diff options
author | Michael Butler <butlermichael@google.com> | 2017-04-19 18:47:55 -0700 |
---|---|---|
committer | Michael Butler <butlermichael@google.com> | 2017-04-25 16:24:34 -0700 |
commit | 2a1576ff5147497b18f9f62b97a6c4fa40035e93 (patch) | |
tree | efc3dabf8989ce12e8b0de7b900ed6935acad6a7 /cpu_ref | |
parent | 0d2f0c9bd05c220cf5aad50bb5315e57db110665 (diff) | |
download | rs-2a1576ff5147497b18f9f62b97a6c4fa40035e93.tar.gz |
Fix clang-analyzer-security warnings for RenderScript
Replace unsafe strcpy and strcat with bounded strlcpy and strlcat.
Bug: 32511607
Test: mma, cts, vts
Change-Id: I92bc8142f82eaf78f4465bf061871cad864c53b8
(cherry picked from commit ca451c3280b6265a9b79273b4bf89e121a050cab)
Diffstat (limited to 'cpu_ref')
-rw-r--r-- | cpu_ref/rsCpuCore.cpp | 4 | ||||
-rw-r--r-- | cpu_ref/rsCpuExecutable.cpp | 24 |
2 files changed, 17 insertions, 11 deletions
diff --git a/cpu_ref/rsCpuCore.cpp b/cpu_ref/rsCpuCore.cpp index 43e45218..f4f9c4c9 100644 --- a/cpu_ref/rsCpuCore.cpp +++ b/cpu_ref/rsCpuCore.cpp @@ -483,7 +483,7 @@ static const int kFormatInBytesMax = 16; // ": " + 2 digits per byte + 1 separator between bytes + "..." + null typedef char FormatBuf[2 + kFormatInBytesMax*2 + (kFormatInBytesMax - 1) + 3 + 1]; static const char *format_bytes(FormatBuf *outBuf, const uint8_t *inBuf, const int inBytes) { - strcpy(*outBuf, ": "); + strlcpy(*outBuf, ": ", sizeof(FormatBuf)); int pos = 2; const int lim = std::min(kFormatInBytesMax, inBytes); for (int i = 0; i < lim; ++i) { @@ -495,7 +495,7 @@ static const char *format_bytes(FormatBuf *outBuf, const uint8_t *inBuf, const i pos += 2; } if (kFormatInBytesMax < inBytes) - strcpy(*outBuf + pos, "..."); + strlcpy(*outBuf + pos, "...", sizeof(FormatBuf) - pos); return *outBuf; } diff --git a/cpu_ref/rsCpuExecutable.cpp b/cpu_ref/rsCpuExecutable.cpp index ad45eba9..b670838a 100644 --- a/cpu_ref/rsCpuExecutable.cpp +++ b/cpu_ref/rsCpuExecutable.cpp @@ -299,6 +299,18 @@ static char* strgets(char *s, int size, const char **ppstr) { return s; } +// Creates a duplicate of a string. The new string is as small as possible, +// only including characters up to and including the first null-terminator; +// otherwise, the new string will be the same size as the input string. +// The code that calls duplicateString is responsible for the new string's +// lifetime, and is responsible for freeing it when it is no longer needed. +static char* duplicateString(const char *str, size_t length) { + const size_t newLen = strnlen(str, length-1) + 1; + char *newStr = new char[newLen]; + strlcpy(newStr, str, newLen); + return newStr; +} + ScriptExecutable* ScriptExecutable::createFromSharedObject( void* sharedObj, uint32_t expectedChecksum) { char line[MAXLINE]; @@ -369,8 +381,7 @@ ScriptExecutable* ScriptExecutable::createFromSharedObject( } fieldAddress[i] = addr; fieldIsObject[i] = false; - fieldName[i] = new char[strlen(line)+1]; - strcpy(fieldName[i], line); + fieldName[i] = duplicateString(line, sizeof(line)); } if (strgets(line, MAXLINE, &rsInfo) == nullptr) { @@ -623,13 +634,8 @@ ScriptExecutable* ScriptExecutable::createFromSharedObject( goto error; } - char *pKey = new char[strlen(key)+1]; - strcpy(pKey, key); - pragmaKeys[i] = pKey; - - char *pValue = new char[strlen(value)+1]; - strcpy(pValue, value); - pragmaValues[i] = pValue; + pragmaKeys[i] = duplicateString(key, sizeof(key)); + pragmaValues[i] = duplicateString(value, sizeof(value)); //ALOGE("Pragma %zu: Key: '%s' Value: '%s'", i, pKey, pValue); } |