diff --git a/0007-Fix-empty-pointer-and-overflow.patch b/0007-Fix-empty-pointer-and-overflow.patch new file mode 100644 index 0000000..cef10e6 --- /dev/null +++ b/0007-Fix-empty-pointer-and-overflow.patch @@ -0,0 +1,1001 @@ +From 2df5066a9741e9534d13bc422dad69bb6a2c12ce Mon Sep 17 00:00:00 2001 +From: jikai +Date: Mon, 28 Aug 2023 12:59:08 +0000 +Subject: [PATCH 07/11] Fix empty pointer and overflow + +Signed-off-by: jikai +--- + src/buffer.c | 4 + + src/conf.c | 63 +++++++++++-- + src/lcrcontainer.c | 135 ++------------------------- + src/lcrcontainer.h | 40 -------- + src/lcrcontainer_execute.c | 30 ++++++ + src/lcrcontainer_extend.c | 144 ++++------------------------- + src/lcrcontainer_extend.h | 11 --- + src/utils.c | 5 + + tests/fuzz/log_fuzz.cc | 2 +- + third_party/go_crc64.c | 6 +- + third_party/libocispec/common_c.py | 58 +++++++++--- + third_party/libocispec/common_h.py | 4 + + third_party/libocispec/sources.py | 26 ++++-- + 13 files changed, 192 insertions(+), 336 deletions(-) + +diff --git a/src/buffer.c b/src/buffer.c +index 39e0360..fb9e153 100644 +--- a/src/buffer.c ++++ b/src/buffer.c +@@ -158,6 +158,10 @@ static int buffer_append(Buffer *buf, const char *append, size_t length) + return -1; + } + ++ if (length == SIZE_MAX) { ++ return -1; ++ } ++ + desired_length = length + 1; + if (!buffer_has_space(buf, desired_length)) { + if (buffer_grow(buf, desired_length) != 0) { +diff --git a/src/conf.c b/src/conf.c +index 2b02887..10214f0 100644 +--- a/src/conf.c ++++ b/src/conf.c +@@ -638,6 +638,10 @@ static int trans_oci_process_prlimit(const defs_process *proc, struct lcr_list * + + for (i = 0; i < proc->rlimits_len; i++) { + defs_process_rlimits_element *lr = proc->rlimits[i]; ++ if (lr == NULL) { ++ continue; ++ } ++ + char buf_key[30] = { 0 }; + char buf_value[60] = { 0 }; + size_t j; +@@ -750,6 +754,10 @@ struct lcr_list *trans_oci_process(const defs_process *proc) + { + struct lcr_list *conf = NULL; + ++ if (proc == NULL) { ++ return NULL; ++ } ++ + conf = lcr_util_common_calloc_s(sizeof(struct lcr_list)); + if (conf == NULL) { + return NULL; +@@ -1093,7 +1101,8 @@ bool is_system_container(const oci_runtime_spec *container) + { + size_t i = 0; + for (i = 0; container->annotations != NULL && i < container->annotations->len; i++) { +- if (strcmp(container->annotations->keys[i], "system.container") == 0) { ++ if (container->annotations->keys[i] != NULL && ++ strcmp(container->annotations->keys[i], "system.container") == 0) { + return true; + } + } +@@ -1104,7 +1113,8 @@ static bool is_external_rootfs(const oci_runtime_spec *container) + { + size_t i = 0; + for (i = 0; container->annotations != NULL && i < container->annotations->len; i++) { +- if (strcmp(container->annotations->keys[i], "external.rootfs") == 0) { ++ if (container->annotations->keys[i] != NULL && ++ strcmp(container->annotations->keys[i], "external.rootfs") == 0) { + return true; + } + } +@@ -1166,8 +1176,14 @@ struct lcr_list *trans_oci_mounts(const oci_runtime_spec *c) + struct lcr_list *node = NULL; + defs_mount *tmp = NULL; + size_t i; +- bool system_container = is_system_container(c); +- bool external_rootfs = is_external_rootfs(c); ++ bool system_container = false; ++ bool external_rootfs = false; ++ ++ if (c == NULL) { ++ return NULL; ++ } ++ system_container = is_system_container(c); ++ external_rootfs = is_external_rootfs(c); + + conf = lcr_util_common_calloc_s(sizeof(*conf)); + if (conf == NULL) { +@@ -1177,7 +1193,7 @@ struct lcr_list *trans_oci_mounts(const oci_runtime_spec *c) + + for (i = 0; i < c->mounts_len; i++) { + tmp = c->mounts[i]; +- if (tmp->type == NULL) { ++ if (tmp == NULL || tmp->type == NULL) { + goto out_free; + } + +@@ -1206,6 +1222,10 @@ static int trans_one_oci_id_mapping(struct lcr_list *conf, const char *typ, cons + char buf_value[DEFAULT_BUF_LEN] = { 0 }; + char subid[ID_MAP_LEN] = { 0 }; + ++ if (id == NULL) { ++ return -1; ++ } ++ + nret = snprintf(buf_value, sizeof(buf_value), "%s %u %u %u", typ, id->container_id, id->host_id, id->size); + if (nret < 0 || (size_t)nret >= sizeof(buf_value)) { + return -1; +@@ -1570,6 +1590,10 @@ static int trans_resources_devices_v1(const defs_resources *res, struct lcr_list + + for (i = 0; i < res->devices_len; i++) { + defs_device_cgroup *lrd = res->devices[i]; ++ if (lrd == NULL) { ++ continue; ++ } ++ + if (trans_resources_devices_ret(lrd, buf_value, sizeof(buf_value)) < 0) { + goto out; + } +@@ -2006,6 +2030,10 @@ static int trans_resources_devices_v2(const defs_resources *res, struct lcr_list + + for (i = 0; i < res->devices_len; i++) { + defs_device_cgroup *lrd = res->devices[i]; ++ if (lrd == NULL) { ++ continue; ++ } ++ + if (trans_resources_devices_ret(lrd, buf_value, sizeof(buf_value)) < 0) { + goto out; + } +@@ -2492,7 +2520,7 @@ static struct lcr_list *trans_oci_namespaces(const oci_runtime_config_linux *l) + char *ns_name = NULL; + ns = l->namespaces[i]; + +- if (ns->type == NULL || ns->path == NULL) { ++ if (ns == NULL || ns->type == NULL || ns->path == NULL) { + continue; + } + +@@ -2807,6 +2835,12 @@ static int seccomp_append_rule(const defs_syscall *syscall, size_t i, Buffer *bu + ret = -1; + goto out; + } ++ ++ if (strlen(syscall->names[i]) > SIZE_MAX - strlen(action) - 2) { ++ ERROR("Out of range"); ++ ret = -1; ++ goto out; ++ } + if (buffer_nappendf(buffer, strlen(syscall->names[i]) + strlen(action) + 2, "%s %s", syscall->names[i], action)) { + ERROR("Failed to append syscall name and action\n"); + ret = -1; +@@ -2819,6 +2853,15 @@ static int seccomp_append_rule(const defs_syscall *syscall, size_t i, Buffer *bu + ret = -1; + goto out; + } ++ ++ /* Appending content is syscall->args[j]->op plus ++ * three unsigned numbers(which length is no more than 20 * 3) ++ */ ++ if (strlen(syscall->args[j]->op) > SIZE_MAX - 20 * 3) { ++ ERROR("Out of range"); ++ ret = -1; ++ goto out; ++ } + if (buffer_nappendf(buffer, 20 * 3 + strlen(syscall->args[j]->op), " [%u,%llu,%s,%llu]", + syscall->args[j]->index, syscall->args[j]->value, syscall->args[j]->op, + syscall->args[j]->value_two)) { +@@ -3032,6 +3075,10 @@ struct lcr_list *trans_oci_linux(const oci_runtime_config_linux *l, char **secco + int ret = 0; + struct lcr_list *tmp = NULL; + ++ if (l == NULL) { ++ return NULL; ++ } ++ + struct lcr_list *conf = lcr_util_common_calloc_s(sizeof(*conf)); + if (conf == NULL) { + return NULL; +@@ -3114,6 +3161,10 @@ struct lcr_list *trans_annotations(const json_map_string_string *anno) + size_t len; + int ret = 0; + ++ if (anno == NULL) { ++ return NULL; ++ } ++ + struct lcr_list *conf = lcr_util_common_calloc_s(sizeof(*conf)); + if (conf == NULL) { + return NULL; +diff --git a/src/lcrcontainer.c b/src/lcrcontainer.c +index ca587e4..f65f570 100644 +--- a/src/lcrcontainer.c ++++ b/src/lcrcontainer.c +@@ -44,52 +44,6 @@ + #include "utils.h" + #include "oci_runtime_spec.h" + +-/* +- * Free lcr_container_info array returned by lcr_list_{active,all}_containers +- */ +-void lcr_containers_info_free(struct lcr_container_info **info_arr, size_t size) +-{ +- size_t i = 0; +- struct lcr_container_info *in = NULL; +- +- if (info_arr == NULL) { +- return; +- } +- if (size == 0) { +- return; +- } +- for (i = 0, in = *info_arr; i < size; i++, in++) { +- free(in->interface); +- free(in->ipv4); +- free(in->ipv6); +- free(in->name); +- free(in->state); +- } +- free(*info_arr); +- *info_arr = NULL; +-} +- +-/* +- * Free lcr_container_info returned lcr_container_info_get +- */ +-void lcr_container_info_free(struct lcr_container_info *info) +-{ +- if (info == NULL) { +- return; +- } +- free(info->interface); +- info->interface = NULL; +- free(info->ipv4); +- info->ipv4 = NULL; +- free(info->ipv6); +- info->ipv6 = NULL; +- free(info->name); +- info->name = NULL; +- free(info->state); +- info->state = NULL; +- free(info); +-} +- + static inline bool is_container_exists(struct lxc_container *c) + { + return c->is_defined(c); +@@ -100,85 +54,6 @@ static inline bool is_container_can_control(struct lxc_container *c) + return c->may_control(c); + } + +-/* +- * Get one container info for a given name and lcrpath. +- * return struct of container info, or NULL on error. +- */ +-struct lcr_container_info *lcr_container_info_get(const char *name, const char *lcrpath) +-{ +- int nret = -1; +- struct lcr_container_info *info = NULL; +- const char *st = NULL; +- bool run_flag = false; +- +- struct lxc_container *c = lxc_container_without_config_new(name, lcrpath); +- if (c == NULL) { +- return NULL; +- } +- +- if (!is_container_exists(c)) { +- goto put_and_finish; +- } +- +- st = c->state(c); +- if (st == NULL) { +- st = "UNKNOWN"; +- } +- run_flag = (strcmp(st, "STOPPED") != 0); +- +- /* Now it makes sense to allocate memory */ +- info = lcr_util_common_calloc_s(sizeof(*info)); +- if (info == NULL) { +- nret = -1; +- goto put_and_finish; +- } +- info->init = -1; +- info->running = run_flag; +- info->name = lcr_util_strdup_s(name); +- info->state = lcr_util_strdup_s(st); +- if (run_flag) { +- info->init = c->init_pid(c); +- } +- +- nret = 0; +-put_and_finish: +- lxc_container_put(c); +- if (nret != 0) { +- lcr_container_info_free(info); +- info = NULL; +- } +- return info; +-} +- +-/* +- * Get a complete list of all containers for a given lcrpath. +- * return Number of containers, or -1 on error. +- **/ +-int lcr_list_all_containers(const char *lcrpath, struct lcr_container_info **info_arr) +-{ +- char **container = NULL; +- int n = 0; +- int nret = -1; +- size_t info_size = 0; +- const char *path = lcrpath ? lcrpath : LCRPATH; +- +- clear_error_message(&g_lcr_error); +- n = list_all_containers(path, &container, NULL); +- if (n == -1) { +- n = 0; +- } +- +- nret = lcr_containers_info_get(path, info_arr, &info_size, container, n); +- if (info_arr == NULL && nret == 0) { +- return -1; +- } else if (info_arr == NULL || nret == -1) { +- lcr_containers_info_free(info_arr, info_size); +- return -1; +- } +- +- return (int)info_size; +-} +- + static int create_partial(const struct lxc_container *c) + { + int fd = 0; +@@ -276,6 +151,16 @@ bool lcr_create(const char *name, const char *lcrpath, void *oci_config) + const char *tmp_path = lcrpath ? lcrpath : LCRPATH; + oci_runtime_spec *oci_spec = (oci_runtime_spec *)oci_config; + ++ if (name == NULL) { ++ ERROR("Missing container name"); ++ return false; ++ } ++ ++ if (oci_spec == NULL) { ++ ERROR("Empty oci config"); ++ return false; ++ } ++ + clear_error_message(&g_lcr_error); + isula_libutils_set_log_prefix(name); + +diff --git a/src/lcrcontainer.h b/src/lcrcontainer.h +index 5cb3647..b065641 100644 +--- a/src/lcrcontainer.h ++++ b/src/lcrcontainer.h +@@ -46,24 +46,6 @@ struct lcr_console_config { + char *log_file_size; + }; + +-/* +-* Store lcr container info +-*/ +-struct lcr_container_info { +- /* Name of container. */ +- char *name; +- /* State of container. */ +- char *state; +- /* Interface of container. */ +- char *interface; +- char *ipv4; +- char *ipv6; +- pid_t init; +- double ram; +- double swap; +- bool running; +-}; +- + struct blkio_stats { + uint64_t read; + uint64_t write; +@@ -129,28 +111,6 @@ struct lcr_cgroup_resources { + int64_t cpurt_runtime; + }; + +-/* +-* Get one container info for a given lcrpath. +-* return struct of container info, or NULL on error. +-*/ +-struct lcr_container_info *lcr_container_info_get(const char *name, const char *lcrpath); +- +-/* +-* Free lcr_container_info returned lcr_container_info_get +-*/ +-void lcr_container_info_free(struct lcr_container_info *info); +- +-/* +-* Get a complete list of all containers for a given lcrpath. +-* return Number of containers, or -1 on error. +-*/ +-int lcr_list_all_containers(const char *lcrpath, struct lcr_container_info **info_arr); +- +-/* +-* Free lcr_container_info array returned by lcr_list_{active,all}_containers +-*/ +-void lcr_containers_info_free(struct lcr_container_info **info_arr, size_t size); +- + /* + * Create a container + * param name : container name +diff --git a/src/lcrcontainer_execute.c b/src/lcrcontainer_execute.c +index 4c49a28..b924254 100644 +--- a/src/lcrcontainer_execute.c ++++ b/src/lcrcontainer_execute.c +@@ -749,6 +749,11 @@ bool do_update(struct lxc_container *c, const char *name, const char *lcrpath, s + { + bool bret = false; + ++ if (c == NULL) { ++ ERROR("Invalid arg c"); ++ return bret; ++ } ++ + // If container is not running, update config file is enough, + // resources will be updated when the container is started again. + // If container is running (including paused), we need to update configs +@@ -773,6 +778,16 @@ void do_lcr_state(struct lxc_container *c, struct lcr_container_state *lcs) + { + struct lxc_container_metrics lxc_metrics = { 0 }; + ++ if (c == NULL) { ++ ERROR("Invalid argument c"); ++ return; ++ } ++ ++ if (lcs == NULL) { ++ ERROR("Invalid argument lcs"); ++ return; ++ } ++ + clear_error_message(&g_lcr_error); + (void)memset(lcs, 0x00, sizeof(struct lcr_container_state)); + +@@ -925,6 +940,16 @@ bool do_attach(const char *name, const char *path, const struct lcr_exec_request + int pipefd[2] = {-1, -1}; + int status = 0; + ++ if (request == NULL) { ++ ERROR("Invalid request"); ++ return false; ++ } ++ ++ if (exit_code == NULL) { ++ ERROR("Invalid exit code"); ++ return false; ++ } ++ + if (pipe(pipefd) != 0) { + ERROR("Failed to create pipe\n"); + return false; +@@ -988,6 +1013,11 @@ void execute_lxc_start(const char *name, const char *path, const struct lcr_star + size_t i = 0; + int nret = 0; + ++ if (request == NULL) { ++ COMMAND_ERROR("Invalid request"); ++ exit(EXIT_FAILURE); ++ } ++ + if (lcr_util_check_inherited(true, -1) != 0) { + COMMAND_ERROR("Close inherited fds failed"); + } +diff --git a/src/lcrcontainer_extend.c b/src/lcrcontainer_extend.c +index e03c212..645f159 100644 +--- a/src/lcrcontainer_extend.c ++++ b/src/lcrcontainer_extend.c +@@ -422,74 +422,6 @@ cleanup: + return NULL; + } + +-static struct lcr_container_info *info_new(struct lcr_container_info **info, size_t *size) +-{ +- struct lcr_container_info *m = NULL; +- struct lcr_container_info *n = NULL; +- size_t length = 0; +- int nret = 0; +- +- if (*size > SIZE_MAX / sizeof(struct lcr_container_info) - 1) { +- return NULL; +- } +- +- length = (*size + 1) * sizeof(struct lcr_container_info); +- +- nret = lcr_mem_realloc((void **)&n, length, (void *)(*info), (*size) * sizeof(struct lcr_container_info)); +- if (nret < 0) { +- return NULL; +- } +- +- *info = n; +- m = *info + *size; +- (*size)++; +- +- // *INDENT-OFF* +- *m = (struct lcr_container_info) { +- .name = NULL, .state = NULL, .interface = NULL, .ipv4 = NULL, .ipv6 = NULL, .ram = 0.0, .swap = 0.0, .init = -1 +- }; +- // *INDENT-ON* +- return m; +-} +- +-static void free_arr(char **array, size_t size) +-{ +- size_t i; +- for (i = 0; i < size; i++) { +- free(array[i]); +- array[i] = NULL; +- } +- free(array); +-} +- +-/* +- * Get a complete list of active containers for a given lcrpath. +- * return Number of containers, or -1 on error. +- **/ +-int lcr_list_active_containers(const char *lcrpath, struct lcr_container_info **info_arr) +-{ +- char **c = NULL; +- int n = 0; +- int nret = -1; +- size_t info_size = 0; +- const char *path = lcrpath ? lcrpath : LCRPATH; +- +- n = list_active_containers(path, &c, NULL); +- if (n == -1) { +- n = 0; +- } +- +- nret = lcr_containers_info_get(path, info_arr, &info_size, c, n); +- if ((info_arr == NULL) && nret == 0) { +- return -1; +- } else if ((info_arr == NULL) || nret == -1) { +- lcr_containers_info_free(info_arr, info_size); +- return -1; +- } +- +- return (int)info_size; +-} +- + bool lcr_delete_with_force(const char *name, const char *lcrpath, bool force) + { + struct lxc_container *c = NULL; +@@ -560,61 +492,6 @@ void lcr_free_config(struct lcr_list *lcr_conf) + } + } + +-int lcr_containers_info_get(const char *lcrpath, struct lcr_container_info **info, size_t *size, char **containers, +- int num) +-{ +- struct lcr_container_info *in = NULL; +- struct lxc_container *c = NULL; +- int i; +- int nret = -1; +- +- if ((lcrpath == NULL) || num == 0) { +- goto err_out; +- } +- +- for (i = 0; i < num; i++) { +- const char *st = NULL; +- const char *name = containers[i]; +- bool run_flag = true; +- if (name == NULL) { +- continue; +- } +- +- c = lxc_container_without_config_new(name, lcrpath); +- if (c == NULL) { +- continue; +- } +- +- if (!c->is_defined(c)) { +- goto put_container; +- } +- +- st = c->state(c); +- if (st == NULL) { +- st = "UNKNOWN"; +- } +- run_flag = (strcmp(st, "STOPPED") != 0); +- +- /* Now it makes sense to allocate memory */ +- in = info_new(info, size); +- if (in == NULL) { +- goto put_container; +- } +- in->running = run_flag; +- in->name = lcr_util_strdup_s(name); +- in->state = lcr_util_strdup_s(st); +- if (run_flag) { +- in->init = c->init_pid(c); +- } +-put_container: +- lxc_container_put(c); +- } +- nret = 0; +-err_out: +- free_arr(containers, (size_t)num); +- return nret; +-} +- + /* + * Transform container JSON into oci_runtime_spec struct + */ +@@ -624,6 +501,11 @@ bool container_parse(const char *oci_filename, const char *oci_json_data, oci_ru + parser_error err = NULL; + bool ret = true; + ++ if (container == NULL) { ++ ERROR("Invalid container arg"); ++ return false; ++ } ++ + if (oci_json_data == NULL) { + *container = oci_runtime_spec_parse_file(oci_filename, &ctx, &err); + } else { +@@ -680,6 +562,11 @@ struct lcr_list *lcr_oci2lcr(const struct lxc_container *c, oci_runtime_spec *co + { + struct lcr_list *lcr_conf = NULL; + ++ if (container == NULL) { ++ ERROR("Invalid arguments"); ++ return NULL; ++ } ++ + lcr_conf = lcr_util_common_calloc_s(sizeof(*lcr_conf)); + if (lcr_conf == NULL) { + goto out_free; +@@ -765,6 +652,10 @@ static char *escape_string_encode(const char *src) + return NULL; + } + ++ if (len > (SIZE_MAX - 1) / 2) { ++ return NULL; ++ } ++ + dst = lcr_util_common_calloc_s(2 * len + 1); + if (dst == NULL) { + ERROR("Out of memory"); +@@ -863,7 +754,7 @@ cleanup: + return ret; + } + +-char *lcr_get_bundle(const char *lcrpath, const char *name) ++static char *lcr_get_bundle(const char *lcrpath, const char *name) + { + size_t len = 0; + int nret = 0; +@@ -921,6 +812,11 @@ bool lcr_save_spec(const char *name, const char *lcrpath, const struct lcr_list + return bret; + } + ++ if (lcr_conf == NULL) { ++ ERROR("Empty lcr conf"); ++ return bret; ++ } ++ + bundle = lcr_get_bundle(path, name); + if (bundle == NULL) { + goto out_free; +diff --git a/src/lcrcontainer_extend.h b/src/lcrcontainer_extend.h +index 981a2bb..f524a4a 100644 +--- a/src/lcrcontainer_extend.h ++++ b/src/lcrcontainer_extend.h +@@ -44,12 +44,6 @@ struct lcr_list; + } \ + } while (0); + +-/* +- * Get a complete list of active containers for a given lcrpath. +- * return Number of containers, or -1 on error. +- */ +-int lcr_list_active_containers(const char *lcrpath, struct lcr_container_info **info_arr); +- + /* + * Delete a container + * param name : container name, required. +@@ -82,11 +76,6 @@ struct lcr_list *lcr_oci2lcr(const struct lxc_container *c, oci_runtime_spec *co + */ + bool lcr_save_spec(const char *name, const char *lcrpath, const struct lcr_list *lcr_conf, const char *seccomp_conf); + +-int lcr_containers_info_get(const char *lcrpath, struct lcr_container_info **info, size_t *size, char **containers, +- int num); +- +-char *lcr_get_bundle(const char *lcrpath, const char *name); +- + bool translate_spec(const struct lxc_container *c, oci_runtime_spec *container); + + #ifdef __cplusplus +diff --git a/src/utils.c b/src/utils.c +index 4b123bb..d1271dd 100644 +--- a/src/utils.c ++++ b/src/utils.c +@@ -1287,6 +1287,11 @@ out: + /* swap in oci is memoy+swap, so here we need to get real swap */ + int lcr_util_get_real_swap(int64_t memory, int64_t memory_swap, int64_t *swap) + { ++ if (swap == NULL) { ++ ERROR("empty swap pointer"); ++ return -1; ++ } ++ + if (memory == -1 && memory_swap == 0) { + *swap = -1; // -1 is max + return 0; +diff --git a/tests/fuzz/log_fuzz.cc b/tests/fuzz/log_fuzz.cc +index a8f80d4..4128ff6 100644 +--- a/tests/fuzz/log_fuzz.cc ++++ b/tests/fuzz/log_fuzz.cc +@@ -40,7 +40,6 @@ extern "C" void testLog(struct isula_libutils_log_config *conf) + + extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) + { +- const char *default_name = "iSula"; + struct isula_libutils_log_config tconf = {0}; + std::string testData(reinterpret_cast(data), size); + std::vector ret_vec; +@@ -67,6 +66,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) + tconf.driver = ret_vec[4].c_str(); + } + } else { ++ const char *default_name = "iSula"; + isula_libutils_default_log_config(default_name, &tconf); + } + +diff --git a/third_party/go_crc64.c b/third_party/go_crc64.c +index 44d0a75..c78ac85 100644 +--- a/third_party/go_crc64.c ++++ b/third_party/go_crc64.c +@@ -32,10 +32,9 @@ isula_crc_table_t g_iso_crc_table; + static void make_table(isula_crc_table_t *tab, uint64_t poly) + { + uint64_t i, j; +- uint64_t t; + + for (i = 0; i < CRC_COL_LEN; i++) { +- t = i; ++ uint64_t t = i; + for (j = 0; j < CRC_ROW_LEN; j++) { + if ((t & 1) == 1) { + t = (t >> 1) ^ poly; +@@ -50,10 +49,9 @@ static void make_table(isula_crc_table_t *tab, uint64_t poly) + static void make_crc_table(isula_crc_table_t *tab) + { + uint64_t i, j; +- uint64_t crc; + + for (i = 0; i < CRC_COL_LEN; i++) { +- crc = tab->table[0][i]; ++ uint64_t crc = tab->table[0][i]; + for (j = 1; j < CRC_ROW_LEN; j++) { + crc = tab->table[0][(crc&0xff)] ^ (crc >> 8); + tab->table[j][i] = crc; +diff --git a/third_party/libocispec/common_c.py b/third_party/libocispec/common_c.py +index 968d5d2..1207b72 100644 +--- a/third_party/libocispec/common_c.py ++++ b/third_party/libocispec/common_c.py +@@ -42,6 +42,13 @@ CODE = '''// Auto generated file. Do not edit! + + # define MAX_NUM_STR_LEN 21 + ++#if __WORDSIZE == 64 ++// current max user memory for 64-machine is 2^47 B ++#define MAX_MEMORY_SIZE ((size_t)1 << 47) ++#else ++// current max user memory for 32-machine is 2^31 B ++#define MAX_MEMORY_SIZE ((size_t)1 << 31) ++#endif + + static yajl_gen_status gen_yajl_val (yajl_val obj, yajl_gen g, parser_error *err); + +@@ -205,6 +212,27 @@ void *safe_malloc(size_t size) { + return ret; + } + ++void *smart_safe_malloc(size_t count, size_t extra, size_t unit_size) { ++ void *ret = NULL; ++ if (unit_size == 0) { ++ abort(); ++ } ++ ++ if (extra > MAX_MEMORY_SIZE || count > MAX_MEMORY_SIZE - extra) { ++ abort(); ++ } ++ ++ if (count + extra == 0 || count + extra > (MAX_MEMORY_SIZE / unit_size)) { ++ abort(); ++ } ++ ++ ret = calloc(count + extra, unit_size); ++ if (ret == NULL) { ++ abort(); ++ } ++ return ret; ++} ++ + int common_safe_double(const char *numstr, double *converted) { + char *err_str = NULL; + double d; +@@ -557,8 +585,8 @@ json_map_int_int *make_json_map_int_int(yajl_val src, const struct parser_contex + size_t len = YAJL_GET_OBJECT(src)->len; + ret = safe_malloc(sizeof(*ret)); + ret->len = len; +- ret->keys = safe_malloc((len + 1) * sizeof(int)); +- ret->values = safe_malloc((len + 1) * sizeof(int)); ++ ret->keys = smart_safe_malloc(len, 1, sizeof(int)); ++ ret->values = smart_safe_malloc(len, 1, sizeof(int)); + for (i = 0; i < len; i++) { + const char *srckey = YAJL_GET_OBJECT(src)->keys[i]; + yajl_val srcval = YAJL_GET_OBJECT(src)->values[i]; +@@ -695,8 +723,8 @@ json_map_int_bool *make_json_map_int_bool(yajl_val src, const struct parser_cont + size_t len = YAJL_GET_OBJECT(src)->len; + ret = safe_malloc(sizeof(*ret)); + ret->len = len; +- ret->keys = safe_malloc((len + 1) * sizeof(int)); +- ret->values = safe_malloc((len + 1) * sizeof(bool)); ++ ret->keys = smart_safe_malloc(len, 1, sizeof(int)); ++ ret->values = smart_safe_malloc(len, 1, sizeof(bool)); + for (i = 0; i < len; i++) { + const char *srckey = YAJL_GET_OBJECT(src)->keys[i]; + yajl_val srcval = YAJL_GET_OBJECT(src)->values[i]; +@@ -829,8 +857,8 @@ json_map_int_string *make_json_map_int_string(yajl_val src, const struct parser_ + size_t len = YAJL_GET_OBJECT(src)->len; + ret = safe_malloc(sizeof(*ret)); + ret->len = len; +- ret->keys = safe_malloc((len + 1) * sizeof(int)); +- ret->values = safe_malloc((len + 1) * sizeof(char *)); ++ ret->keys = smart_safe_malloc(len, 1, sizeof(int)); ++ ret->values = smart_safe_malloc(len, 1, sizeof(char *)); + for (i = 0; i < len; i++) { + const char *srckey = YAJL_GET_OBJECT(src)->keys[i]; + yajl_val srcval = YAJL_GET_OBJECT(src)->values[i]; +@@ -951,8 +979,8 @@ json_map_string_int *make_json_map_string_int(yajl_val src, const struct parser_ + size_t len = YAJL_GET_OBJECT(src)->len; + ret = safe_malloc(sizeof(*ret)); + ret->len = len; +- ret->keys = safe_malloc((len + 1) * sizeof(char *)); +- ret->values = safe_malloc((len + 1) * sizeof(int)); ++ ret->keys = smart_safe_malloc(len, 1, sizeof(char *)); ++ ret->values = smart_safe_malloc(len, 1, sizeof(int)); + for (i = 0; i < len; i++) { + const char *srckey = YAJL_GET_OBJECT(src)->keys[i]; + yajl_val srcval = YAJL_GET_OBJECT(src)->values[i]; +@@ -1069,8 +1097,8 @@ json_map_string_int64 *make_json_map_string_int64(yajl_val src, const struct par + size_t len = YAJL_GET_OBJECT(src)->len; + ret = safe_malloc(sizeof(*ret)); + ret->len = len; +- ret->keys = safe_malloc((len + 1) * sizeof(char *)); +- ret->values = safe_malloc((len + 1) * sizeof(int64_t)); ++ ret->keys = smart_safe_malloc(len, 1, sizeof(char *)); ++ ret->values = smart_safe_malloc(len, 1, sizeof(int64_t)); + for (i = 0; i < len; i++) { + const char *srckey = YAJL_GET_OBJECT(src)->keys[i]; + yajl_val srcval = YAJL_GET_OBJECT(src)->values[i]; +@@ -1188,8 +1216,8 @@ json_map_string_bool *make_json_map_string_bool(yajl_val src, const struct parse + size_t len = YAJL_GET_OBJECT(src)->len; + ret = safe_malloc(sizeof(*ret)); + ret->len = len; +- ret->keys = safe_malloc((len + 1) * sizeof(char *)); +- ret->values = safe_malloc((len + 1) * sizeof(bool)); ++ ret->keys = smart_safe_malloc(len, 1, sizeof(char *)); ++ ret->values = smart_safe_malloc(len, 1, sizeof(bool)); + for (i = 0; i < len; i++) { + const char *srckey = YAJL_GET_OBJECT(src)->keys[i]; + yajl_val srcval = YAJL_GET_OBJECT(src)->values[i]; +@@ -1303,8 +1331,8 @@ json_map_string_string *make_json_map_string_string(yajl_val src, const struct p + size_t len = YAJL_GET_OBJECT(src)->len; + ret = safe_malloc(sizeof(*ret)); + ret->len = len; +- ret->keys = safe_malloc((len + 1) * sizeof(char *)); +- ret->values = safe_malloc((len + 1) * sizeof(char *)); ++ ret->keys = smart_safe_malloc(len, 1, sizeof(char *)); ++ ret->values = smart_safe_malloc(len, 1, sizeof(char *)); + for (i = 0; i < len; i++) { + const char *srckey = YAJL_GET_OBJECT(src)->keys[i]; + yajl_val srcval = YAJL_GET_OBJECT(src)->values[i]; +@@ -1442,7 +1470,7 @@ char *json_marshal_string(const char *str, size_t strlen, const struct parser_co + goto free_out; + } + +- json_buf = safe_malloc(gen_len + 1); ++ json_buf = smart_safe_malloc(gen_len, 1, 1); + (void)memcpy(json_buf, gen_buf, gen_len); + json_buf[gen_len] = '\\0'; + +diff --git a/third_party/libocispec/common_h.py b/third_party/libocispec/common_h.py +index 02c689d..a5d3047 100644 +--- a/third_party/libocispec/common_h.py ++++ b/third_party/libocispec/common_h.py +@@ -89,6 +89,8 @@ extern "C" { + return stat; \\ + } + ++#define JSON_MAX_SIZE (10LL * 1024LL * 1024LL) ++ + typedef char *parser_error; + + struct parser_context { +@@ -108,6 +110,8 @@ yajl_val get_val(yajl_val tree, const char *name, yajl_type type); + + void *safe_malloc(size_t size); + ++void *smart_safe_malloc(size_t count, size_t extra, size_t unit_size); ++ + int common_safe_double(const char *numstr, double *converted); + + int common_safe_uint8(const char *numstr, uint8_t *converted); +diff --git a/third_party/libocispec/sources.py b/third_party/libocispec/sources.py +index 88f83d5..56b594b 100644 +--- a/third_party/libocispec/sources.py ++++ b/third_party/libocispec/sources.py +@@ -59,10 +59,10 @@ def parse_map_string_obj(obj, c_file, prefix, obj_typename): + c_file.write(' if (YAJL_GET_OBJECT(tree) != NULL && YAJL_GET_OBJECT(tree)->len > 0) {\n') + c_file.write(' size_t i;\n') + c_file.write(' ret->len = YAJL_GET_OBJECT(tree)->len;\n') +- c_file.write(' ret->keys = safe_malloc((YAJL_GET_OBJECT(tree)->len + 1) ' \ +- '* sizeof(*ret->keys));\n') +- c_file.write(' ret->%s = safe_malloc((YAJL_GET_OBJECT(tree)->len + 1) ' \ +- '* sizeof(*ret->%s));\n' % (child.fixname, child.fixname)) ++ c_file.write(' ret->keys = smart_safe_malloc(YAJL_GET_OBJECT(tree)->len, 1, ' \ ++ 'sizeof(*ret->keys));\n') ++ c_file.write(' ret->%s = smart_safe_malloc(YAJL_GET_OBJECT(tree)->len, 1, ' \ ++ 'sizeof(*ret->%s));\n' % (child.fixname, child.fixname)) + c_file.write(' for (i = 0; i < YAJL_GET_OBJECT(tree)->len; i++) {\n') + c_file.write(' const char *tmpkey = YAJL_GET_OBJECT(tree)->keys[i];\n') + c_file.write(' ret->keys[i] = safe_strdup(tmpkey ? tmpkey : "");\n') +@@ -132,8 +132,8 @@ def parse_obj_type(obj, c_file, prefix, obj_typename): + ' YAJL_GET_ARRAY(tmp)->len > 0) {\n') + c_file.write(' size_t i;\n') + c_file.write(' ret->%s_len = YAJL_GET_ARRAY(tmp)->len;\n' % (obj.fixname)) +- c_file.write(' ret->%s = safe_malloc((YAJL_GET_ARRAY(tmp)->len + 1) ' \ +- '* sizeof(*ret->%s));\n' % (obj.fixname, obj.fixname)) ++ c_file.write(' ret->%s = smart_safe_malloc(YAJL_GET_ARRAY(tmp)->len, 1, ' \ ++ 'sizeof(*ret->%s));\n' % (obj.fixname, obj.fixname)) + c_file.write(' for (i = 0; i < YAJL_GET_ARRAY(tmp)->len; i++) {\n') + c_file.write(' yajl_val val = YAJL_GET_ARRAY(tmp)->values[i];\n') + c_file.write(' ret->%s[i] = make_%s(val, ctx, err);\n' \ +@@ -166,8 +166,8 @@ def parse_obj_type(obj, c_file, prefix, obj_typename): + c_file.write(' size_t i;\n') + c_file.write(' ret->%s_len = YAJL_GET_ARRAY(tmp)->len;\n' % (obj.fixname)) + c_file.write( +- ' ret->%s = safe_malloc((YAJL_GET_ARRAY(tmp)->len + 1) *' \ +- ' sizeof(*ret->%s));\n' % (obj.fixname, obj.fixname)) ++ ' ret->%s = smart_safe_malloc(YAJL_GET_ARRAY(tmp)->len, 1, ' \ ++ 'sizeof(*ret->%s));\n' % (obj.fixname, obj.fixname)) + c_file.write(' for (i = 0; i < YAJL_GET_ARRAY(tmp)->len; i++) {\n') + read_val_generator(c_file, 4, 'YAJL_GET_ARRAY(tmp)->values[i]', \ + "ret->%s[i]" % obj.fixname, obj.subtyp, obj.origname, obj_typename) +@@ -891,7 +891,7 @@ def get_c_epilog(c_file, prefix, typ): + alen = YAJL_GET_ARRAY(tree)->len; + if (alen == 0) + return NULL; +- ptr = safe_malloc((alen + 1) * sizeof(%s_element *)); ++ ptr = smart_safe_malloc(alen, 1, sizeof(%s_element *)); + for (i = 0; i < alen; i++) { + yajl_val val = YAJL_GET_ARRAY(tree)->values[i]; + ptr[i] = make_%s_element(val, ctx, err); +@@ -1001,6 +1001,12 @@ yajl_gen_status gen_%s(yajl_gen g, const %s_element **ptr, size_t len, const str + return NULL; + + *err = NULL; ++ if (strlen(jsondata) >= JSON_MAX_SIZE) { ++ if (asprintf(err, "cannot parse the data with length exceeding %%llu", JSON_MAX_SIZE) < 0) { ++ *err = safe_strdup("error allocating memory"); ++ } ++ return NULL; ++ } + if (ctx == NULL) { + ctx = (const struct parser_context *)(&tmp_ctx); + } +@@ -1049,7 +1055,7 @@ yajl_gen_status gen_%s(yajl_gen g, const %s_element **ptr, size_t len, const str + goto free_out; + } + +- json_buf = safe_malloc(gen_len + 1); ++ json_buf = smart_safe_malloc(gen_len, 1, 1); + (void)memcpy(json_buf, gen_buf, gen_len); + json_buf[gen_len] = '\\0'; + +-- +2.33.0 + diff --git a/0008-CI-checkout-branch-of-lxc.patch b/0008-CI-checkout-branch-of-lxc.patch new file mode 100644 index 0000000..0f94cf9 --- /dev/null +++ b/0008-CI-checkout-branch-of-lxc.patch @@ -0,0 +1,25 @@ +From 3ddbf5130eb24e7a2e9f70c3e6c494afa0015e92 Mon Sep 17 00:00:00 2001 +From: jikai +Date: Tue, 29 Aug 2023 02:38:14 +0000 +Subject: [PATCH 08/11] CI: checkout branch of lxc + +Signed-off-by: jikai +--- + CI/pr-gateway.sh | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/CI/pr-gateway.sh b/CI/pr-gateway.sh +index 1a15461..6595c77 100755 +--- a/CI/pr-gateway.sh ++++ b/CI/pr-gateway.sh +@@ -29,6 +29,7 @@ cd ~ + rm -rf lxc + git clone https://gitee.com/src-openeuler/lxc.git + pushd lxc ++git checkout origin/openEuler-22.03-LTS-SP1 + rm -rf lxc-4.0.3 + ./apply-patches || exit 1 + pushd lxc-4.0.3 +-- +2.33.0 + diff --git a/0009-support-check-symbols-and-compile-code-in-cmake.patch b/0009-support-check-symbols-and-compile-code-in-cmake.patch new file mode 100644 index 0000000..450cb5d --- /dev/null +++ b/0009-support-check-symbols-and-compile-code-in-cmake.patch @@ -0,0 +1,37 @@ +From 2f0562d56032a563672ae105b7b3ca1b71878526 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Sat, 26 Aug 2023 10:54:02 +0800 +Subject: [PATCH 09/11] support check symbols and compile code in cmake + +Signed-off-by: haozi007 +--- + cmake/checker.cmake | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/cmake/checker.cmake b/cmake/checker.cmake +index 13c1cdb..27a83d1 100644 +--- a/cmake/checker.cmake ++++ b/cmake/checker.cmake +@@ -20,6 +20,9 @@ + # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + # + ++include(CheckFunctionExists) ++include(CheckCSourceCompiles) ++ + # check depends library and headers + find_package(PkgConfig REQUIRED) + +@@ -91,3 +94,9 @@ if (ENABLE_GCOV) + _CHECK(CMD_GENHTML "CMD_GENHTML-NOTFOUND" "genhtml") + endif() + ++check_function_exists(strerror_r HAVE_STRERROR_R) ++ ++check_c_source_compiles( ++ "#define _GNU_SOURCE\n#include \nint main() { char err_str[128]; char *ptr = strerror_r(-2, err_str, 128); return ptr != (void *)0L; }" ++ STRERROR_R_CHAR_P ++) +-- +2.33.0 + diff --git a/0010-remove-unnecessary-strerror.patch b/0010-remove-unnecessary-strerror.patch new file mode 100644 index 0000000..2a21272 --- /dev/null +++ b/0010-remove-unnecessary-strerror.patch @@ -0,0 +1,155 @@ +From 41aa94a5859755ed4ca181043dd442401fd068ea Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Tue, 5 Sep 2023 19:35:37 +0800 +Subject: [PATCH 10/11] remove unnecessary strerror + +Signed-off-by: haozi007 +--- + src/lcrcontainer_execute.c | 7 +++---- + src/lcrcontainer_extend.c | 16 ++++++++-------- + src/utils.c | 2 +- + third_party/log.c | 6 +++--- + 4 files changed, 15 insertions(+), 16 deletions(-) + +diff --git a/src/lcrcontainer_execute.c b/src/lcrcontainer_execute.c +index b924254..6c1f9fc 100644 +--- a/src/lcrcontainer_execute.c ++++ b/src/lcrcontainer_execute.c +@@ -71,8 +71,7 @@ + do \ + { \ + SYSERROR("Error updating cgroup %s to %s", (item), (value)); \ +- lcr_set_error_message(LCR_ERR_RUNTIME, "Error updating cgroup %s to %s: %s", (item), (value), \ +- strerror(errno)); \ ++ lcr_set_error_message(LCR_ERR_RUNTIME, "Error updating cgroup %s to %s.", (item), (value)); \ + } while (0) + + static inline void add_array_elem(char **array, size_t total, size_t *pos, const char *elem) +@@ -908,7 +907,7 @@ static void execute_lxc_attach(const char *name, const char *path, const struct + + execvp("lxc-attach", params); + +- COMMAND_ERROR("Failed to exec lxc-attach: %s", strerror(errno)); ++ CMD_SYSERROR("Failed to exec lxc-attach"); + free(params); + exit(EXIT_FAILURE); + } +@@ -1067,6 +1066,6 @@ void execute_lxc_start(const char *name, const char *path, const struct lcr_star + + execvp("lxc-start", params); + +- COMMAND_ERROR("Failed to exec lxc-start: %s.", strerror(errno)); ++ CMD_SYSERROR("Failed to exec lxc-start."); + exit(EXIT_FAILURE); + } +diff --git a/src/lcrcontainer_extend.c b/src/lcrcontainer_extend.c +index 645f159..321be8c 100644 +--- a/src/lcrcontainer_extend.c ++++ b/src/lcrcontainer_extend.c +@@ -153,7 +153,7 @@ static int make_annotations(oci_runtime_spec *container, const struct lxc_contai + goto out; + } + if (lcr_util_ensure_path(&realpath, anno->values[fpos])) { +- ERROR("Invalid log path: %s, error: %s.", anno->values[fpos], strerror(errno)); ++ SYSERROR("Invalid log path: %s.", anno->values[fpos]); + goto out; + } + ret = 0; +@@ -376,7 +376,7 @@ static int lcr_spec_write_seccomp_line(int fd, const char *seccomp) + } + line[nret] = '\n'; + if (write(fd, line, len) == -1) { +- SYSERROR("Write failed"); ++ SYSERROR("Write file failed"); + goto cleanup; + } + ret = 0; +@@ -626,8 +626,8 @@ static int lcr_open_config_file(const char *bundle) + + fd = lcr_util_open(real_config, O_CREAT | O_TRUNC | O_CLOEXEC | O_WRONLY, CONFIG_FILE_MODE); + if (fd == -1) { +- ERROR("Create file %s failed, %s", real_config, strerror(errno)); +- lcr_set_error_message(LCR_ERR_RUNTIME, "Create file %s failed, %s", real_config, strerror(errno)); ++ SYSERROR("Create file %s failed", real_config); ++ lcr_set_error_message(LCR_ERR_RUNTIME, "Create file %s failed", real_config); + goto out; + } + out: +@@ -738,7 +738,7 @@ static int lcr_spec_write_config(int fd, const struct lcr_list *lcr_conf) + + line_encode[encode_len] = '\n'; + if (write(fd, line_encode, encode_len + 1) == -1) { +- SYSERROR("Write failed"); ++ SYSERROR("Write file failed"); + goto cleanup; + } + free(line); +@@ -788,7 +788,7 @@ static char *lcr_get_bundle(const char *lcrpath, const char *name) + ERROR("Bundle %s does not exist", bundle); + break; + default: +- ERROR("Access %s failed: %s\n", bundle, strerror(errno)); ++ SYSERROR("Access %s failed", bundle); + } + goto cleanup; + } +@@ -880,7 +880,7 @@ static int lcr_write_file(const char *path, const char *data, size_t len) + } + + if (write(fd, data, len) == -1) { +- ERROR("write data to %s failed: %s", real_path, strerror(errno)); ++ SYSERROR("write data to %s failed", real_path); + goto out_free; + } + +@@ -908,7 +908,7 @@ static bool lcr_write_ocihooks(const char *path, const oci_runtime_spec_hooks *h + } + + if (lcr_write_file(path, json_hooks, strlen(json_hooks)) == -1) { +- ERROR("write json hooks failed: %s", strerror(errno)); ++ SYSERROR("write json hooks failed"); + goto out_free; + } + +diff --git a/src/utils.c b/src/utils.c +index d1271dd..df73985 100644 +--- a/src/utils.c ++++ b/src/utils.c +@@ -1344,7 +1344,7 @@ int lcr_util_get_cgroup_version() + struct statfs fs = {0}; + + if (statfs(CGROUP_MOUNTPOINT, &fs) != 0) { +- ERROR("failed to statfs %s: %s", CGROUP_MOUNTPOINT, strerror(errno)); ++ SYSERROR("failed to statfs %s.", CGROUP_MOUNTPOINT); + return -1; + } + +diff --git a/third_party/log.c b/third_party/log.c +index c3c1981..9c8a873 100644 +--- a/third_party/log.c ++++ b/third_party/log.c +@@ -312,18 +312,18 @@ static int open_fifo(const char *fifo_path) + + nret = mknod(fifo_path, S_IFIFO | S_IRUSR | S_IWUSR, (dev_t)0); + if (nret && errno != EEXIST) { +- COMMAND_ERROR("Mknod failed: %s", strerror(errno)); ++ CMD_SYSERROR("Mknod failed"); + return nret; + } + + fifo_fd = lcr_util_open(fifo_path, O_RDWR | O_NONBLOCK, 0); + if (fifo_fd == -1) { +- COMMAND_ERROR("Open fifo %s failed: %s", fifo_path, strerror(errno)); ++ CMD_SYSERROR("Open fifo %s failed", fifo_path); + return -1; + } + + if (fcntl(fifo_fd, F_SETPIPE_SZ, LOG_FIFO_SIZE) == -1) { +- COMMAND_ERROR("Set fifo buffer size failed: %s", strerror(errno)); ++ CMD_SYSERROR("Set fifo buffer size failed"); + close(fifo_fd); + return -1; + } +-- +2.33.0 + diff --git a/0011-258-improve-code-of-function-in-log.patch b/0011-258-improve-code-of-function-in-log.patch new file mode 100644 index 0000000..d2fab5c --- /dev/null +++ b/0011-258-improve-code-of-function-in-log.patch @@ -0,0 +1,33 @@ +From 67db677060c70aa23e6927e99cc2078e219b9d2d Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Wed, 6 Sep 2023 11:01:47 +0000 +Subject: [PATCH 11/11] !258 improve code of function in log Merge pull request + !258 from haozi007/stablefix + +--- + third_party/log.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/third_party/log.h b/third_party/log.h +index 2db0d98..43c1d5d 100644 +--- a/third_party/log.h ++++ b/third_party/log.h +@@ -417,13 +417,13 @@ lxc_log_priority_define(&g_lxc_log_category_lxc, FATAL); + #define CMD_SYSERROR(format, ...) \ + do { \ + lxc_log_strerror_r; \ +- fprintf(stderr, "%s - " format, ptr, ##__VA_ARGS__); \ ++ fprintf(stderr, "%s - " format "\n", ptr, ##__VA_ARGS__); \ + } while (0) + + #define CMD_SYSINFO(format, ...) \ + do { \ + lxc_log_strerror_r; \ +- printf("%s - " format, ptr, ##__VA_ARGS__); \ ++ printf("%s - " format "\n", ptr, ##__VA_ARGS__); \ + } while (0) + + #define COMMAND_ERROR(fmt, args...) \ +-- +2.33.0 + diff --git a/lcr.spec b/lcr.spec index 0644d54..e102271 100644 --- a/lcr.spec +++ b/lcr.spec @@ -1,5 +1,5 @@ %global _version 2.0.9 -%global _release 5 +%global _release 6 %global _inner_name isula_libutils Name: lcr @@ -18,6 +18,11 @@ Patch0003: 0003-adapt-to-repo-of-openeuler-url-changed.patch Patch0004: 0004-add-cgroup-resources-json-schema-for-isula-update.patch Patch0005: 0005-add-field-for-isulad-daemon-configs.patch Patch0006: 0006-add-files_limit-to-oci-spec.patch +Patch0007: 0007-Fix-empty-pointer-and-overflow.patch +Patch0008: 0008-CI-checkout-branch-of-lxc.patch +Patch0009: 0009-support-check-symbols-and-compile-code-in-cmake.patch +Patch0010: 0010-remove-unnecessary-strerror.patch +Patch0011: 0011-258-improve-code-of-function-in-log.patch %define lxcver_lower 4.0.3-2022102400 %define lxcver_upper 4.0.3-2022102500 @@ -101,6 +106,12 @@ rm -rf %{buildroot} %{_includedir}/%{_inner_name}/*.h %changelog +* Tue Sep 12 2023 jikai - 2.0.9-6 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:Fix potential log error, empty pointer reference and overflow + * Mon Aug 7 2023 suwei - 2.0.9-5 - Type:enhancement - CVE:NA