Fix some issues reported by klocwork (#1233)

Change memcpy to bh_memcpy_s and add some asserts to enhance the security.
2022-06-16 19:50:47 +08:00
parent 188d5e70e9
commit 4b38205023
6 changed files with 38 additions and 22 deletions
--- a/core/shared/utils/bh_vector.c
+++ b/core/shared/utils/bh_vector.c
@ -42,7 +42,8 @@ extend_vector(Vector *vector, size_t length)
        return false;
    }

-    memcpy(data, vector->data, vector->size_elem * vector->max_elems);
+    bh_memcpy_s(data, vector->size_elem * length, vector->data,
+                vector->size_elem * vector->max_elems);
    BH_FREE(vector->data);

    vector->data = data;
@ -109,8 +110,8 @@ bh_vector_set(Vector *vector, uint32 index, const void *elem_buf)

    if (vector->lock)
        os_mutex_lock(vector->lock);
-    memcpy(vector->data + vector->size_elem * index, elem_buf,
-           vector->size_elem);
+    bh_memcpy_s(vector->data + vector->size_elem * index, vector->size_elem,
+                elem_buf, vector->size_elem);
    if (vector->lock)
        os_mutex_unlock(vector->lock);
    return true;
@ -131,8 +132,8 @@ bh_vector_get(Vector *vector, uint32 index, void *elem_buf)

    if (vector->lock)
        os_mutex_lock(vector->lock);
-    memcpy(elem_buf, vector->data + vector->size_elem * index,
-           vector->size_elem);
+    bh_memcpy_s(elem_buf, vector->size_elem,
+                vector->data + vector->size_elem * index, vector->size_elem);
    if (vector->lock)
        os_mutex_unlock(vector->lock);
    return true;
@ -165,11 +166,12 @@ bh_vector_insert(Vector *vector, uint32 index, const void *elem_buf)

    p = vector->data + vector->size_elem * vector->num_elems;
    for (i = vector->num_elems - 1; i > index; i--) {
-        memcpy(p, p - vector->size_elem, vector->size_elem);
+        bh_memcpy_s(p, vector->size_elem, p - vector->size_elem,
+                    vector->size_elem);
        p -= vector->size_elem;
    }

-    memcpy(p, elem_buf, vector->size_elem);
+    bh_memcpy_s(p, vector->size_elem, elem_buf, vector->size_elem);
    vector->num_elems++;
    ret = true;

@ -199,8 +201,8 @@ bh_vector_append(Vector *vector, const void *elem_buf)
        goto unlock_return;
    }

-    memcpy(vector->data + vector->size_elem * vector->num_elems, elem_buf,
-           vector->size_elem);
+    bh_memcpy_s(vector->data + vector->size_elem * vector->num_elems,
+                vector->size_elem, elem_buf, vector->size_elem);
    vector->num_elems++;
    ret = true;

@ -232,11 +234,12 @@ bh_vector_remove(Vector *vector, uint32 index, void *old_elem_buf)
    p = vector->data + vector->size_elem * index;

    if (old_elem_buf) {
-        memcpy(old_elem_buf, p, vector->size_elem);
+        bh_memcpy_s(old_elem_buf, vector->size_elem, p, vector->size_elem);
    }

    for (i = index; i < vector->num_elems - 1; i++) {
-        memcpy(p, p + vector->size_elem, vector->size_elem);
+        bh_memcpy_s(p, vector->size_elem, p + vector->size_elem,
+                    vector->size_elem);
        p += vector->size_elem;
    }