Fix some issues reported by klocwork (#1233)

Change memcpy to bh_memcpy_s and add some asserts to enhance the security.
2022-06-16 19:50:47 +08:00
parent 188d5e70e9
commit 4b38205023
6 changed files with 38 additions and 22 deletions
--- a/core/iwasm/common/wasm_application.c
+++ b/core/iwasm/common/wasm_application.c
@ -485,7 +485,7 @@ execute_func(WASMModuleInstanceCommon *module_inst, const char *name,
                            u.ieee.ieee_little_endian.negative = 1;
                        else
                            u.ieee.ieee_big_endian.negative = 1;
-                        memcpy(&f32, &u.f, sizeof(float));
+                        bh_memcpy_s(&f32, sizeof(float), &u.f, sizeof(float));
                    }
                    if (endptr[0] == ':') {
                        uint32 sig;
@ -496,10 +496,11 @@ execute_func(WASMModuleInstanceCommon *module_inst, const char *name,
                            u.ieee.ieee_little_endian.mantissa = sig;
                        else
                            u.ieee.ieee_big_endian.mantissa = sig;
-                        memcpy(&f32, &u.f, sizeof(float));
+                        bh_memcpy_s(&f32, sizeof(float), &u.f, sizeof(float));
                    }
                }
-                memcpy(&argv1[p++], &f32, sizeof(float));
+                bh_memcpy_s(&argv1[p], total_size - p, &f32, sizeof(float));
+                p++;
                break;
            }
            case VALUE_TYPE_F64:
@ -517,7 +518,8 @@ execute_func(WASMModuleInstanceCommon *module_inst, const char *name,
                            ud.ieee.ieee_little_endian.negative = 1;
                        else
                            ud.ieee.ieee_big_endian.negative = 1;
-                        memcpy(&u.val, &ud.d, sizeof(double));
+                        bh_memcpy_s(&u.val, sizeof(double), &ud.d,
+                                    sizeof(double));
                    }
                    if (endptr[0] == ':') {
                        uint64 sig;
@ -532,7 +534,8 @@ execute_func(WASMModuleInstanceCommon *module_inst, const char *name,
                            ud.ieee.ieee_big_endian.mantissa0 = sig >> 32;
                            ud.ieee.ieee_big_endian.mantissa1 = (uint32)sig;
                        }
-                        memcpy(&u.val, &ud.d, sizeof(double));
+                        bh_memcpy_s(&u.val, sizeof(double), &ud.d,
+                                    sizeof(double));
                    }
                }
                argv1[p++] = u.parts[0];
--- a/core/iwasm/common/wasm_runtime_common.c
+++ b/core/iwasm/common/wasm_runtime_common.c
@ -1245,6 +1245,8 @@ wasm_func_get_param_count(WASMFunctionInstanceCommon *const func_inst,
 {
    WASMType *type =
        wasm_runtime_get_function_type(func_inst, module_inst->module_type);
+    bh_assert(type);
+
    return type->param_count;
 }

@ -1254,6 +1256,8 @@ wasm_func_get_result_count(WASMFunctionInstanceCommon *const func_inst,
 {
    WASMType *type =
        wasm_runtime_get_function_type(func_inst, module_inst->module_type);
+    bh_assert(type);
+
    return type->result_count;
 }

@ -1288,6 +1292,8 @@ wasm_func_get_param_types(WASMFunctionInstanceCommon *const func_inst,
        wasm_runtime_get_function_type(func_inst, module_inst->module_type);
    uint32 i;

+    bh_assert(type);
+
    for (i = 0; i < type->param_count; i++) {
        param_types[i] = val_type_to_val_kind(type->types[i]);
    }
@ -1302,6 +1308,8 @@ wasm_func_get_result_types(WASMFunctionInstanceCommon *const func_inst,
        wasm_runtime_get_function_type(func_inst, module_inst->module_type);
    uint32 i;

+    bh_assert(type);
+
    for (i = 0; i < type->result_count; i++) {
        result_types[i] =
            val_type_to_val_kind(type->types[type->param_count + i]);