From 6ffea886d356aa1d1dbc457613f9f30e327e391b Mon Sep 17 00:00:00 2001
From: yinjiaming <yinjiaming@huawei.com>
Date: Mon, 14 Feb 2022 08:32:16 +0000
Subject: [PATCH] =?UTF-8?q?fix:=20=E7=BC=96=E8=AF=91=E5=91=8A=E8=AD=A6?=
 =?UTF-8?q?=E6=B8=85=E9=9B=B6=20=E3=80=90=E8=83=8C=E6=99=AF=E3=80=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

3.0 LTS 告警清零

【修改方案】
添加了安全函数的检查,将不安全的函数改写为安全函数

【影响】
对现有的产品编译不会有影响。

re #I4TM2U

Signed-off-by: yinjiaming <yinjiaming@huawei.com>
Change-Id: I4479172e755821916aa6f299607fdceac763d468
---
 components/shell/src/base/shmsg.c                     |  3 +++
 components/shell/src/cmds/vfs_shellcmd.c              |  5 ++++-
 .../gcc/nmsis/NN/Include/riscv_nnsupportfunctions.h   | 11 +++++++++--
 testsuits/sample/kernel/mem/It_los_mem_046.c          |  3 ++-
 .../unittest/fuzz/src/regex/it_test_regex_fuzz.c      |  6 +++++-
 5 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/components/shell/src/base/shmsg.c b/components/shell/src/base/shmsg.c
index 4176e1df..c338cce0 100755
--- a/components/shell/src/base/shmsg.c
+++ b/components/shell/src/base/shmsg.c
@@ -138,6 +138,9 @@ UINT32 PreHandleCmdline(const CHAR *input, CHAR **output, UINT32 *outputlen)
     UINT32 ret;
     const CHAR *cmdBuf = input;
     UINT32 cmdBufLen = strlen(cmdBuf);
+    if ((cmdBufLen + 1) > SHELL_CMD_MAX_SIZE) {
+        return SH_NOK;
+    }
     CHAR *shiftStr = (CHAR *)malloc(cmdBufLen + 1);
 
     if (shiftStr == NULL) {
diff --git a/components/shell/src/cmds/vfs_shellcmd.c b/components/shell/src/cmds/vfs_shellcmd.c
index bfe025ea..da061275 100755
--- a/components/shell/src/cmds/vfs_shellcmd.c
+++ b/components/shell/src/cmds/vfs_shellcmd.c
@@ -523,7 +523,10 @@ static int OsShellCmdDoRmdir(const char *pathname)
     char *fullpath = NULL;
     int ret;
 
-    (void)memset_s(&statInfo, sizeof(statInfo), 0, sizeof(struct stat));
+    ret = memset_s(&statInfo, sizeof(struct stat), 0, sizeof(struct stat));
+    if (ret != 0) {
+        return -1;
+    }
     if (stat(pathname, &statInfo) != 0) {
         return -1;
     }
diff --git a/kernel/arch/risc-v/nuclei/gcc/nmsis/NN/Include/riscv_nnsupportfunctions.h b/kernel/arch/risc-v/nuclei/gcc/nmsis/NN/Include/riscv_nnsupportfunctions.h
index 6061f08d..f064a101 100644
--- a/kernel/arch/risc-v/nuclei/gcc/nmsis/NN/Include/riscv_nnsupportfunctions.h
+++ b/kernel/arch/risc-v/nuclei/gcc/nmsis/NN/Include/riscv_nnsupportfunctions.h
@@ -338,8 +338,12 @@ __STATIC_FORCEINLINE q31_t riscv_nn_requantize(const q31_t val, const q31_t mult
 __STATIC_FORCEINLINE q31_t riscv_nn_read_q15x2_ia(const q15_t **in_q15)
 {
   q31_t val;
+  int ret;
 
-  memcpy(&val, *in_q15, 4);
+  ret = memcpy_s(&val, sizeof(q31_t), *in_q15, 4); // 4: data offset
+  if (ret != 0) {
+      return 0;
+  }
   *in_q15 += 2;
 
   return (val);
@@ -353,7 +357,10 @@ __STATIC_FORCEINLINE q31_t riscv_nn_read_q15x2_ia(const q15_t **in_q15)
 __STATIC_FORCEINLINE q31_t riscv_nn_read_q7x4_ia(const q7_t **in_q7)
 {
   q31_t val;
-  memcpy(&val, *in_q7, 4);
+  int ret = memcpy_s(&val, sizeof(q31_t), *in_q7, 4); // 4: data offset
+  if (ret != 0) {
+      return 0;
+  }
   *in_q7 += 4;
 
   return (val);
diff --git a/testsuits/sample/kernel/mem/It_los_mem_046.c b/testsuits/sample/kernel/mem/It_los_mem_046.c
index 2a36be9b..cb75b760 100644
--- a/testsuits/sample/kernel/mem/It_los_mem_046.c
+++ b/testsuits/sample/kernel/mem/It_los_mem_046.c
@@ -34,6 +34,7 @@
 
 #if (LOSCFG_MEM_MUL_REGIONS == 1)
 
+#define MEMGAP_SIZE 16
 // simulate two non-continuous memory regions
 STATIC UINT8 g_memPool_TC46_01[0x200];
 STATIC UINT8 g_memGap_TC46[0x10];
@@ -57,7 +58,7 @@ static UINT32 TestCase(VOID)
 
     // p points to the start address of the gap node between g_memPool_TC46_01 and g_memPool_TC46_02
     p = g_memPool_TC46_01 + 0x200;
-    (void)memset_s(g_memGap_TC46, 0x10, 1, 0x10);
+    (void)memset_s(g_memGap_TC46, MEMGAP_SIZE, 1, MEMGAP_SIZE);
 
     ret = LOS_MemFree(m_aucSysMem0, p);
     ICUNIT_GOTO_EQUAL(ret, LOS_NOK, ret, EXIT);
diff --git a/testsuits/unittest/fuzz/src/regex/it_test_regex_fuzz.c b/testsuits/unittest/fuzz/src/regex/it_test_regex_fuzz.c
index 7c96edb1..d18e3df7 100644
--- a/testsuits/unittest/fuzz/src/regex/it_test_regex_fuzz.c
+++ b/testsuits/unittest/fuzz/src/regex/it_test_regex_fuzz.c
@@ -73,7 +73,11 @@ static uint32_t RegexFuzz(void)
         heartbeatPrint(i);
 
         string1 = DT_SetGetString(&g_element[NUM_0_INDEX], initStrLen, maxStrLen, "CHN");
-        (void)strncpy_s(str1, MAX_STR_BUF_LEN, string1, maxStrLen);
+        ret = strncpy_s(str1, MAX_STR_BUF_LEN, string1, maxStrLen);
+        if (ret != 0) {
+            printf("strncpy_s failure in %s[%d], i = %d\n", __FUCTION__, __LINE__, i);
+            return 1;
+        }
         str1[MAX_STR_BUF_LEN - 1] = '\0';
         string2 = DT_SetGetString(&g_element[NUM_1_INDEX], initStrLen, maxStrLen, "CHN");
         (void)strncpy_s(str2, MAX_STR_BUF_LEN, string2, maxStrLen);