提交 07e3feb4 编写于 作者: Z zhangdengyu

fix: 增强对LOS_ArchCopyToUser接口的安全防护

Close: #I61CLY
Signed-off-by: Nzhangdengyu <zhangdengyu2@huawei.com>
Change-Id: I0faf8e5849c24b108f290e483124f3edaf70ef50
上级 4d1fd22b
...@@ -604,7 +604,7 @@ INT32 ShmCtl(INT32 shmid, INT32 cmd, struct shmid_ds *buf) ...@@ -604,7 +604,7 @@ INT32 ShmCtl(INT32 shmid, INT32 cmd, struct shmid_ds *buf)
{ {
struct shmIDSource *seg = NULL; struct shmIDSource *seg = NULL;
INT32 ret = 0; INT32 ret = 0;
struct shm_info shmInfo; struct shm_info shmInfo = { 0 };
struct ipc_perm shm_perm; struct ipc_perm shm_perm;
cmd = ((UINT32)cmd & ~IPC_64); cmd = ((UINT32)cmd & ~IPC_64);
......
...@@ -1520,7 +1520,7 @@ ssize_t SysPread64(int fd, void *buf, size_t nbytes, off64_t offset) ...@@ -1520,7 +1520,7 @@ ssize_t SysPread64(int fd, void *buf, size_t nbytes, off64_t offset)
if (bufRet == NULL) { if (bufRet == NULL) {
return -ENOMEM; return -ENOMEM;
} }
(void)memset_s(bufRet, nbytes, 0, nbytes);
ret = pread64(fd, (buf ? bufRet : NULL), nbytes, offset); ret = pread64(fd, (buf ? bufRet : NULL), nbytes, offset);
if (ret < 0) { if (ret < 0) {
(void)LOS_MemFree(OS_SYS_MEM_ADDR, bufRet); (void)LOS_MemFree(OS_SYS_MEM_ADDR, bufRet);
......
...@@ -106,7 +106,8 @@ int SysMqNotify(mqd_t personal, const struct sigevent *sigev) ...@@ -106,7 +106,8 @@ int SysMqNotify(mqd_t personal, const struct sigevent *sigev)
int SysMqGetSetAttr(mqd_t mqd, const struct mq_attr *new, struct mq_attr *old) int SysMqGetSetAttr(mqd_t mqd, const struct mq_attr *new, struct mq_attr *old)
{ {
int ret; int ret;
struct mq_attr knew, kold; struct mq_attr knew;
struct mq_attr kold = { 0 };
if (new != NULL) { if (new != NULL) {
ret = LOS_ArchCopyFromUser(&knew, new, sizeof(struct mq_attr)); ret = LOS_ArchCopyFromUser(&knew, new, sizeof(struct mq_attr));
...@@ -256,7 +257,7 @@ int SysSigTimedWait(const sigset_t_l *setl, siginfo_t *info, const struct timesp ...@@ -256,7 +257,7 @@ int SysSigTimedWait(const sigset_t_l *setl, siginfo_t *info, const struct timesp
sigset_t set; sigset_t set;
unsigned int tick; unsigned int tick;
int retVal, ret; int retVal, ret;
siginfo_t infoIntr; siginfo_t infoIntr = { 0 };
struct timespec timeoutIntr; struct timespec timeoutIntr;
retVal = LOS_ArchCopyFromUser(&set, &(setl->sig[0]), sizeof(sigset_t)); retVal = LOS_ArchCopyFromUser(&set, &(setl->sig[0]), sizeof(sigset_t));
......
...@@ -208,7 +208,7 @@ long SysSysconf(int name) ...@@ -208,7 +208,7 @@ long SysSysconf(int name)
int SysUgetrlimit(int resource, unsigned long long k_rlim[2]) int SysUgetrlimit(int resource, unsigned long long k_rlim[2])
{ {
int ret; int ret;
struct rlimit lim; struct rlimit lim = { 0 };
ret = getrlimit(resource, &lim); ret = getrlimit(resource, &lim);
if (ret < 0) { if (ret < 0) {
......
...@@ -255,7 +255,7 @@ int SysSchedRRGetInterval(int pid, struct timespec *tp) ...@@ -255,7 +255,7 @@ int SysSchedRRGetInterval(int pid, struct timespec *tp)
int ret; int ret;
SchedParam param = { 0 }; SchedParam param = { 0 };
time_t timeSlice = 0; time_t timeSlice = 0;
struct timespec tv; struct timespec tv = { 0 };
LosTaskCB *taskCB = NULL; LosTaskCB *taskCB = NULL;
LosProcessCB *processCB = NULL; LosProcessCB *processCB = NULL;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册