From 8d6346fc1c7fb0feaf9000e6f4ac04769bd25597 Mon Sep 17 00:00:00 2001 From: liduo Date: Mon, 5 Aug 2024 10:25:46 +0800 Subject: [PATCH] =?UTF-8?q?fix=20security=20codex=20=EF=BC=88cherry=20pick?= =?UTF-8?q?ed=20commit=20from=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/compression_parser.cpp | 22 ++++++++++++++++------ src/resource_item.cpp | 4 ++-- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/src/compression_parser.cpp b/src/compression_parser.cpp index 4e69f2c..84d3d78 100644 --- a/src/compression_parser.cpp +++ b/src/compression_parser.cpp @@ -256,6 +256,9 @@ string CompressionParser::ParseRules(const cJSON *rulesNode) string name(item->string); res.append("\"").append(name).append("\":").append(ParseJsonStr(item)).append(","); } + if (res.size() - 1 < 0) { + return res; + } return res.substr(0, res.size() - 1); } @@ -303,9 +306,14 @@ bool CompressionParser::LoadImageTranscoder() } #else if (!handle_) { - handle_ = dlopen(extensionPath_.c_str(), RTLD_LAZY); + string realPath = ResourceUtil::RealPath(extensionPath_); + if (realPath.empty()) { + cerr << "Error: open '" << extensionPath_.c_str() << "' fail, real path empty." << endl; + return false; + } + handle_ = dlopen(realPath.c_str(), RTLD_LAZY); if (!handle_) { - cerr << "Error: open '" << extensionPath_.c_str() << "' fail." << endl; + cerr << "Error: open '" << realPath.c_str() << "' fail." << endl; cerr << "Error: dlopen failed with error: " << dlerror() << endl; return false; } @@ -414,15 +422,17 @@ string CompressionParser::GetFileRules(const string &rules, const string &method void CompressionParser::CollectTime(uint32_t &count, unsigned long long &time, std::chrono::time_point &start) { - time += std::chrono::duration_cast(std::chrono::steady_clock::now() - start).count(); + unsigned long long costTime = static_cast( + std::chrono::duration_cast(std::chrono::steady_clock::now() - start).count()); + time += costTime; count++; } void CompressionParser::CollectTimeAndSize(TranscodeError res, std::chrono::time_point &start, TranscodeResult &result) { - auto costTime = std::chrono::duration_cast(std::chrono::steady_clock::now() - start) - .count(); + unsigned long long costTime = static_cast( + std::chrono::duration_cast(std::chrono::steady_clock::now() - start).count()); if (res == TranscodeError::SUCCESS) { totalTime_ += costTime; totalCounts_++; @@ -431,7 +441,7 @@ void CompressionParser::CollectTimeAndSize(TranscodeError res, successTime_ += costTime; successCounts_++; originalSize_ += result.originSize; - successSize_ += result.size; + successSize_ += static_cast(result.size); } else if (res < TranscodeError::NOT_MATCH_BASE) { totalTime_ += costTime; compressTime_ += costTime; diff --git a/src/resource_item.cpp b/src/resource_item.cpp index ac87305..e45c1cd 100644 --- a/src/resource_item.cpp +++ b/src/resource_item.cpp @@ -54,9 +54,9 @@ bool ResourceItem::SetData(const int8_t *data, uint32_t length) ReleaseData(); if (length == 0) { // the string in the element directory can be empty - data_ = new (nothrow) int8_t[0]; + data_ = reinterpret_cast(new (nothrow) int8_t[0]); dataLen_ = 0; - return true; + return data_ != nullptr; } int8_t *buffer = reinterpret_cast(new (nothrow) int8_t[length]); if (buffer == nullptr) { -- Gitee