diff --git a/components/shell/src/base/shmsg.c b/components/shell/src/base/shmsg.c index 4176e1df..c338cce0 100755 --- a/components/shell/src/base/shmsg.c +++ b/components/shell/src/base/shmsg.c @@ -138,6 +138,9 @@ UINT32 PreHandleCmdline(const CHAR *input, CHAR **output, UINT32 *outputlen) UINT32 ret; const CHAR *cmdBuf = input; UINT32 cmdBufLen = strlen(cmdBuf); + if ((cmdBufLen + 1) > SHELL_CMD_MAX_SIZE) { + return SH_NOK; + } CHAR *shiftStr = (CHAR *)malloc(cmdBufLen + 1); if (shiftStr == NULL) { diff --git a/components/shell/src/cmds/vfs_shellcmd.c b/components/shell/src/cmds/vfs_shellcmd.c index bfe025ea..da061275 100755 --- a/components/shell/src/cmds/vfs_shellcmd.c +++ b/components/shell/src/cmds/vfs_shellcmd.c @@ -523,7 +523,10 @@ static int OsShellCmdDoRmdir(const char *pathname) char *fullpath = NULL; int ret; - (void)memset_s(&statInfo, sizeof(statInfo), 0, sizeof(struct stat)); + ret = memset_s(&statInfo, sizeof(struct stat), 0, sizeof(struct stat)); + if (ret != 0) { + return -1; + } if (stat(pathname, &statInfo) != 0) { return -1; } diff --git a/kernel/arch/risc-v/nuclei/gcc/nmsis/NN/Include/riscv_nnsupportfunctions.h b/kernel/arch/risc-v/nuclei/gcc/nmsis/NN/Include/riscv_nnsupportfunctions.h index 6061f08d..f064a101 100644 --- a/kernel/arch/risc-v/nuclei/gcc/nmsis/NN/Include/riscv_nnsupportfunctions.h +++ b/kernel/arch/risc-v/nuclei/gcc/nmsis/NN/Include/riscv_nnsupportfunctions.h @@ -338,8 +338,12 @@ __STATIC_FORCEINLINE q31_t riscv_nn_requantize(const q31_t val, const q31_t mult __STATIC_FORCEINLINE q31_t riscv_nn_read_q15x2_ia(const q15_t **in_q15) { q31_t val; + int ret; - memcpy(&val, *in_q15, 4); + ret = memcpy_s(&val, sizeof(q31_t), *in_q15, 4); // 4: data offset + if (ret != 0) { + return 0; + } *in_q15 += 2; return (val); @@ -353,7 +357,10 @@ __STATIC_FORCEINLINE q31_t riscv_nn_read_q15x2_ia(const q15_t **in_q15) __STATIC_FORCEINLINE q31_t riscv_nn_read_q7x4_ia(const q7_t **in_q7) { q31_t val; - memcpy(&val, *in_q7, 4); + int ret = memcpy_s(&val, sizeof(q31_t), *in_q7, 4); // 4: data offset + if (ret != 0) { + return 0; + } *in_q7 += 4; return (val); diff --git a/testsuits/sample/kernel/mem/It_los_mem_046.c b/testsuits/sample/kernel/mem/It_los_mem_046.c index 2a36be9b..cb75b760 100644 --- a/testsuits/sample/kernel/mem/It_los_mem_046.c +++ b/testsuits/sample/kernel/mem/It_los_mem_046.c @@ -34,6 +34,7 @@ #if (LOSCFG_MEM_MUL_REGIONS == 1) +#define MEMGAP_SIZE 16 // simulate two non-continuous memory regions STATIC UINT8 g_memPool_TC46_01[0x200]; STATIC UINT8 g_memGap_TC46[0x10]; @@ -57,7 +58,7 @@ static UINT32 TestCase(VOID) // p points to the start address of the gap node between g_memPool_TC46_01 and g_memPool_TC46_02 p = g_memPool_TC46_01 + 0x200; - (void)memset_s(g_memGap_TC46, 0x10, 1, 0x10); + (void)memset_s(g_memGap_TC46, MEMGAP_SIZE, 1, MEMGAP_SIZE); ret = LOS_MemFree(m_aucSysMem0, p); ICUNIT_GOTO_EQUAL(ret, LOS_NOK, ret, EXIT); diff --git a/testsuits/unittest/fuzz/src/regex/it_test_regex_fuzz.c b/testsuits/unittest/fuzz/src/regex/it_test_regex_fuzz.c index 7c96edb1..d18e3df7 100644 --- a/testsuits/unittest/fuzz/src/regex/it_test_regex_fuzz.c +++ b/testsuits/unittest/fuzz/src/regex/it_test_regex_fuzz.c @@ -73,7 +73,11 @@ static uint32_t RegexFuzz(void) heartbeatPrint(i); string1 = DT_SetGetString(&g_element[NUM_0_INDEX], initStrLen, maxStrLen, "CHN"); - (void)strncpy_s(str1, MAX_STR_BUF_LEN, string1, maxStrLen); + ret = strncpy_s(str1, MAX_STR_BUF_LEN, string1, maxStrLen); + if (ret != 0) { + printf("strncpy_s failure in %s[%d], i = %d\n", __FUCTION__, __LINE__, i); + return 1; + } str1[MAX_STR_BUF_LEN - 1] = '\0'; string2 = DT_SetGetString(&g_element[NUM_1_INDEX], initStrLen, maxStrLen, "CHN"); (void)strncpy_s(str2, MAX_STR_BUF_LEN, string2, maxStrLen);