fixed potential security issues

23e35e05 · 忠阳 · xiaoyi.yl · 8f443887 · 23e35e05 · 23e35e05
隐藏空白更改
内联并排

Showing with 11 addition and 8 deletion

src/LogRecord.cpp src/LogRecord.cpp +1 -0

src/MetaInfo.cpp src/MetaInfo.cpp +4 -2

src/MsgVarArea.cpp src/MsgVarArea.cpp +6 -6

未找到文件。
--- a/src/LogRecord.cpp
+++ b/src/LogRecord.cpp
@@ -172,6 +172,7 @@ struct LogRecInfo {
        m_endInfo(NULL),
        m_lrDataArea(NULL),
        m_tblMeta(NULL),
+        m_dbMeta(NULL),
        m_expiredMetaDataCollections(NULL),
        useDMB(false),
        m_reservedMemory(false)

--- a/src/MetaInfo.cpp
+++ b/src/MetaInfo.cpp
@@ -443,6 +443,8 @@ struct TableMetaInfo : public MetaInfo {
  TableMetaInfo(const void* ptr, size_t size)
      : MetaInfo(sizeof(TableMetaHeader), false), m_tblMetaHeader(NULL), m_dbMeta(NULL)
  {
+    m_pkIndice = NULL;
+    m_ukIndice = NULL;
    parse(ptr, size);
  }

@@ -749,7 +751,7 @@ void ITableMeta::setPKs(const char* pks)
 {
  m_tbl->m_tblMetaHeader->m_pksOffset = m_tbl->m_data.appendString(pks);
  char* cpks = new char[strlen(pks) + 1];
-  char* src = strcpy(cpks, pks);
+  char* src = strncpy(cpks, pks, strlen(pks) + 1);
  char *token, *save;
  do {
    token = strtok_r(src, ",", &save);
@@ -804,7 +806,7 @@ void ITableMeta::setUKs(const char* uks)
 {
  m_tbl->m_tblMetaHeader->m_uksOffset = m_tbl->m_data.appendString(uks);
  char* cpks = new char[strlen(uks) + 1];
-  char* src = strcpy(cpks, uks);
+  char* src = strncpy(cpks, uks, strlen(uks) + 1);
  char *token, *save;
  do {
    token = strtok_r(src, ",", &save);

--- a/src/MsgVarArea.cpp
+++ b/src/MsgVarArea.cpp
@@ -174,7 +174,7 @@ size_t MsgVarArea::appendStringArray(const BinLogBuf* sa, size_t size)
  STRLEN_TYPE* slen = new STRLEN_TYPE[count];
  const char* strData[count];
  size_t offset = m_data.length() - sizeof(VarAreaHeader);
-
+  memset(strData, 0, sizeof(const char*) * count);
  for (i = 0; i < count; ++i) {
    if (sa[i].buf == NULL)
      slen[i] = 0;
@@ -417,7 +417,7 @@ int MsgVarArea::getField(size_t offset, const void*& ptr, size_t& size)
 {
  if (!m_parsedOK && !m_creating)
    return -1;
-  if (offset < 0 || offset >= m_areaSize)
+  if (offset >= m_areaSize)
    return -2;
  const char* p = m_areaPtr + offset;
  DT_TYPE* t = (DT_TYPE*)p;
@@ -494,7 +494,7 @@ int MsgVarArea::getString(size_t offset, const char*& s, size_t& length)
 {
  if (!m_parsedOK && !m_creating)
    return -1;
-  if (offset < 0 || offset >= m_areaSize)
+  if (offset >= m_areaSize)
    return -2;
  const char* p = m_areaPtr + offset;
  DT_TYPE* t = (DT_TYPE*)p;
@@ -535,7 +535,7 @@ int MsgVarArea::getStringArray(size_t offset, const char*& saPtr, size_t& count,
 {
  if (!m_parsedOK && !m_creating)
    return -1;
-  if (offset < 0 || offset >= m_areaSize)
+  if (offset >= m_areaSize)
    return -2;
  const char* p = m_areaPtr + offset;
  DT_TYPE* t = (DT_TYPE*)p;
@@ -571,7 +571,7 @@ void MsgVarArea::getString(size_t offset, const int off, char*& v, size_t& size)
  const char* pos = m_areaPtr + offset;
  COUNT_TYPE count = *(COUNT_TYPE*)(pos + sizeof(DT_TYPE));
  toLeEndian(&count, sizeof(COUNT_TYPE));
-  if (offset < 0 || offset >= m_areaSize || off < 0 || off > count) {
+  if (offset >= m_areaSize || off < 0 || off > count) {
    v = NULL;
    size = 0;
    return;
@@ -614,7 +614,7 @@ int MsgVarArea::getArray(size_t offset, const void*& a, size_t& elSize, size_t&

  if (!m_parsedOK && !m_creating)
    return -1;
-  if (offset < 0 || offset >= m_areaSize)
+  if (offset >= m_areaSize)
    return -2;
  const char* p = m_areaPtr + offset;
  DT_TYPE* t = (DT_TYPE*)p;