93556..fbc34935 100644 --- a/cpu_ref/rsCpuExecutable.cpp +++ b/cpu_ref/rsCpuExecutable.cpp @@ -299,6 +299,18 @@ static char* strgets(char *s, int size, const char **ppstr) { return s; } +// Creates a duplicate of a string. The new string is as small as possible, +// only including characters up to and including the first null-terminator; +// otherwise, the new string will be the same size as the input string. +// The code that calls duplicateString is responsible for the new string's +// lifetime, and is responsible for freeing it when it is no longer needed. +static char* duplicateString(const char *str, size_t length) { + const size_t newLen = strnlen(str, length-1) + 1; + char *newStr = new char[newLen]; + strlcpy(newStr, str, newLen); + return newStr; +} + ScriptExecutable* ScriptExecutable::createFromSharedObject( void* sharedObj, uint32_t expectedChecksum) { char line[MAXLINE]; @@ -369,8 +381,7 @@ ScriptExecutable* ScriptExecutable::createFromSharedObject( } fieldAddress[i] = addr; fieldIsObject[i] = false; - fieldName[i] = new char[strlen(line)+1]; - strcpy(fieldName[i], line); + fieldName[i] = duplicateString(line, sizeof(line)); } if (strgets(line, MAXLINE, &rsInfo) == nullptr) { @@ -623,13 +634,8 @@ ScriptExecutable* ScriptExecutable::createFromSharedObject( goto error; } - char *pKey = new char[strlen(key)+1]; - strcpy(pKey, key); - pragmaKeys[i] = pKey; - - char *pValue = new char[strlen(value)+1]; - strcpy(pValue, value); - pragmaValues[i] = pValue; + pragmaKeys[i] = duplicateString(key, sizeof(key)); + pragmaValues[i] = duplicateString(value, sizeof(value)); //ALOGE("Pragma %zu: Key: '%s' Value: '%s'", i, pKey, pValue); } @@ -26,6 +26,7 @@ #include FT_FREETYPE_H #include FT_BITMAP_H #endif //ANDROID_RS_SERIALIZE +#include <string.h> namespace android { namespace renderscript { @@ -754,8 +755,8 @@ void FontState::renderText(const char *text, uint32_t len, int32_t x, int32_t y, char fullPath[1024]; const char * root = getenv("ANDROID_ROOT"); rsAssert(strlen(root) < 256); - strcpy(fullPath, root); - strcat(fullPath, "/fonts/Roboto-Regular.ttf"); + strlcpy(fullPath, root, sizeof(fullPath)); + strlcat(fullPath, "/fonts/Roboto-Regular.ttf", sizeof(fullPath)); mDefault.set(Font::create(mRSC, fullPath, 8, mRSC->getDPI())); } currentFont = mDefault.get(); diff --git a/rsg_generator.c b/rsg_generator.c index d6655723..5d307708 100644 --- a/rsg_generator.c +++ b/rsg_generator.c @@ -120,7 +120,8 @@ void printFuncDecl(FILE *f, const ApiEntry *api, const char *prefix, int addCont printVarTypeAndName(f, &api->ret); if (isFnPtr) { char t[1024]; - strcpy(t, api->name); + strncpy(t, api->name, sizeof(t)-1); + t[sizeof(t)-1] = '\0'; if (strlen(prefix) == 0) { if (t[0] > 'A' && t[0] < 'Z') { t[0] -= 'A' - 'a'; |