From 07838725fddb09d7aac3326ff034cb8069860305 Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Tue, 21 Jun 2022 19:15:20 +0800 Subject: [PATCH] sync from upstream openeuler/iSulad Signed-off-by: zhangxiaoyu --- ...dir-of-isulad-if-no-controller-found.patch | 2 +- 0002-fix-install-error-when-android.patch | 2 +- 0003-imp-fuzz-for-pw-gr-parser.patch | 2 +- 0004-improve-fuzz-test.patch | 2 +- 0005-Seccomp-optimization.patch | 2 +- 0006-fix-different-type-convert.patch | 2 +- 0007-add-pointer-parameters-NULL-check.patch | 2 +- 0008-add-check-to-arguments.patch | 2 +- 0009-remove-static-of-strlncat.patch | 2 +- ...k-parameter-label_opts-in-init_label.patch | 2 +- ...e-seccomp-to-Linux-5.10-syscall-list.patch | 2 +- 0012-fix-invalid-convert-and-format.patch | 2 +- ...fix-get_network_namespace_path-check.patch | 2 +- ...x-for-double-free-and-use-after-free.patch | 2 +- ...him-coredump-when-remove-ioc-fd-node.patch | 2 +- 0016-do-not-fail-if-pw-is-not-NULL.patch | 2 +- 0017-do-not-fail-if-gr-is-NULL.patch | 2 +- 0018-fix-memory-leak-of-remove-layer.patch | 2 +- ...-null-terminal-at-end-of-gr-mem-list.patch | 2 +- ...fix-shm-size-set-invalid-when-reboot.patch | 2 +- ...each-container-and-image-operation-t.patch | 2 +- ...each-container-and-image-operation-t.patch | 2 +- 0023-fix-inspect-f-error-when-bionic.patch | 32 + ...tor-devmapper_parse_options-function.patch | 289 +++ 0025-refactor-parse_volume-function.patch | 153 ++ 0026-fix-parse-volume-failed.patch | 93 + ...l_smart_calloc_t-to-prevent-overflow.patch | 2106 +++++++++++++++++ 0028-increase-websocket-lws_lookup-size.patch | 41 + iSulad.spec | 14 +- 29 files changed, 2749 insertions(+), 23 deletions(-) create mode 100644 0023-fix-inspect-f-error-when-bionic.patch create mode 100644 0024-refactor-devmapper_parse_options-function.patch create mode 100644 0025-refactor-parse_volume-function.patch create mode 100644 0026-fix-parse-volume-failed.patch create mode 100644 0027-use-util_smart_calloc_t-to-prevent-overflow.patch create mode 100644 0028-increase-websocket-lws_lookup-size.patch diff --git a/0001-do-not-mkdir-of-isulad-if-no-controller-found.patch b/0001-do-not-mkdir-of-isulad-if-no-controller-found.patch index 6c43cb4..61fb459 100644 --- a/0001-do-not-mkdir-of-isulad-if-no-controller-found.patch +++ b/0001-do-not-mkdir-of-isulad-if-no-controller-found.patch @@ -1,7 +1,7 @@ From 9837be14200fecb32db0337652e60532f1adb7be Mon Sep 17 00:00:00 2001 From: WangFengTu Date: Mon, 23 May 2022 17:06:19 +0800 -Subject: [PATCH 01/22] do not mkdir of isulad if no controller found +Subject: [PATCH 01/28] do not mkdir of isulad if no controller found If selinux disable the capibility DAC_OVERRIDE, mkdir isulad may fail when run container. diff --git a/0002-fix-install-error-when-android.patch b/0002-fix-install-error-when-android.patch index 4f154d0..cc4e46c 100644 --- a/0002-fix-install-error-when-android.patch +++ b/0002-fix-install-error-when-android.patch @@ -1,7 +1,7 @@ From 426a282802b8b81c66e6857857a745583f816c0a Mon Sep 17 00:00:00 2001 From: WangFengTu Date: Tue, 24 May 2022 16:51:02 +0800 -Subject: [PATCH 02/22] fix install error when android +Subject: [PATCH 02/28] fix install error when android Signed-off-by: WangFengTu --- diff --git a/0003-imp-fuzz-for-pw-gr-parser.patch b/0003-imp-fuzz-for-pw-gr-parser.patch index cc17686..493224d 100644 --- a/0003-imp-fuzz-for-pw-gr-parser.patch +++ b/0003-imp-fuzz-for-pw-gr-parser.patch @@ -1,7 +1,7 @@ From 9ccb30fa430c7b98ecab4406dabe8498c74db8c3 Mon Sep 17 00:00:00 2001 From: chegJH Date: Thu, 12 May 2022 16:40:41 +0800 -Subject: [PATCH 03/22] imp fuzz for pw gr parser +Subject: [PATCH 03/28] imp fuzz for pw gr parser Signed-off-by: chegJH --- diff --git a/0004-improve-fuzz-test.patch b/0004-improve-fuzz-test.patch index e8c79db..8888cf3 100644 --- a/0004-improve-fuzz-test.patch +++ b/0004-improve-fuzz-test.patch @@ -1,7 +1,7 @@ From 31a92265a6bd29dc8f98179947406f1bb56ac5a8 Mon Sep 17 00:00:00 2001 From: haozi007 Date: Thu, 26 May 2022 13:53:09 +0100 -Subject: [PATCH 04/22] improve fuzz test +Subject: [PATCH 04/28] improve fuzz test Signed-off-by: haozi007 --- diff --git a/0005-Seccomp-optimization.patch b/0005-Seccomp-optimization.patch index 20965ce..c88fc84 100644 --- a/0005-Seccomp-optimization.patch +++ b/0005-Seccomp-optimization.patch @@ -1,7 +1,7 @@ From 02167555e702316fe14cc963f9e978e9f66f59ba Mon Sep 17 00:00:00 2001 From: chengzrz Date: Fri, 24 Dec 2021 10:47:31 +0800 -Subject: [PATCH 05/22] Seccomp optimization +Subject: [PATCH 05/28] Seccomp optimization Signed-off-by: chengzrz --- diff --git a/0006-fix-different-type-convert.patch b/0006-fix-different-type-convert.patch index 13ef160..5e3b60b 100644 --- a/0006-fix-different-type-convert.patch +++ b/0006-fix-different-type-convert.patch @@ -1,7 +1,7 @@ From 1db2941da2eba089f3ed07c59f4925c857860023 Mon Sep 17 00:00:00 2001 From: haozi007 Date: Tue, 31 May 2022 03:33:16 +0100 -Subject: [PATCH 06/22] fix different type convert +Subject: [PATCH 06/28] fix different type convert Signed-off-by: haozi007 --- diff --git a/0007-add-pointer-parameters-NULL-check.patch b/0007-add-pointer-parameters-NULL-check.patch index c4aa643..a05bc68 100644 --- a/0007-add-pointer-parameters-NULL-check.patch +++ b/0007-add-pointer-parameters-NULL-check.patch @@ -1,7 +1,7 @@ From 17b6015d5abe3500a5a89d171af79698e57545f2 Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Tue, 31 May 2022 19:35:35 +0800 -Subject: [PATCH 07/22] add pointer parameters NULL check +Subject: [PATCH 07/28] add pointer parameters NULL check Signed-off-by: zhangxiaoyu Signed-off-by: haozi007 diff --git a/0008-add-check-to-arguments.patch b/0008-add-check-to-arguments.patch index 624e8f8..b9bc3f8 100644 --- a/0008-add-check-to-arguments.patch +++ b/0008-add-check-to-arguments.patch @@ -1,7 +1,7 @@ From 56c2a6a98d51ea893939079cc31e3a7897fa5aba Mon Sep 17 00:00:00 2001 From: haozi007 Date: Tue, 31 May 2022 12:53:10 +0100 -Subject: [PATCH 08/22] add check to arguments +Subject: [PATCH 08/28] add check to arguments Signed-off-by: haozi007 --- diff --git a/0009-remove-static-of-strlncat.patch b/0009-remove-static-of-strlncat.patch index ebca5f4..1200b5b 100644 --- a/0009-remove-static-of-strlncat.patch +++ b/0009-remove-static-of-strlncat.patch @@ -1,7 +1,7 @@ From 9133e2159e9e69434b41e9649762f8eaed191f37 Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Tue, 31 May 2022 22:39:44 +0800 -Subject: [PATCH 09/22] remove static of strlncat +Subject: [PATCH 09/28] remove static of strlncat Signed-off-by: zhangxiaoyu --- diff --git a/0010-remove-check-parameter-label_opts-in-init_label.patch b/0010-remove-check-parameter-label_opts-in-init_label.patch index 8cc80e3..d812d14 100644 --- a/0010-remove-check-parameter-label_opts-in-init_label.patch +++ b/0010-remove-check-parameter-label_opts-in-init_label.patch @@ -1,7 +1,7 @@ From 60715b192de2cb1b4e8fe9ce48ddf081a6d2be53 Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Wed, 1 Jun 2022 09:50:03 +0800 -Subject: [PATCH 10/22] remove check parameter label_opts in init_label +Subject: [PATCH 10/28] remove check parameter label_opts in init_label Signed-off-by: zhangxiaoyu --- diff --git a/0011-update-seccomp-to-Linux-5.10-syscall-list.patch b/0011-update-seccomp-to-Linux-5.10-syscall-list.patch index 28c674a..1cf5410 100644 --- a/0011-update-seccomp-to-Linux-5.10-syscall-list.patch +++ b/0011-update-seccomp-to-Linux-5.10-syscall-list.patch @@ -1,7 +1,7 @@ From 55a4f57232c42a9c2d36a41de5d743ee9ebbe88e Mon Sep 17 00:00:00 2001 From: vegbir Date: Wed, 1 Jun 2022 13:44:37 +0800 -Subject: [PATCH 11/22] update seccomp to Linux 5.10 syscall list +Subject: [PATCH 11/28] update seccomp to Linux 5.10 syscall list Signed-off-by: yangjiaqi --- diff --git a/0012-fix-invalid-convert-and-format.patch b/0012-fix-invalid-convert-and-format.patch index 0a9cd44..960032c 100644 --- a/0012-fix-invalid-convert-and-format.patch +++ b/0012-fix-invalid-convert-and-format.patch @@ -1,7 +1,7 @@ From 8dcad172ea0241f35cdd464029523253ada7e99f Mon Sep 17 00:00:00 2001 From: haozi007 Date: Wed, 1 Jun 2022 12:53:56 +0100 -Subject: [PATCH 12/22] fix invalid convert and format +Subject: [PATCH 12/28] fix invalid convert and format 1. invalid convert; 2. error print format; diff --git a/0013-fix-get_network_namespace_path-check.patch b/0013-fix-get_network_namespace_path-check.patch index 1750ad8..366ecc3 100644 --- a/0013-fix-get_network_namespace_path-check.patch +++ b/0013-fix-get_network_namespace_path-check.patch @@ -1,7 +1,7 @@ From a96ad33008671e61bddebb744a7ac0aa3798313b Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Thu, 2 Jun 2022 10:33:07 +0800 -Subject: [PATCH 13/22] fix get_network_namespace_path check +Subject: [PATCH 13/28] fix get_network_namespace_path check Signed-off-by: zhangxiaoyu --- diff --git a/0014-bugfix-for-double-free-and-use-after-free.patch b/0014-bugfix-for-double-free-and-use-after-free.patch index 1de438d..a2d9008 100644 --- a/0014-bugfix-for-double-free-and-use-after-free.patch +++ b/0014-bugfix-for-double-free-and-use-after-free.patch @@ -1,7 +1,7 @@ From 7934311c1b1003021449b92900f3102ff77395e2 Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Tue, 7 Jun 2022 15:19:20 +0800 -Subject: [PATCH 14/22] bugfix for double free and use after free +Subject: [PATCH 14/28] bugfix for double free and use after free Signed-off-by: zhangxiaoyu --- diff --git a/0015-fix-isulad-shim-coredump-when-remove-ioc-fd-node.patch b/0015-fix-isulad-shim-coredump-when-remove-ioc-fd-node.patch index 8a2ed46..0fe1357 100644 --- a/0015-fix-isulad-shim-coredump-when-remove-ioc-fd-node.patch +++ b/0015-fix-isulad-shim-coredump-when-remove-ioc-fd-node.patch @@ -1,7 +1,7 @@ From 18db58c919bb9767bbe2f11c7447cfed27312c63 Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Thu, 9 Jun 2022 21:16:26 +0800 -Subject: [PATCH 15/22] fix isulad-shim coredump when remove ioc fd node +Subject: [PATCH 15/28] fix isulad-shim coredump when remove ioc fd node Signed-off-by: zhangxiaoyu --- diff --git a/0016-do-not-fail-if-pw-is-not-NULL.patch b/0016-do-not-fail-if-pw-is-not-NULL.patch index 1f8cc2c..2d633ec 100644 --- a/0016-do-not-fail-if-pw-is-not-NULL.patch +++ b/0016-do-not-fail-if-pw-is-not-NULL.patch @@ -1,7 +1,7 @@ From ae49fce8e19f7544c463cfbff58794f35f44c493 Mon Sep 17 00:00:00 2001 From: WangFengTu Date: Thu, 9 Jun 2022 16:17:52 +0800 -Subject: [PATCH 16/22] do not fail if pw is not NULL +Subject: [PATCH 16/28] do not fail if pw is not NULL Signed-off-by: WangFengTu --- diff --git a/0017-do-not-fail-if-gr-is-NULL.patch b/0017-do-not-fail-if-gr-is-NULL.patch index 29ecc1d..d0a42a5 100644 --- a/0017-do-not-fail-if-gr-is-NULL.patch +++ b/0017-do-not-fail-if-gr-is-NULL.patch @@ -1,7 +1,7 @@ From b4596641a08891bfec9384f87815c8e671d594d4 Mon Sep 17 00:00:00 2001 From: WangFengTu Date: Thu, 9 Jun 2022 17:07:40 +0800 -Subject: [PATCH 17/22] do not fail if gr is NULL +Subject: [PATCH 17/28] do not fail if gr is NULL Signed-off-by: WangFengTu --- diff --git a/0018-fix-memory-leak-of-remove-layer.patch b/0018-fix-memory-leak-of-remove-layer.patch index bb67c56..214cbae 100644 --- a/0018-fix-memory-leak-of-remove-layer.patch +++ b/0018-fix-memory-leak-of-remove-layer.patch @@ -1,7 +1,7 @@ From eb168d32053f9204336c37af98210810957cedd2 Mon Sep 17 00:00:00 2001 From: haozi007 Date: Fri, 10 Jun 2022 04:10:39 +0100 -Subject: [PATCH 18/22] fix memory leak of remove layer +Subject: [PATCH 18/28] fix memory leak of remove layer Signed-off-by: haozi007 --- diff --git a/0019-add-null-terminal-at-end-of-gr-mem-list.patch b/0019-add-null-terminal-at-end-of-gr-mem-list.patch index 8d5d26c..a323c9c 100644 --- a/0019-add-null-terminal-at-end-of-gr-mem-list.patch +++ b/0019-add-null-terminal-at-end-of-gr-mem-list.patch @@ -1,7 +1,7 @@ From 12bbd939c1c2c55d0906b5a53a0b9b26b616c56b Mon Sep 17 00:00:00 2001 From: haozi007 Date: Fri, 10 Jun 2022 04:16:48 +0100 -Subject: [PATCH 19/22] add null terminal at end of gr mem list +Subject: [PATCH 19/28] add null terminal at end of gr mem list Signed-off-by: haozi007 --- diff --git a/0020-fix-shm-size-set-invalid-when-reboot.patch b/0020-fix-shm-size-set-invalid-when-reboot.patch index 70da476..4134735 100644 --- a/0020-fix-shm-size-set-invalid-when-reboot.patch +++ b/0020-fix-shm-size-set-invalid-when-reboot.patch @@ -1,7 +1,7 @@ From b289a6b384ac5ba474dd477b2a92b89244b27c24 Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Mon, 13 Jun 2022 14:35:46 +0800 -Subject: [PATCH 20/22] fix shm size set invalid when reboot +Subject: [PATCH 20/28] fix shm size set invalid when reboot Signed-off-by: zhangxiaoyu --- diff --git a/0021-set-the-name-of-each-container-and-image-operation-t.patch b/0021-set-the-name-of-each-container-and-image-operation-t.patch index ed468d3..7a47069 100644 --- a/0021-set-the-name-of-each-container-and-image-operation-t.patch +++ b/0021-set-the-name-of-each-container-and-image-operation-t.patch @@ -1,7 +1,7 @@ From 8878630c20163dc9b716e2fdc35cae23b8aec6d1 Mon Sep 17 00:00:00 2001 From: wujing Date: Tue, 14 Jun 2022 15:30:49 +0800 -Subject: [PATCH 21/22] set the name of each container and image operation +Subject: [PATCH 21/28] set the name of each container and image operation thread Signed-off-by: wujing diff --git a/0022-set-the-name-of-each-container-and-image-operation-t.patch b/0022-set-the-name-of-each-container-and-image-operation-t.patch index 026b91d..fc084ed 100644 --- a/0022-set-the-name-of-each-container-and-image-operation-t.patch +++ b/0022-set-the-name-of-each-container-and-image-operation-t.patch @@ -1,7 +1,7 @@ From 7d13b23a09d397f743acdcaf606804fea5989cff Mon Sep 17 00:00:00 2001 From: wujing Date: Tue, 14 Jun 2022 18:54:02 +0800 -Subject: [PATCH 22/22] set the name of each container and image operation +Subject: [PATCH 22/28] set the name of each container and image operation thread for restful version Signed-off-by: wujing diff --git a/0023-fix-inspect-f-error-when-bionic.patch b/0023-fix-inspect-f-error-when-bionic.patch new file mode 100644 index 0000000..d364424 --- /dev/null +++ b/0023-fix-inspect-f-error-when-bionic.patch @@ -0,0 +1,32 @@ +From 59557dbd1b4d0bde973941d383a30a7b9e0d63d4 Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Thu, 16 Jun 2022 09:16:47 +0800 +Subject: [PATCH 23/28] fix inspect -f error when bionic + +Signed-off-by: WangFengTu +--- + src/cmd/isula/information/inspect.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/cmd/isula/information/inspect.c b/src/cmd/isula/information/inspect.c +index 5058fb95..55366551 100644 +--- a/src/cmd/isula/information/inspect.c ++++ b/src/cmd/isula/information/inspect.c +@@ -667,12 +667,12 @@ static int inspect_check(const char *json_str, const char *regex) + static int inspect_check_format_f(const char *json_str, bool *json_format) + { + #ifdef __ANDROID__ +-#define JSON_FORMAT_FIRST "^[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*(json[ \t\r\n\v\f]+)?(\\.\\w+)+[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*$" ++#define JSON_FORMAT_FIRST "^[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*(json[ \t\r\n\v\f]+)?(\\.[a-zA-Z0-9_]+)+[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*$" + #else + #define JSON_FORMAT_FIRST "^\\s*\\{\\s*\\{\\s*(json\\s+)?(\\.\\w+)+\\s*\\}\\s*\\}\\s*$" + #endif + #ifdef __ANDROID__ +-#define JSON_FORMAT_SECOND "^[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*json[ \t\r\n\v\f]+(\\.\\w+)+[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*$" ++#define JSON_FORMAT_SECOND "^[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*json[ \t\r\n\v\f]+(\\.[a-zA-Z0-9_]+)+[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*$" + #else + #define JSON_FORMAT_SECOND "^\\s*\\{\\s*\\{\\s*json\\s+(\\.\\w+)+\\s*\\}\\s*\\}\\s*$" + #endif +-- +2.25.1 + diff --git a/0024-refactor-devmapper_parse_options-function.patch b/0024-refactor-devmapper_parse_options-function.patch new file mode 100644 index 0000000..6ad09ef --- /dev/null +++ b/0024-refactor-devmapper_parse_options-function.patch @@ -0,0 +1,289 @@ +From 4c945810da8c645eb048e5fbb3a195da855bdcf7 Mon Sep 17 00:00:00 2001 +From: wujing +Date: Sat, 14 May 2022 17:13:26 +0800 +Subject: [PATCH 24/28] refactor devmapper_parse_options function + +Signed-off-by: wujing +--- + .../graphdriver/devmapper/deviceset.c | 242 ++++++++++++------ + 1 file changed, 157 insertions(+), 85 deletions(-) + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +index d90dde50..868e3086 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +@@ -65,9 +65,147 @@ static char *util_trim_prefice_string(char *str, const char *prefix) + return str; + } + ++typedef int (*devmapper_option_handle)(char *val, struct device_set *devset); ++ ++struct devmapper_option_handler { ++ char *name; ++ devmapper_option_handle handle; ++}; ++ ++static int handle_dm_fs(char *val, struct device_set *devset) ++{ ++ if (strcmp(val, "ext4") == 0) { ++ free(devset->filesystem); ++ devset->filesystem = util_strdup_s(val); ++ } else { ++ ERROR("Invalid filesystem: '%s': not supported", val); ++ isulad_set_error_message("Invalid filesystem: '%s': not supported", val); ++ return -1; ++ } ++ ++ return 0; ++} ++ ++static int handle_dm_thinpooldev(char *val, struct device_set *devset) ++{ ++ char *tmp_val = NULL; ++ ++ if (!util_valid_str(val)) { ++ ERROR("Invalid thinpool device, it must not be empty"); ++ isulad_set_error_message("Invalid thinpool device, it must not be empty"); ++ return -1; ++ } ++ tmp_val = util_trim_prefice_string(val, "/dev/mapper/"); ++ devset->thin_pool_device = util_strdup_s(tmp_val); ++ ++ return 0; ++} ++ ++static int handle_dm_min_free_space(char *val, struct device_set *devset) ++{ ++ long converted = 0; ++ int ret = util_parse_percent_string(val, &converted); ++ ++ if (ret != 0 || converted >= 100) { ++ ERROR("Invalid min free space: '%s': %s", val, strerror(-ret)); ++ isulad_set_error_message("Invalid min free space: '%s': %s", val, strerror(-ret)); ++ return -1; ++ } ++ devset->min_free_space_percent = (uint32_t)converted; ++ ++ return 0; ++} ++ ++static int handle_dm_basesize(char *val, struct device_set *devset) ++{ ++ int64_t converted = 0; ++ int ret = util_parse_byte_size_string(val, &converted); ++ ++ if (ret != 0) { ++ ERROR("Invalid size: '%s': %s", val, strerror(-ret)); ++ isulad_set_error_message("Invalid size: '%s': %s", val, strerror(-ret)); ++ return -1; ++ } ++ if (converted <= 0) { ++ ERROR("dm.basesize is lower than zero"); ++ isulad_set_error_message("dm.basesize is lower than zero"); ++ return -1; ++ } ++ devset->user_base_size = true; ++ devset->base_fs_size = (uint64_t)converted; ++ ++ return 0; ++} ++ ++static int handle_dm_mkfsarg(char *val, struct device_set *devset) ++{ ++ if (!util_valid_str(val)) { ++ ERROR("Invalid dm.mkfsarg value"); ++ isulad_set_error_message("Invalid dm.mkfsarg value"); ++ return -1; ++ } ++ if (util_array_append(&devset->mkfs_args, val) != 0) { ++ ERROR("Out of memory"); ++ return -1; ++ } ++ devset->mkfs_args_len++; ++ ++ return 0; ++} ++ ++static int handle_dm_mountopt(char *val, struct device_set *devset) ++{ ++ if (!util_valid_str(val)) { ++ ERROR("Invalid dm.mountopt or devicemapper.mountopt value"); ++ isulad_set_error_message("Invalid dm.mountopt or devicemapper.mountopt value"); ++ return -1; ++ } ++ devset->mount_options = util_strdup_s(val); ++ ++ return 0; ++} ++ ++static int devmapper_option_exact(const char *name, char *val, struct device_set *devset) ++{ ++ size_t i = 0; ++ bool found = false; ++ ++ struct devmapper_option_handler handler_jump_table[] = { ++ { "dm.fs", handle_dm_fs }, ++ { "dm.thinpooldev", handle_dm_thinpooldev }, ++ { "dm.min_free_space", handle_dm_min_free_space }, ++ { "dm.basesize", handle_dm_basesize }, ++ { "dm.mkfsarg", handle_dm_mkfsarg }, ++ { "dm.mountopt", handle_dm_mountopt }, ++ { "devicemapper.mountopt", handle_dm_mountopt }, ++ }; ++ ++ for (i = 0; i < sizeof(handler_jump_table)/sizeof(handler_jump_table[0]); i++) { ++ if (strcmp(handler_jump_table[i].name, name) != 0) { ++ continue; ++ } ++ found = true; ++ if (handler_jump_table[i].handle(val, devset) != 0) { ++ ERROR("Failed to handle %s option with %s", name, val); ++ return -1; ++ } ++ break; ++ } ++ ++ if (!found) { ++ ERROR("devicemapper: unknown option: '%s'", name); ++ isulad_set_error_message("devicemapper: unknown option: '%s'", name); ++ return -1; ++ } ++ ++ return 0; ++} ++ + static int devmapper_parse_options(struct device_set *devset, const char **options, size_t options_len) + { ++ int ret = 0; + size_t i = 0; ++ char *dup_option = NULL; + + if (devset == NULL) { + ERROR("Invalid input params"); +@@ -75,104 +213,38 @@ static int devmapper_parse_options(struct device_set *devset, const char **optio + } + + for (i = 0; options != NULL && i < options_len; i++) { +- char *dup = NULL; + char *val = NULL; +- char *tmp_val = NULL; +- int ret = 0; +- int nret = 0; + +- dup = util_strdup_s(options[i]); +- if (dup == NULL) { ++ dup_option = util_strdup_s(options[i]); ++ if (dup_option == NULL) { + ERROR("Out of memory"); + return -1; + } + +- val = strchr(dup, '='); ++ val = strchr(dup_option, '='); + if (val == NULL) { +- ERROR("Unable to parse key/value option: '%s'", dup); +- isulad_set_error_message("Unable to parse key/value option: '%s'", dup); +- free(dup); +- return -1; ++ ERROR("Unable to parse key/value option: '%s'", dup_option); ++ isulad_set_error_message("Unable to parse key/value option: '%s'", dup_option); ++ ret = -1; ++ goto out; + } ++ + *val = '\0'; + val++; +- if (strcasecmp(dup, "dm.fs") == 0) { +- if (strcmp(val, "ext4") == 0) { +- free(devset->filesystem); +- devset->filesystem = util_strdup_s(val); +- } else { +- ERROR("Invalid filesystem: '%s': not supported", val); +- isulad_set_error_message("Invalid filesystem: '%s': not supported", val); +- ret = -1; +- } +- } else if (strcasecmp(dup, "dm.thinpooldev") == 0) { +- if (!util_valid_str(val)) { +- ERROR("Invalid thinpool device, it must not be empty"); +- isulad_set_error_message("Invalid thinpool device, it must not be empty"); +- ret = -1; +- goto out; +- } +- tmp_val = util_trim_prefice_string(val, "/dev/mapper/"); +- devset->thin_pool_device = util_strdup_s(tmp_val); +- } else if (strcasecmp(dup, "dm.min_free_space") == 0) { +- long converted = 0; +- ret = util_parse_percent_string(val, &converted); +- if (ret != 0 || converted >= 100) { +- ERROR("Invalid min free space: '%s': %s", val, strerror(-ret)); +- isulad_set_error_message("Invalid min free space: '%s': %s", val, strerror(-ret)); +- ret = -1; +- goto out; +- } +- devset->min_free_space_percent = (uint32_t)converted; +- } else if (strcasecmp(dup, "dm.basesize") == 0) { +- int64_t converted = 0; +- ret = util_parse_byte_size_string(val, &converted); +- if (ret != 0) { +- ERROR("Invalid size: '%s': %s", val, strerror(-ret)); +- isulad_set_error_message("Invalid size: '%s': %s", val, strerror(-ret)); +- ret = -1; +- goto out; +- } +- if (converted <= 0) { +- ERROR("dm.basesize is lower than zero"); +- isulad_set_error_message("dm.basesize is lower than zero"); +- ret = -1; +- goto out; +- } +- devset->user_base_size = true; +- devset->base_fs_size = (uint64_t)converted; +- } else if (strcasecmp(dup, "dm.mkfsarg") == 0) { +- if (!util_valid_str(val)) { +- ERROR("Invalid dm.mkfsarg value"); +- isulad_set_error_message("Invalid dm.mkfsarg value"); +- ret = -1; +- goto out; +- } +- nret = util_array_append(&devset->mkfs_args, val); +- if (nret != 0) { +- ERROR("Out of memory"); +- ret = -1; +- goto out; +- } +- devset->mkfs_args_len++; +- } else if (strcasecmp(dup, "dm.mountopt") == 0 || strcasecmp(dup, "devicemapper.mountopt") == 0) { +- if (!util_valid_str(val)) { +- ERROR("Invalid dm.mountopt or devicemapper.mountopt value"); +- isulad_set_error_message("Invalid dm.mountopt or devicemapper.mountopt value"); +- ret = -1; +- goto out; +- } +- devset->mount_options = util_strdup_s(val); +- } else { +- ERROR("devicemapper: unknown option: '%s'", dup); +- isulad_set_error_message("devicemapper: unknown option: '%s'", dup); ++ ++ if (devmapper_option_exact(dup_option, val, devset) != 0) { ++ ERROR("Failed to exact devmapper option: %s", dup_option); + ret = -1; ++ goto out; + } ++ ++ free(dup_option); ++ } ++ + out: +- free(dup); +- if (ret != 0) { +- return ret; +- } ++ free(dup_option); ++ if (ret != 0) { ++ return ret; + } + + return 0; +-- +2.25.1 + diff --git a/0025-refactor-parse_volume-function.patch b/0025-refactor-parse_volume-function.patch new file mode 100644 index 0000000..bf980fb --- /dev/null +++ b/0025-refactor-parse_volume-function.patch @@ -0,0 +1,153 @@ +From 4df32783e4a665bd639f8b3ccd1b8860614eefb3 Mon Sep 17 00:00:00 2001 +From: wujing +Date: Sat, 14 May 2022 15:33:33 +0800 +Subject: [PATCH 25/28] refactor parse_volume function + +Signed-off-by: wujing +--- + src/daemon/modules/spec/parse_volume.c | 91 ++++++++++++++------------ + 1 file changed, 50 insertions(+), 41 deletions(-) + +diff --git a/src/daemon/modules/spec/parse_volume.c b/src/daemon/modules/spec/parse_volume.c +index ef2d58e4..3afa0962 100644 +--- a/src/daemon/modules/spec/parse_volume.c ++++ b/src/daemon/modules/spec/parse_volume.c +@@ -341,22 +341,60 @@ static int check_volume_element(const char *volume) + return ret; + } + ++static int set_volume_element_options(defs_mount *mount_element, const char **modes) ++{ ++ const size_t max_options_len = 4; ++ size_t options_len = 0; ++ size_t i = 0; ++ bool with_rw = false; ++ bool with_pro = false; ++ bool with_label = false; ++ ++ mount_element->options = util_common_calloc_s(max_options_len * sizeof(char *)); ++ if (mount_element->options == NULL) { ++ ERROR("Out of memory"); ++ return -1; ++ } ++ ++ options_len = util_array_len((const char **)modes); ++ if (options_len > max_options_len) { ++ ERROR("Invalid volume element options"); ++ return -1; ++ } ++ ++ for (i = 0; i < options_len; i++) { ++ if (util_valid_rw_mode(modes[i])) { ++ with_rw = true; ++ mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]); ++ } else if (util_valid_propagation_mode(modes[i])) { ++ with_pro = true; ++ mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]); ++ } else if (util_valid_label_mode(modes[i])) { ++ with_label = true; ++ mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]); ++ } else if (util_valid_copy_mode(modes[i])) { ++ mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]); ++ } ++ } ++ ++ if (append_default_mount_options(mount_element, with_rw, with_pro, with_label) != 0) { ++ ERROR("Failed to append default mount options"); ++ return -1; ++ } ++ ++ return 0; ++} ++ + defs_mount *parse_volume(const char *volume) + { + int ret = 0; +- size_t i = 0; +- size_t mlen = 0; + defs_mount *mount_element = NULL; + char **modes = NULL; + char path[PATH_MAX] = { 0x00 }; +- char *rw = NULL; +- char *pro = NULL; +- char *label = NULL; +- size_t max_options_len = 4; +- char *nocopy = NULL; + + ret = check_volume_element(volume); + if (ret != 0) { ++ ERROR("Invalid volume element"); + goto free_out; + } + +@@ -368,22 +406,10 @@ defs_mount *parse_volume(const char *volume) + + ret = get_src_dst_mode_by_volume(volume, mount_element, &modes); + if (ret != 0) { ++ ERROR("Failed to parse volume"); + goto free_out; + } + +- mlen = util_array_len((const char **)modes); +- for (i = 0; i < mlen; i++) { +- if (util_valid_rw_mode(modes[i])) { +- rw = modes[i]; +- } else if (util_valid_propagation_mode(modes[i])) { +- pro = modes[i]; +- } else if (util_valid_label_mode(modes[i])) { +- label = modes[i]; +- } else if (util_valid_copy_mode(modes[i])) { +- nocopy = modes[i]; +- } +- } +- + if (!util_clean_path(mount_element->destination, path, sizeof(path))) { + ERROR("Failed to get clean path"); + ret = -1; +@@ -402,25 +428,6 @@ defs_mount *parse_volume(const char *volume) + mount_element->source = util_strdup_s(path); + } + +- mount_element->options = util_common_calloc_s(max_options_len * sizeof(char *)); +- if (mount_element->options == NULL) { +- ERROR("Out of memory"); +- mount_element->options_len = 0; +- ret = -1; +- goto free_out; +- } +- if (rw != NULL) { +- mount_element->options[mount_element->options_len++] = util_strdup_s(rw); +- } +- if (pro != NULL) { +- mount_element->options[mount_element->options_len++] = util_strdup_s(pro); +- } +- if (label != NULL) { +- mount_element->options[mount_element->options_len++] = util_strdup_s(label); +- } +- if (nocopy != NULL) { +- mount_element->options[mount_element->options_len++] = util_strdup_s(nocopy); +- } + if (mount_element->source != NULL && mount_element->source[0] == '/') { + mount_element->type = util_strdup_s(MOUNT_TYPE_BIND); + } else { +@@ -430,13 +437,15 @@ defs_mount *parse_volume(const char *volume) + } + } + +- ret = check_mount_element(volume, mount_element); ++ ret = set_volume_element_options(mount_element, (const char **)modes); + if (ret != 0) { ++ ERROR("Failed to set volume element options"); + goto free_out; + } + +- ret = append_default_mount_options(mount_element, rw != NULL, pro != NULL, label != NULL); ++ ret = check_mount_element(volume, mount_element); + if (ret != 0) { ++ ERROR("Invalid mount element"); + goto free_out; + } + +-- +2.25.1 + diff --git a/0026-fix-parse-volume-failed.patch b/0026-fix-parse-volume-failed.patch new file mode 100644 index 0000000..e902ab8 --- /dev/null +++ b/0026-fix-parse-volume-failed.patch @@ -0,0 +1,93 @@ +From fdb731d7a272eb1574ef31b058beffbefffa1eb2 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Wed, 18 May 2022 10:30:35 +0800 +Subject: [PATCH 26/28] fix parse volume failed + +Signed-off-by: zhangxiaoyu +--- + src/daemon/modules/spec/parse_volume.c | 28 ++++++++++++++------------ + 1 file changed, 15 insertions(+), 13 deletions(-) + +diff --git a/src/daemon/modules/spec/parse_volume.c b/src/daemon/modules/spec/parse_volume.c +index 3afa0962..7b02f6ca 100644 +--- a/src/daemon/modules/spec/parse_volume.c ++++ b/src/daemon/modules/spec/parse_volume.c +@@ -341,14 +341,12 @@ static int check_volume_element(const char *volume) + return ret; + } + +-static int set_volume_element_options(defs_mount *mount_element, const char **modes) ++static int set_volume_element_options(defs_mount *mount_element, const char **modes, bool *with_rw, ++ bool *with_pro, bool *with_label) + { + const size_t max_options_len = 4; + size_t options_len = 0; + size_t i = 0; +- bool with_rw = false; +- bool with_pro = false; +- bool with_label = false; + + mount_element->options = util_common_calloc_s(max_options_len * sizeof(char *)); + if (mount_element->options == NULL) { +@@ -364,30 +362,28 @@ static int set_volume_element_options(defs_mount *mount_element, const char **mo + + for (i = 0; i < options_len; i++) { + if (util_valid_rw_mode(modes[i])) { +- with_rw = true; ++ *with_rw = true; + mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]); + } else if (util_valid_propagation_mode(modes[i])) { +- with_pro = true; ++ *with_pro = true; + mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]); + } else if (util_valid_label_mode(modes[i])) { +- with_label = true; ++ *with_label = true; + mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]); + } else if (util_valid_copy_mode(modes[i])) { + mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]); + } + } + +- if (append_default_mount_options(mount_element, with_rw, with_pro, with_label) != 0) { +- ERROR("Failed to append default mount options"); +- return -1; +- } +- + return 0; + } + + defs_mount *parse_volume(const char *volume) + { + int ret = 0; ++ bool with_rw = false; ++ bool with_pro = false; ++ bool with_label = false; + defs_mount *mount_element = NULL; + char **modes = NULL; + char path[PATH_MAX] = { 0x00 }; +@@ -437,7 +433,7 @@ defs_mount *parse_volume(const char *volume) + } + } + +- ret = set_volume_element_options(mount_element, (const char **)modes); ++ ret = set_volume_element_options(mount_element, (const char **)modes, &with_rw, &with_pro, &with_label); + if (ret != 0) { + ERROR("Failed to set volume element options"); + goto free_out; +@@ -449,6 +445,12 @@ defs_mount *parse_volume(const char *volume) + goto free_out; + } + ++ ret = append_default_mount_options(mount_element, with_rw, with_pro, with_label); ++ if (ret != 0) { ++ ERROR("Failed to append default mount options"); ++ goto free_out; ++ } ++ + free_out: + util_free_array(modes); + if (ret != 0) { +-- +2.25.1 + diff --git a/0027-use-util_smart_calloc_t-to-prevent-overflow.patch b/0027-use-util_smart_calloc_t-to-prevent-overflow.patch new file mode 100644 index 0000000..db6ade3 --- /dev/null +++ b/0027-use-util_smart_calloc_t-to-prevent-overflow.patch @@ -0,0 +1,2106 @@ +From 7eda716c55d2247a79519a9f0a0950878eca6bf2 Mon Sep 17 00:00:00 2001 +From: wujing +Date: Thu, 16 Jun 2022 19:53:11 +0800 +Subject: [PATCH 27/28] use util_smart_calloc_t to prevent overflow + +Signed-off-by: wujing +--- + .../connect/grpc/grpc_containers_client.cc | 6 +- + src/client/connect/grpc/grpc_images_client.cc | 2 +- + .../connect/grpc/grpc_volumes_client.cc | 2 +- + src/client/connect/protocol_type.c | 4 +- + .../connect/rest/rest_containers_client.c | 39 ++++-------- + src/client/connect/rest/rest_images_client.c | 19 +++--- + src/cmd/isula/base/create.c | 9 +-- + src/cmd/isula/information/inspect.c | 6 +- + src/cmd/isula/isula_container_spec.c | 15 +---- + src/cmd/isula/isula_host_spec.c | 30 ++-------- + src/cmd/isula/stream/exec.c | 2 +- + src/cmd/isulad/isulad_commands.c | 5 +- + src/daemon/common/events_format.c | 2 +- + src/daemon/config/daemon_arguments.c | 8 +-- + src/daemon/config/isulad_config.c | 11 ++-- + .../grpc/grpc_containers_service_private.cc | 31 ++-------- + .../entry/connect/grpc/grpc_images_service.cc | 9 +-- + src/daemon/entry/cri/checkpoint_handler.cc | 6 +- + src/daemon/entry/cri/cri_helpers.cc | 32 +++------- + src/daemon/entry/cri/cri_security_context.cc | 12 +--- + .../entry/cri/websocket/service/exec_serve.cc | 8 +-- + .../executor/container_cb/execution_create.c | 12 +--- + .../executor/container_cb/execution_extend.c | 6 +- + .../container_cb/execution_information.c | 23 ++------ + src/daemon/executor/container_cb/list.c | 9 +-- + src/daemon/executor/image_cb/image_cb.c | 12 +--- + .../modules/container/container_state.c | 7 +-- + src/daemon/modules/container/container_unix.c | 7 +-- + .../modules/container/containers_store.c | 6 +- + .../container/health_check/health_check.c | 17 +++--- + .../modules/image/embedded/embedded_image.c | 8 +-- + .../modules/image/oci/oci_config_merge.c | 15 +---- + src/daemon/modules/image/oci/oci_load.c | 10 ++-- + src/daemon/modules/image/oci/registry/auths.c | 2 +- + .../modules/image/oci/registry/registry.c | 37 ++++++------ + .../oci/storage/image_store/image_store.c | 6 +- + src/daemon/modules/image/oci/utils_images.c | 4 +- + src/daemon/modules/plugin/plugin.c | 7 +-- + .../modules/runtime/engines/lcr/lcr_rt_ops.c | 2 +- + .../modules/service/inspect_container.c | 20 +------ + src/daemon/modules/service/io_handler.c | 35 ++++++----- + .../modules/service/service_container.c | 2 +- + src/daemon/modules/spec/parse_volume.c | 6 +- + src/daemon/modules/spec/specs.c | 6 +- + src/daemon/modules/spec/specs_mount.c | 15 ++--- + src/daemon/modules/spec/specs_security.c | 59 ++++++------------- + src/daemon/modules/spec/verify.c | 10 +--- + src/daemon/modules/volume/local.c | 17 +++--- + src/daemon/modules/volume/volume.c | 4 +- + src/utils/console/console.c | 7 +-- + src/utils/cutils/utils_array.c | 16 ++--- + src/utils/cutils/utils_string.c | 14 +---- + .../oci_config_merge/oci_config_merge_ut.cc | 2 - + 53 files changed, 198 insertions(+), 463 deletions(-) + +diff --git a/src/client/connect/grpc/grpc_containers_client.cc b/src/client/connect/grpc/grpc_containers_client.cc +index ebe71df9..85cafe9b 100644 +--- a/src/client/connect/grpc/grpc_containers_client.cc ++++ b/src/client/connect/grpc/grpc_containers_client.cc +@@ -495,7 +495,7 @@ public: + ERROR("Too many summary info!"); + return -1; + } +- response->processes = static_cast(util_common_calloc_s(num * sizeof(char *))); ++ response->processes = static_cast(util_smart_calloc_s(sizeof(char *), num)); + if (response->processes == nullptr) { + ERROR("out of memory"); + response->cc = ISULAD_ERR_MEMOUT; +@@ -1666,8 +1666,8 @@ public: + { + int size = gresponse->containers_size(); + if (size > 0) { +- response->container_stats = static_cast( +- util_common_calloc_s(size * sizeof(struct isula_container_info))); ++ response->container_stats = ++ static_cast(util_smart_calloc_s(sizeof(struct isula_container_info), size)); + if (response->container_stats == nullptr) { + ERROR("Out of memory"); + return -1; +diff --git a/src/client/connect/grpc/grpc_images_client.cc b/src/client/connect/grpc/grpc_images_client.cc +index 50265e04..9424a90a 100644 +--- a/src/client/connect/grpc/grpc_images_client.cc ++++ b/src/client/connect/grpc/grpc_images_client.cc +@@ -71,7 +71,7 @@ public: + response->cc = ISULAD_ERR_MEMOUT; + return -1; + } +- images_list = (struct isula_image_info *)util_common_calloc_s(sizeof(struct isula_image_info) * (size_t)num); ++ images_list = (struct isula_image_info *)util_smart_calloc_s(sizeof(struct isula_image_info), (size_t)num); + if (images_list == nullptr) { + ERROR("out of memory"); + response->cc = ISULAD_ERR_MEMOUT; +diff --git a/src/client/connect/grpc/grpc_volumes_client.cc b/src/client/connect/grpc/grpc_volumes_client.cc +index 902e8a13..32b83a9e 100644 +--- a/src/client/connect/grpc/grpc_volumes_client.cc ++++ b/src/client/connect/grpc/grpc_volumes_client.cc +@@ -156,7 +156,7 @@ public: + { + auto size = gresponse->volumes_size(); + if (size != 0) { +- response->volumes = static_cast(util_common_calloc_s(sizeof(char *) * size)); ++ response->volumes = static_cast(util_smart_calloc_s(sizeof(char *), size)); + if (response->volumes == nullptr) { + return -1; + } +diff --git a/src/client/connect/protocol_type.c b/src/client/connect/protocol_type.c +index af582abf..713c69cb 100644 +--- a/src/client/connect/protocol_type.c ++++ b/src/client/connect/protocol_type.c +@@ -63,12 +63,12 @@ struct isula_filters *isula_filters_parse_args(const char **array, size_t len) + return NULL; + } + +- filters->keys = util_common_calloc_s(sizeof(char *) * len); ++ filters->keys = util_smart_calloc_s(sizeof(char *), len); + if (filters->keys == NULL) { + ERROR("Out of memory"); + goto cleanup; + } +- filters->values = util_common_calloc_s(sizeof(char *) * len); ++ filters->values = util_smart_calloc_s(sizeof(char *), len); + if (filters->values == NULL) { + free(filters->keys); + filters->keys = NULL; +diff --git a/src/client/connect/rest/rest_containers_client.c b/src/client/connect/rest/rest_containers_client.c +index 04fb414d..61dcd54c 100644 +--- a/src/client/connect/rest/rest_containers_client.c ++++ b/src/client/connect/rest/rest_containers_client.c +@@ -142,18 +142,13 @@ static int list_request_to_rest(const struct isula_list_request *ll_request, cha + } + + len = ll_request->filters->len; +- if (len > SIZE_MAX / sizeof(char *)) { +- ERROR("Too many filters"); +- ret = -1; +- goto out; +- } +- crequest->filters->keys = (char **)util_common_calloc_s(len * sizeof(char *)); ++ crequest->filters->keys = (char **)util_smart_calloc_s(sizeof(char *), len); + if (crequest->filters->keys == NULL) { + ERROR("Out of memory"); + ret = -1; + goto out; + } +- crequest->filters->values = (json_map_string_bool **)util_common_calloc_s(len * sizeof(json_map_string_bool *)); ++ crequest->filters->values = (json_map_string_bool **)util_smart_calloc_s(sizeof(json_map_string_bool *), len); + if (crequest->filters->values == NULL) { + ERROR("Out of memory"); + free(crequest->filters->keys); +@@ -385,12 +380,8 @@ static int unpack_container_info_for_list_response(container_list_response *cres + if (num == 0) { + return 0; + } +- if (num > SIZE_MAX / sizeof(struct isula_container_summary_info *)) { +- ERROR("Too many container summaries"); +- return -1; +- } +- summary_info = (struct isula_container_summary_info **)util_common_calloc_s( +- sizeof(struct isula_container_summary_info *) * num); ++ summary_info = (struct isula_container_summary_info **)util_smart_calloc_s( ++ sizeof(struct isula_container_summary_info *), num); + if (summary_info == NULL) { + ERROR("out of memory"); + return -1; +@@ -428,8 +419,8 @@ static int unpack_container_info_for_list_response(container_list_response *cres + summary_info[i]->exit_code = cresponse->containers[i]->exit_code; + summary_info[i]->restart_count = (unsigned int)cresponse->containers[i]->restartcount; + summary_info[i]->created = cresponse->containers[i]->created; +- summary_info[i]->health_state = cresponse->containers[i]->health_state ? +- util_strdup_s(cresponse->containers[i]->health_state) : NULL; ++ summary_info[i]->health_state = ++ cresponse->containers[i]->health_state ? util_strdup_s(cresponse->containers[i]->health_state) : NULL; + } + + return 0; +@@ -1632,12 +1623,7 @@ static int exec_request_to_rest(const struct isula_exec_request *le_request, cha + + int i = 0; + if (le_request->argc > 0) { +- if ((size_t)le_request->argc > SIZE_MAX / sizeof(char *)) { +- ERROR("Too many arguments!"); +- ret = -1; +- goto out; +- } +- crequest->argv = (char **)util_common_calloc_s(sizeof(char *) * (size_t)le_request->argc); ++ crequest->argv = (char **)util_smart_calloc_s(sizeof(char *), (size_t)le_request->argc); + if (crequest->argv == NULL) { + ERROR("Out of memory"); + ret = -1; +@@ -1649,12 +1635,7 @@ static int exec_request_to_rest(const struct isula_exec_request *le_request, cha + crequest->argv_len = (size_t)le_request->argc; + } + if (le_request->env_len > 0) { +- if ((size_t)le_request->env_len > SIZE_MAX / sizeof(char *)) { +- ERROR("Too many environmental variables!"); +- ret = -1; +- goto out; +- } +- crequest->env = (char **)util_common_calloc_s(sizeof(char *) * (size_t)le_request->env_len); ++ crequest->env = (char **)util_smart_calloc_s(sizeof(char *), (size_t)le_request->env_len); + if (crequest->env == NULL) { + ERROR("Out of memory"); + ret = -1; +@@ -1865,8 +1846,8 @@ out: + } + + /* rest container info */ +-static int rest_container_info(const struct isula_info_request *li_request, +- struct isula_info_response *li_response, void *arg) ++static int rest_container_info(const struct isula_info_request *li_request, struct isula_info_response *li_response, ++ void *arg) + { + char *body = NULL; + int ret = 0; +diff --git a/src/client/connect/rest/rest_images_client.c b/src/client/connect/rest/rest_images_client.c +index c2fc17f1..c7ab78cc 100644 +--- a/src/client/connect/rest/rest_images_client.c ++++ b/src/client/connect/rest/rest_images_client.c +@@ -122,9 +122,9 @@ static int unpack_image_info_to_list_response(image_list_images_response *crespo + } + + num = cresponse->images_len; +- if (num > 0 && (num < (SIZE_MAX / sizeof(struct isula_image_info)))) { ++ if (num > 0) { + size_t i; +- image_info = (struct isula_image_info *)util_common_calloc_s(sizeof(struct isula_image_info) * num); ++ image_info = (struct isula_image_info *)util_smart_calloc_s(sizeof(struct isula_image_info), num); + if (image_info == NULL) { + ERROR("out of memory"); + return -1; +@@ -134,17 +134,19 @@ static int unpack_image_info_to_list_response(image_list_images_response *crespo + for (i = 0; i < num; i++) { + if (cresponse->images[i]->target != NULL) { + image_info[i].type = cresponse->images[i]->target->media_type ? +- util_strdup_s(cresponse->images[i]->target->media_type) : util_strdup_s("-"); ++ util_strdup_s(cresponse->images[i]->target->media_type) : ++ util_strdup_s("-"); + image_info[i].digest = cresponse->images[i]->target->digest ? +- util_strdup_s(cresponse->images[i]->target->digest) : util_strdup_s("-"); ++ util_strdup_s(cresponse->images[i]->target->digest) : ++ util_strdup_s("-"); + image_info[i].size = cresponse->images[i]->target->size; + } + if (cresponse->images[i]->created_at != NULL) { + image_info[i].created = cresponse->images[i]->created_at->seconds; + image_info[i].created_nanos = cresponse->images[i]->created_at->nanos; + } +- image_info[i].imageref = cresponse->images[i]->name ? +- util_strdup_s(cresponse->images[i]->name) : util_strdup_s("-"); ++ image_info[i].imageref = cresponse->images[i]->name ? util_strdup_s(cresponse->images[i]->name) : ++ util_strdup_s("-"); + } + } + +@@ -524,7 +526,6 @@ out: + return ret; + } + +- + /* rest image pull */ + static int rest_image_pull(const struct isula_pull_request *request, struct isula_pull_response *response, void *arg) + { +@@ -824,7 +825,6 @@ out: + return ret; + } + +- + /* rest image tag */ + static int rest_image_tag(const struct isula_tag_request *request, struct isula_tag_response *response, void *arg) + { +@@ -929,7 +929,6 @@ out: + static int rest_image_import(const struct isula_import_request *request, struct isula_import_response *response, + void *arg) + { +- + client_connect_config_t *connect_config = (client_connect_config_t *)arg; + const char *socketname = (const char *)(connect_config->socket); + char *body = NULL; +@@ -963,7 +962,6 @@ out: + return ret; + } + +- + /* rest images client ops init */ + int rest_images_client_ops_init(isula_connect_ops *ops) + { +@@ -983,4 +981,3 @@ int rest_images_client_ops_init(isula_connect_ops *ops) + + return 0; + } +- +diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c +index 2db2fd21..97da80ac 100644 +--- a/src/cmd/isula/base/create.c ++++ b/src/cmd/isula/base/create.c +@@ -51,8 +51,7 @@ + const char g_cmd_create_desc[] = "Create a new container"; + const char g_cmd_create_usage[] = "create [OPTIONS] --external-rootfs=PATH|IMAGE [COMMAND] [ARG...]"; + +-struct client_arguments g_cmd_create_args = { +- .runtime = "", ++struct client_arguments g_cmd_create_args = { .runtime = "", + .restart = "no", + .cr.oom_score_adj = 0, + .custom_conf.health_interval = 0, +@@ -717,11 +716,7 @@ static int request_pack_host_ns_change_files(const struct client_arguments *args + files = net_ipc_files; + files_len = sizeof(net_ipc_files) / sizeof(net_ipc_files[0]); + } +- if (files_len > (SIZE_MAX / sizeof(char *)) - 1) { +- ERROR("Too many files"); +- return -1; +- } +- hostconfig->ns_change_files = util_common_calloc_s((files_len + 1) * sizeof(char *)); ++ hostconfig->ns_change_files = util_smart_calloc_s(sizeof(char *), (files_len + 1)); + if (hostconfig->ns_change_files == NULL) { + ERROR("Out of memory"); + return -1; +diff --git a/src/cmd/isula/information/inspect.c b/src/cmd/isula/information/inspect.c +index 55366551..bb52b42a 100644 +--- a/src/cmd/isula/information/inspect.c ++++ b/src/cmd/isula/information/inspect.c +@@ -775,7 +775,7 @@ static char **inspect_split_filter(const char *format, size_t *filter_len) + return res_array; + } + +- res_array = (char **)util_common_calloc_s(sizeof(char *) * (*filter_len)); ++ res_array = (char **)util_smart_calloc_s(sizeof(char *), (*filter_len)); + if (res_array == NULL) { + ERROR("out of memory"); + return NULL; +@@ -847,14 +847,14 @@ static int generate_filter_string(char ***filter_string, bool **json_format, siz + } + + *filter_string_len = format_size; +- *filter_string = (char **)util_common_calloc_s(sizeof(char *) * format_size); ++ *filter_string = (char **)util_smart_calloc_s(sizeof(char *), format_size); + if (*filter_string == NULL) { + ERROR("out of memory"); + ret = ECOMMON; + goto error_out; + } + +- *json_format = (bool *)util_common_calloc_s(sizeof(bool) * format_size * g_cmd_inspect_args.argc); ++ *json_format = (bool *)util_smart_calloc_s(sizeof(bool), format_size * g_cmd_inspect_args.argc); + if (*json_format == NULL) { + ERROR("out of memory"); + ret = ECOMMON; +diff --git a/src/cmd/isula/isula_container_spec.c b/src/cmd/isula/isula_container_spec.c +index 9340708f..09406d09 100644 +--- a/src/cmd/isula/isula_container_spec.c ++++ b/src/cmd/isula/isula_container_spec.c +@@ -48,12 +48,7 @@ static int pack_container_custom_config_args(container_config *container_spec, + + /* commands */ + if ((custom_conf->cmd_len != 0 && custom_conf->cmd)) { +- if (custom_conf->cmd_len > SIZE_MAX / sizeof(char *)) { +- COMMAND_ERROR("The length of cmd is too long!"); +- ret = -1; +- goto out; +- } +- container_spec->cmd = util_common_calloc_s(custom_conf->cmd_len * sizeof(char *)); ++ container_spec->cmd = util_smart_calloc_s(sizeof(char *), custom_conf->cmd_len); + if (container_spec->cmd == NULL) { + ret = -1; + goto out; +@@ -76,11 +71,7 @@ static int pack_container_custom_config_array(container_config *container_spec, + + /* environment variables */ + if (custom_conf->env_len != 0 && custom_conf->env) { +- if (custom_conf->env_len > SIZE_MAX / sizeof(char *)) { +- COMMAND_ERROR("Too many environment variables"); +- return -1; +- } +- container_spec->env = util_common_calloc_s(custom_conf->env_len * sizeof(char *)); ++ container_spec->env = util_smart_calloc_s(sizeof(char *), custom_conf->env_len); + if (container_spec->env == NULL) { + ret = -1; + goto out; +@@ -202,7 +193,7 @@ static int pack_custom_with_health_check(container_config *container_spec, const + int ret = 0; + + if (custom_conf->health_cmd != NULL && strlen(custom_conf->health_cmd) != 0) { +- health_config->test = util_common_calloc_s(2 * sizeof(char *)); ++ health_config->test = util_smart_calloc_s(sizeof(char *), 2); + if (health_config->test == NULL) { + ret = -1; + goto out; +diff --git a/src/cmd/isula/isula_host_spec.c b/src/cmd/isula/isula_host_spec.c +index 297f9299..11e3eed3 100644 +--- a/src/cmd/isula/isula_host_spec.c ++++ b/src/cmd/isula/isula_host_spec.c +@@ -401,12 +401,7 @@ static int pack_hostconfig_ulimits(host_config *dstconfig, const isula_host_conf + goto out; + } + +- if (srcconfig->ulimits_len > SIZE_MAX / sizeof(host_config_ulimits_element *)) { +- COMMAND_ERROR("Too many ulimit elements in host config"); +- ret = -1; +- goto out; +- } +- dstconfig->ulimits = util_common_calloc_s(srcconfig->ulimits_len * sizeof(host_config_ulimits_element *)); ++ dstconfig->ulimits = util_smart_calloc_s(sizeof(host_config_ulimits_element *), srcconfig->ulimits_len); + if (dstconfig->ulimits == NULL) { + COMMAND_ERROR("Out of memory"); + ret = -1; +@@ -1127,12 +1122,7 @@ int generate_devices(host_config *dstconfig, const isula_host_config_t *srcconfi + goto out; + } + +- if (srcconfig->devices_len > SIZE_MAX / sizeof(host_config_devices_element *)) { +- ERROR("Too many devices to be populated into container"); +- ret = -1; +- goto out; +- } +- dstconfig->devices = util_common_calloc_s(sizeof(host_config_devices_element *) * srcconfig->devices_len); ++ dstconfig->devices = util_smart_calloc_s(sizeof(host_config_devices_element *), srcconfig->devices_len); + if (dstconfig->devices == NULL) { + ret = -1; + goto out; +@@ -1472,13 +1462,7 @@ static int generate_mounts(host_config *dstconfig, const isula_host_config_t *sr + goto out; + } + +- if (srcconfig->mounts_len > SIZE_MAX / sizeof(char *)) { +- COMMAND_ERROR("Too many mounts to mount!"); +- ret = -1; +- goto out; +- } +- +- dstconfig->mounts = util_common_calloc_s(srcconfig->mounts_len * sizeof(mount_spec*)); ++ dstconfig->mounts = util_smart_calloc_s(sizeof(mount_spec *), srcconfig->mounts_len); + if (dstconfig->mounts == NULL) { + ret = -1; + goto out; +@@ -1540,13 +1524,7 @@ int generate_security(host_config *dstconfig, const isula_host_config_t *srcconf + goto out; + } + +- if (srcconfig->security_len > SIZE_MAX / sizeof(char *)) { +- COMMAND_ERROR("Too many security opts!"); +- ret = -1; +- goto out; +- } +- +- dstconfig->security_opt = util_common_calloc_s(srcconfig->security_len * sizeof(char *)); ++ dstconfig->security_opt = util_smart_calloc_s(sizeof(char *), srcconfig->security_len); + if (dstconfig->security_opt == NULL) { + ret = -1; + goto out; +diff --git a/src/cmd/isula/stream/exec.c b/src/cmd/isula/stream/exec.c +index df911d0b..2d0d37da 100644 +--- a/src/cmd/isula/stream/exec.c ++++ b/src/cmd/isula/stream/exec.c +@@ -394,7 +394,7 @@ static char *generate_exec_suffix() + { + char *exec_suffix = NULL; + +- exec_suffix = util_common_calloc_s(sizeof(char) * (CONTAINER_ID_MAX_LEN + 1)); ++ exec_suffix = util_smart_calloc_s(sizeof(char), (CONTAINER_ID_MAX_LEN + 1)); + if (exec_suffix == NULL) { + ERROR("Out of memory"); + goto out; +diff --git a/src/cmd/isulad/isulad_commands.c b/src/cmd/isulad/isulad_commands.c +index 89d91c1b..798416a3 100644 +--- a/src/cmd/isulad/isulad_commands.c ++++ b/src/cmd/isulad/isulad_commands.c +@@ -468,7 +468,7 @@ static int do_merge_conf_hosts_into_global(struct service_arguments *args) + + if (args->hosts_len == 0) { + /* set default host */ +- args->hosts = (char **)util_common_calloc_s(sizeof(char *) * DEFAULT_HOSTS_LEN); ++ args->hosts = (char **)util_smart_calloc_s(sizeof(char *), DEFAULT_HOSTS_LEN); + if (args->hosts == NULL) { + ERROR("Out of memory"); + return -1; +@@ -544,8 +544,7 @@ static int do_merge_conf_default_ulimit_into_global(struct service_arguments *ar + telem.name = ptr->name; + telem.hard = ptr->hard; + telem.soft = ptr->soft; +- if (ulimit_array_append(&args->default_ulimit, &telem, args->default_ulimit_len) != +- 0) { ++ if (ulimit_array_append(&args->default_ulimit, &telem, args->default_ulimit_len) != 0) { + ERROR("merge json confs default ulimit config failed"); + return -1; + } +diff --git a/src/daemon/common/events_format.c b/src/daemon/common/events_format.c +index 96dec401..e5ceab92 100644 +--- a/src/daemon/common/events_format.c ++++ b/src/daemon/common/events_format.c +@@ -46,7 +46,7 @@ int event_copy(const struct isulad_events_format *src, struct isulad_events_form + + if (src->annotations_len != 0) { + util_free_array_by_len(dest->annotations, dest->annotations_len); +- dest->annotations = (char **)util_common_calloc_s(src->annotations_len * sizeof(char *)); ++ dest->annotations = (char **)util_smart_calloc_s(sizeof(char *), src->annotations_len); + if (dest->annotations == NULL) { + ERROR("Out of memory"); + return -1; +diff --git a/src/daemon/config/daemon_arguments.c b/src/daemon/config/daemon_arguments.c +index c107fd74..719efef0 100644 +--- a/src/daemon/config/daemon_arguments.c ++++ b/src/daemon/config/daemon_arguments.c +@@ -118,11 +118,11 @@ int service_arguments_init(struct service_arguments *args) + if (args->json_confs->log_opts == NULL) { + goto free_out; + } +- args->json_confs->log_opts->keys = (char **)util_common_calloc_s(sizeof(char *) * DEFAULT_LOG_OPTS_LEN); ++ args->json_confs->log_opts->keys = (char **)util_smart_calloc_s(sizeof(char *), DEFAULT_LOG_OPTS_LEN); + if (args->json_confs->log_opts->keys == NULL) { + goto free_out; + } +- args->json_confs->log_opts->values = (char **)util_common_calloc_s(sizeof(char *) * DEFAULT_LOG_OPTS_LEN); ++ args->json_confs->log_opts->values = (char **)util_smart_calloc_s(sizeof(char *), DEFAULT_LOG_OPTS_LEN); + if (args->json_confs->log_opts->values == NULL) { + goto free_out; + } +@@ -138,8 +138,8 @@ int service_arguments_init(struct service_arguments *args) + args->max_size = 1024 * 1024; + + // init container log configs +- args->json_confs->container_log = (isulad_daemon_configs_container_log *)util_common_calloc_s(sizeof( +- isulad_daemon_configs_container_log)); ++ args->json_confs->container_log = ++ (isulad_daemon_configs_container_log *)util_common_calloc_s(sizeof(isulad_daemon_configs_container_log)); + if (args->json_confs->container_log == NULL) { + ERROR("Out of memory"); + goto free_out; +diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c +index 38d2a0bf..1270d0c6 100644 +--- a/src/daemon/config/isulad_config.c ++++ b/src/daemon/config/isulad_config.c +@@ -323,7 +323,7 @@ char *conf_get_routine_rootdir(const char *runtime) + ERROR("The size of path exceeds the limit"); + goto out; + } +- path = util_common_calloc_s(sizeof(char) * len); ++ path = util_smart_calloc_s(sizeof(char), len); + if (path == NULL) { + ERROR("Out of memory"); + goto out; +@@ -660,7 +660,7 @@ char *get_log_file_helper(const struct service_arguments *conf, const char *suff + ERROR("The size of path exceeds the limit"); + return NULL; + } +- logfile = util_common_calloc_s(len * sizeof(char)); ++ logfile = util_smart_calloc_s(sizeof(char), len); + if (logfile == NULL) { + ERROR("Out of memory"); + goto out; +@@ -760,7 +760,7 @@ char *conf_get_engine_log_file() + ERROR("The size of path exceeds the limit"); + goto out; + } +- full_path = util_common_calloc_s(len * sizeof(char)); ++ full_path = util_smart_calloc_s(sizeof(char), len); + if (full_path == NULL) { + FATAL("Out of Memory"); + goto out; +@@ -990,10 +990,7 @@ HOOKS_ELEM_DUP_DEF(poststop) + int hooks_##item##_dup(oci_runtime_spec_hooks *dest, const oci_runtime_spec_hooks *src) \ + { \ + int i = 0; \ +- if (src->item##_len > SIZE_MAX / sizeof(defs_hook *) - 1) { \ +- return -1; \ +- } \ +- dest->item = util_common_calloc_s(sizeof(defs_hook *) * (src->item##_len + 1)); \ ++ dest->item = util_smart_calloc_s(sizeof(defs_hook *), (src->item##_len + 1)); \ + if (dest->item == NULL) \ + return -1; \ + dest->item##_len = src->item##_len; \ +diff --git a/src/daemon/entry/connect/grpc/grpc_containers_service_private.cc b/src/daemon/entry/connect/grpc/grpc_containers_service_private.cc +index 56283c8d..e8a48d58 100644 +--- a/src/daemon/entry/connect/grpc/grpc_containers_service_private.cc ++++ b/src/daemon/entry/connect/grpc/grpc_containers_service_private.cc +@@ -206,12 +206,7 @@ int ContainerServiceImpl::top_request_from_grpc(const TopRequest *grequest, cont + } + + if (grequest->args_size() > 0) { +- if ((size_t)grequest->args_size() > SIZE_MAX / sizeof(char *)) { +- ERROR("Too many arguments!"); +- free_container_top_request(tmpreq); +- return -1; +- } +- tmpreq->args = (char **)util_common_calloc_s(sizeof(char *) * grequest->args_size()); ++ tmpreq->args = (char **)util_smart_calloc_s(sizeof(char *), grequest->args_size()); + if (tmpreq->args == nullptr) { + ERROR("Out of memory"); + free_container_top_request(tmpreq); +@@ -373,12 +368,7 @@ int ContainerServiceImpl::exec_request_from_grpc(const ExecRequest *grequest, co + } + + if (grequest->argv_size() > 0) { +- if ((size_t)grequest->argv_size() > SIZE_MAX / sizeof(char *)) { +- ERROR("Too many arguments!"); +- free_container_exec_request(tmpreq); +- return -1; +- } +- tmpreq->argv = (char **)util_common_calloc_s(sizeof(char *) * grequest->argv_size()); ++ tmpreq->argv = (char **)util_smart_calloc_s(sizeof(char *), grequest->argv_size()); + if (tmpreq->argv == nullptr) { + ERROR("Out of memory"); + free_container_exec_request(tmpreq); +@@ -391,12 +381,7 @@ int ContainerServiceImpl::exec_request_from_grpc(const ExecRequest *grequest, co + } + + if (grequest->env_size() > 0) { +- if ((size_t)grequest->argv_size() > SIZE_MAX / sizeof(char *)) { +- ERROR("Too many environmental variables!"); +- free_container_exec_request(tmpreq); +- return -1; +- } +- tmpreq->env = (char **)util_common_calloc_s(sizeof(char *) * grequest->env_size()); ++ tmpreq->env = (char **)util_smart_calloc_s(sizeof(char *), grequest->env_size()); + if (tmpreq->env == nullptr) { + ERROR("Out of memory"); + free_container_exec_request(tmpreq); +@@ -490,15 +475,11 @@ int ContainerServiceImpl::list_request_from_grpc(const ListRequest *grequest, co + *request = tmpreq; + return 0; + } +- if (len > SIZE_MAX / sizeof(char *)) { +- ERROR("invalid filters size"); +- goto cleanup; +- } +- tmpreq->filters->keys = (char **)util_common_calloc_s(len * sizeof(char *)); ++ tmpreq->filters->keys = (char **)util_smart_calloc_s(sizeof(char *), len); + if (tmpreq->filters->keys == nullptr) { + goto cleanup; + } +- tmpreq->filters->values = (json_map_string_bool **)util_common_calloc_s(len * sizeof(json_map_string_bool *)); ++ tmpreq->filters->values = (json_map_string_bool **)util_smart_calloc_s(sizeof(json_map_string_bool *), len); + if (tmpreq->filters->values == nullptr) { + free(tmpreq->filters->keys); + tmpreq->filters->keys = nullptr; +@@ -744,7 +725,7 @@ int ContainerServiceImpl::stats_request_from_grpc(const StatsRequest *grequest, + } + + if (grequest->containers_size() > 0) { +- tmpreq->containers = (char **)util_common_calloc_s(grequest->containers_size() * sizeof(char *)); ++ tmpreq->containers = (char **)util_smart_calloc_s(sizeof(char *), grequest->containers_size()); + if (tmpreq->containers == nullptr) { + ERROR("Out of memory"); + free_container_stats_request(tmpreq); +diff --git a/src/daemon/entry/connect/grpc/grpc_images_service.cc b/src/daemon/entry/connect/grpc/grpc_images_service.cc +index 79c4fb7c..b1ca98b8 100644 +--- a/src/daemon/entry/connect/grpc/grpc_images_service.cc ++++ b/src/daemon/entry/connect/grpc/grpc_images_service.cc +@@ -40,22 +40,17 @@ int ImagesServiceImpl::image_list_request_from_grpc(const ListImagesRequest *gre + *request = tmpreq; + return 0; + } +- if (len > SIZE_MAX / sizeof(char *)) { +- ERROR("invalid filters size"); +- goto cleanup; +- } +- + tmpreq->filters = (defs_filters *)util_common_calloc_s(sizeof(defs_filters)); + if (tmpreq->filters == nullptr) { + ERROR("Out of memory"); + goto cleanup; + } + +- tmpreq->filters->keys = (char **)util_common_calloc_s(len * sizeof(char *)); ++ tmpreq->filters->keys = (char **)util_smart_calloc_s(sizeof(char *), len); + if (tmpreq->filters->keys == nullptr) { + goto cleanup; + } +- tmpreq->filters->values = (json_map_string_bool **)util_common_calloc_s(len * sizeof(json_map_string_bool *)); ++ tmpreq->filters->values = (json_map_string_bool **)util_smart_calloc_s(sizeof(json_map_string_bool *), len); + if (tmpreq->filters->values == nullptr) { + free(tmpreq->filters->keys); + tmpreq->filters->keys = nullptr; +diff --git a/src/daemon/entry/cri/checkpoint_handler.cc b/src/daemon/entry/cri/checkpoint_handler.cc +index 858c830c..d5eab7a7 100644 +--- a/src/daemon/entry/cri/checkpoint_handler.cc ++++ b/src/daemon/entry/cri/checkpoint_handler.cc +@@ -202,11 +202,7 @@ void CheckpointData::CheckpointDataToCStruct(cri_checkpoint_data **data, Errors + } + (*data)->host_network = m_hostNetwork; + if (len > 0) { +- if (len > SIZE_MAX / sizeof(cri_port_mapping *)) { +- error.SetError("Invalid port mapping size"); +- goto out; +- } +- (*data)->port_mappings = (cri_port_mapping **)util_common_calloc_s(sizeof(cri_port_mapping *) * len); ++ (*data)->port_mappings = (cri_port_mapping **)util_smart_calloc_s(sizeof(cri_port_mapping *), len); + if ((*data)->port_mappings == nullptr) { + error.SetError("Out of memory"); + goto out; +diff --git a/src/daemon/entry/cri/cri_helpers.cc b/src/daemon/entry/cri/cri_helpers.cc +index 525d65a0..e5db52f6 100644 +--- a/src/daemon/entry/cri/cri_helpers.cc ++++ b/src/daemon/entry/cri/cri_helpers.cc +@@ -77,8 +77,7 @@ auto GetDefaultSandboxImage(Errors &err) -> std::string + const std::string defaultPodSandboxImageName { "pause" }; + const std::string defaultPodSandboxImageVersion { "3.0" }; + std::string machine; +- struct utsname uts { +- }; ++ struct utsname uts {}; + + if (uname(&uts) < 0) { + err.SetError("Failed to read host arch."); +@@ -230,16 +229,12 @@ auto FiltersAdd(defs_filters *filters, const std::string &key, const std::string + } + + size_t len = filters->len + 1; +- if (len > SIZE_MAX / sizeof(char *)) { +- ERROR("Invalid filter size"); +- return -1; +- } +- char **keys = (char **)util_common_calloc_s(len * sizeof(char *)); ++ char **keys = (char **)util_smart_calloc_s(sizeof(char *), len); + if (keys == nullptr) { + ERROR("Out of memory"); + return -1; + } +- json_map_string_bool **vals = (json_map_string_bool **)util_common_calloc_s(len * sizeof(json_map_string_bool *)); ++ json_map_string_bool **vals = (json_map_string_bool **)util_smart_calloc_s(sizeof(json_map_string_bool *), len); + if (vals == nullptr) { + free(keys); + ERROR("Out of memory"); +@@ -299,10 +294,7 @@ auto ContainerStatusToRuntime(Container_Status status) -> runtime::v1alpha2::Con + auto StringVectorToCharArray(std::vector &path) -> char ** + { + size_t len = path.size(); +- if (len == 0 || len > (SIZE_MAX / sizeof(char *)) - 1) { +- return nullptr; +- } +- char **result = (char **)util_common_calloc_s((len + 1) * sizeof(char *)); ++ char **result = (char **)util_smart_calloc_s(sizeof(char *), (len + 1)); + if (result == nullptr) { + return nullptr; + } +@@ -487,12 +479,8 @@ void GenerateMountBindings(const google::protobuf::RepeatedPtrField INT_MAX / sizeof(char *)) { +- err.SetError("Too many mounts"); +- return; +- } + +- hostconfig->binds = (char **)util_common_calloc_s(mounts.size() * sizeof(char *)); ++ hostconfig->binds = (char **)util_smart_calloc_s(sizeof(char *), mounts.size()); + if (hostconfig->binds == nullptr) { + err.SetError("Out of memory"); + return; +@@ -737,7 +725,6 @@ out: + free_cri_checkpoint(criCheckpoint); + } + +- + auto InspectContainer(const std::string &Id, Errors &err, bool with_host_config) -> container_inspect * + { + container_inspect *inspect_data { nullptr }; +@@ -761,8 +748,7 @@ int32_t ToInt32Timeout(int64_t timeout) + return (int32_t)timeout; + } + +-void GetContainerLogPath(const std::string &containerID, char **path, char **realPath, +- Errors &error) ++void GetContainerLogPath(const std::string &containerID, char **path, char **realPath, Errors &error) + { + container_inspect *info = InspectContainer(containerID, error, false); + if (info == nullptr || error.NotEmpty()) { +@@ -812,8 +798,8 @@ cleanup: + free(realPath); + } + +-void GetContainerTimeStamps(const container_inspect *inspect, int64_t *createdAt, +- int64_t *startedAt, int64_t *finishedAt, Errors &err) ++void GetContainerTimeStamps(const container_inspect *inspect, int64_t *createdAt, int64_t *startedAt, ++ int64_t *finishedAt, Errors &err) + { + if (inspect == nullptr) { + err.SetError("Invalid arguments"); +@@ -979,7 +965,7 @@ cleanup: + + char *GenerateExecSuffix() + { +- char *exec_suffix = (char *)util_common_calloc_s(sizeof(char) * (CONTAINER_ID_MAX_LEN + 1)); ++ char *exec_suffix = (char *)util_smart_calloc_s(sizeof(char), (CONTAINER_ID_MAX_LEN + 1)); + if (exec_suffix == nullptr) { + ERROR("Out of memory"); + return nullptr; +diff --git a/src/daemon/entry/cri/cri_security_context.cc b/src/daemon/entry/cri/cri_security_context.cc +index 466e0e1c..8484108c 100644 +--- a/src/daemon/entry/cri/cri_security_context.cc ++++ b/src/daemon/entry/cri/cri_security_context.cc +@@ -41,11 +41,7 @@ static void ModifyHostConfigCapabilities(const runtime::v1alpha2::LinuxContainer + + const google::protobuf::RepeatedPtrField &capAdd = sc.capabilities().add_capabilities(); + if (!capAdd.empty()) { +- if (static_cast(capAdd.size()) > SIZE_MAX / sizeof(char *)) { +- error.SetError("Invalid capability add size"); +- return; +- } +- hostConfig->cap_add = (char **)util_common_calloc_s(sizeof(char *) * capAdd.size()); ++ hostConfig->cap_add = (char **)util_smart_calloc_s(sizeof(char *), capAdd.size()); + if (hostConfig->cap_add == nullptr) { + error.SetError("Out of memory"); + return; +@@ -57,11 +53,7 @@ static void ModifyHostConfigCapabilities(const runtime::v1alpha2::LinuxContainer + } + const google::protobuf::RepeatedPtrField &capDrop = sc.capabilities().drop_capabilities(); + if (!capDrop.empty()) { +- if (static_cast(capDrop.size()) > SIZE_MAX / sizeof(char *)) { +- error.SetError("Invalid capability drop size"); +- return; +- } +- hostConfig->cap_drop = (char **)util_common_calloc_s(sizeof(char *) * capDrop.size()); ++ hostConfig->cap_drop = (char **)util_smart_calloc_s(sizeof(char *), capDrop.size()); + if (hostConfig->cap_drop == nullptr) { + error.SetError("Out of memory"); + return; +diff --git a/src/daemon/entry/cri/websocket/service/exec_serve.cc b/src/daemon/entry/cri/websocket/service/exec_serve.cc +index 7b7d36b5..b779f25f 100644 +--- a/src/daemon/entry/cri/websocket/service/exec_serve.cc ++++ b/src/daemon/entry/cri/websocket/service/exec_serve.cc +@@ -45,11 +45,7 @@ void *ExecServe::SetContainerStreamRequest(::google::protobuf::Message *request, + } + + if (grequest->cmd_size() > 0) { +- if (static_cast(grequest->cmd_size()) > SIZE_MAX / sizeof(char *)) { +- ERROR("Too many arguments!"); +- return nullptr; +- } +- m_request->argv = (char **)util_common_calloc_s(sizeof(char *) * grequest->cmd_size()); ++ m_request->argv = (char **)util_smart_calloc_s(sizeof(char *), grequest->cmd_size()); + if (m_request->argv == nullptr) { + ERROR("Out of memory!"); + return nullptr; +@@ -109,7 +105,7 @@ int ExecServe::ExecuteStreamCommand(SessionData *lwsCtx, void *request) + + void ExecServe::CloseConnect(SessionData *lwsCtx) + { +- closeWsConnect((void*)lwsCtx, nullptr); ++ closeWsConnect((void *)lwsCtx, nullptr); + } + + void ExecServe::FreeRequest(void *m_request) +diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c +index 850e0a0f..626cfbc6 100644 +--- a/src/daemon/executor/container_cb/execution_create.c ++++ b/src/daemon/executor/container_cb/execution_create.c +@@ -589,7 +589,7 @@ static char *try_generate_id() + char *id = NULL; + char *value = NULL; + +- id = util_common_calloc_s(sizeof(char) * (CONTAINER_ID_MAX_LEN + 1)); ++ id = util_smart_calloc_s(sizeof(char), (CONTAINER_ID_MAX_LEN + 1)); + if (id == NULL) { + ERROR("Out of memory"); + return NULL; +@@ -675,14 +675,8 @@ static int conf_get_image_id(const char *image, char **id) + goto out; + } + +- if (strlen(ir->id) > SIZE_MAX / sizeof(char) - strlen("sha256:")) { +- ERROR("Invalid image id"); +- ret = -1; +- goto out; +- } +- + len = strlen("sha256:") + strlen(ir->id) + 1; +- image_id = (char *)util_common_calloc_s(len * sizeof(char)); ++ image_id = (char *)util_smart_calloc_s(sizeof(char), len); + if (image_id == NULL) { + ERROR("Out of memory"); + ret = -1; +@@ -835,7 +829,7 @@ static int prepare_host_channel(const host_config_host_channel *host_channel, co + #ifdef ENABLE_USERNS_REMAP + char *daemon_userns_remap = conf_get_isulad_userns_remap(); + if (daemon_userns_remap != NULL) { +- userns_remap = (const char *) daemon_userns_remap; ++ userns_remap = (const char *)daemon_userns_remap; + } + #endif + +diff --git a/src/daemon/executor/container_cb/execution_extend.c b/src/daemon/executor/container_cb/execution_extend.c +index 91ce5dbb..5b131a80 100644 +--- a/src/daemon/executor/container_cb/execution_extend.c ++++ b/src/daemon/executor/container_cb/execution_extend.c +@@ -341,11 +341,7 @@ error_out: + + static int service_stats_make_memory(container_info ***stats_arr, size_t num) + { +- if (num > SIZE_MAX / sizeof(container_info *)) { +- return -1; +- } +- +- *stats_arr = util_common_calloc_s(num * sizeof(container_info *)); ++ *stats_arr = util_smart_calloc_s(sizeof(container_info *), num); + if (*stats_arr == NULL) { + ERROR("Out of memory"); + return -1; +diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c +index 297f96b9..144daebf 100644 +--- a/src/daemon/executor/container_cb/execution_information.c ++++ b/src/daemon/executor/container_cb/execution_information.c +@@ -483,12 +483,8 @@ int parse_output(char **title, char ***process, size_t *process_len, const char + + pid_num = get_pid_num(*title); + stime = get_stime(*title); +- if (util_array_len((const char **)tmp) > SIZE_MAX / sizeof(char *)) { +- ERROR("Invalid array length"); +- ret = -1; +- goto out; +- } +- *process = util_common_calloc_s(util_array_len((const char **)tmp) * sizeof(char *)); ++ ++ *process = util_smart_calloc_s(sizeof(char *), util_array_len((const char **)tmp)); + if (*process == NULL) { + ERROR("Out of memory"); + ret = -1; +@@ -604,15 +600,9 @@ static int get_pids(const char *name, const char *runtime, const char *rootpath, + goto out; + } + +- if (out->pids_len > SIZE_MAX / sizeof(pid_t)) { +- ERROR("list too many pids"); +- ret = -1; +- goto out; +- } +- + if (out->pids_len != 0) { + pid_t *tmp = NULL; +- tmp = util_common_calloc_s(sizeof(pid_t) * out->pids_len); ++ tmp = util_smart_calloc_s(sizeof(pid_t), out->pids_len); + if (tmp == NULL) { + ERROR("Memory out"); + ret = -1; +@@ -814,12 +804,7 @@ static int container_top_cb(container_top_request *request, container_top_respon + cc = ISULAD_ERR_EXEC; + goto pack_response; + } +- if (process_len > SIZE_MAX / sizeof(char *)) { +- ERROR("invalid processe size"); +- cc = ISULAD_ERR_EXEC; +- goto pack_response; +- } +- (*response)->processes = util_common_calloc_s(process_len * sizeof(char *)); ++ (*response)->processes = util_smart_calloc_s(sizeof(char *), process_len); + if ((*response)->processes == NULL) { + ERROR("Out of memory"); + cc = ISULAD_ERR_EXEC; +diff --git a/src/daemon/executor/container_cb/list.c b/src/daemon/executor/container_cb/list.c +index 90f4a548..026f1efb 100644 +--- a/src/daemon/executor/container_cb/list.c ++++ b/src/daemon/executor/container_cb/list.c +@@ -609,14 +609,7 @@ static int pack_list_containers(char **idsarray, const struct list_context *ctx, + if (container_nums == 0) { + goto out; + } +- +- if (container_nums > (SIZE_MAX / sizeof(container_container *))) { +- ERROR("Get too many containers:%zu", container_nums); +- ret = -1; +- goto out; +- } +- +- response->containers = util_common_calloc_s(container_nums * sizeof(container_container *)); ++ response->containers = util_smart_calloc_s(sizeof(container_container *), container_nums); + if (response->containers == NULL) { + ERROR("Out of memory"); + ret = -1; +diff --git a/src/daemon/executor/image_cb/image_cb.c b/src/daemon/executor/image_cb/image_cb.c +index e75cf65c..10a9661a 100644 +--- a/src/daemon/executor/image_cb/image_cb.c ++++ b/src/daemon/executor/image_cb/image_cb.c +@@ -659,14 +659,7 @@ static int trans_im_list_images(const im_list_response *im_list, image_list_imag + // If one image have several repo tags, display them all. Image with no + // repo will also be displayed + images_display_num = calc_images_display_num(im_list->images); +- if (images_display_num >= (SIZE_MAX / sizeof(image_image *))) { +- INFO("Too many images, out of memory"); +- ret = -1; +- isulad_try_set_error_message("Get too many images info, out of memory"); +- goto out; +- } +- +- response->images = util_common_calloc_s(sizeof(image_image *) * images_display_num); ++ response->images = util_smart_calloc_s(sizeof(image_image *), images_display_num); + if (response->images == NULL) { + ERROR("Out of memory"); + ret = -1; +@@ -1074,7 +1067,7 @@ static int image_pull_cb(const image_pull_image_request *request, image_pull_ima + } + + EVENT("Image Event: {Object: %s, Type: Pulling}", image_ref); +- ret = pull_request_from_rest(request, &im_req); ++ ret = pull_request_from_rest(request, &im_req); + if (ret != 0) { + goto out; + } +@@ -1101,7 +1094,6 @@ out: + return (ret < 0) ? ECOMMON : ret; + } + +- + /* image callback init */ + void image_callback_init(service_image_callback_t *cb) + { +diff --git a/src/daemon/modules/container/container_state.c b/src/daemon/modules/container/container_state.c +index efcbe852..d342df25 100644 +--- a/src/daemon/modules/container/container_state.c ++++ b/src/daemon/modules/container/container_state.c +@@ -479,12 +479,7 @@ static int container_dup_health_check_status(defs_health **dst, const defs_healt + result->status = src->status ? util_strdup_s(src->status) : NULL; + result->failing_streak = src->failing_streak; + if (src->log_len != 0) { +- if (src->log_len > SIZE_MAX / sizeof(defs_health_log_element *)) { +- ERROR("Invalid log size"); +- ret = -1; +- goto error; +- } +- result->log = util_common_calloc_s(sizeof(defs_health_log_element *) * src->log_len); ++ result->log = util_smart_calloc_s(sizeof(defs_health_log_element *), src->log_len); + if (result->log == NULL) { + ERROR("Out of memory"); + ret = -1; +diff --git a/src/daemon/modules/container/container_unix.c b/src/daemon/modules/container/container_unix.c +index 98f91ea9..9910b3c8 100644 +--- a/src/daemon/modules/container/container_unix.c ++++ b/src/daemon/modules/container/container_unix.c +@@ -387,16 +387,11 @@ static int pack_path_and_args_from_container_spec(const container_config *contai + v2_spec->path = util_strdup_s(container_spec->entrypoint[0]); + total = container_spec->entrypoint_len + container_spec->cmd_len - 1; + +- if (total > SIZE_MAX / sizeof(char *)) { +- ERROR("Container oci spec process args elements is too much!"); +- ret = -1; +- goto out; +- } + if (total == 0) { + goto out; + } + +- v2_spec->args = util_common_calloc_s(total * sizeof(char *)); ++ v2_spec->args = util_smart_calloc_s(sizeof(char *), total); + if (v2_spec->args == NULL) { + ERROR("Out of memory"); + ret = -1; +diff --git a/src/daemon/modules/container/containers_store.c b/src/daemon/modules/container/containers_store.c +index e0700296..e5c5b2ef 100644 +--- a/src/daemon/modules/container/containers_store.c ++++ b/src/daemon/modules/container/containers_store.c +@@ -262,11 +262,7 @@ int containers_store_list(container_t ***out, size_t *size) + ret = 0; + goto unlock; + } +- if (*size > SIZE_MAX / sizeof(container_t *)) { +- ERROR("Containers store list is too long!"); +- goto unlock; +- } +- conts = util_common_calloc_s(sizeof(container_t *) * (*size)); ++ conts = util_smart_calloc_s(sizeof(container_t *), (*size)); + if (conts == NULL) { + ERROR("Out of memory"); + goto unlock; +diff --git a/src/daemon/modules/container/health_check/health_check.c b/src/daemon/modules/container/health_check/health_check.c +index dc00ae33..59ec01aa 100644 +--- a/src/daemon/modules/container/health_check/health_check.c ++++ b/src/daemon/modules/container/health_check/health_check.c +@@ -289,13 +289,15 @@ static char **health_check_cmds(const container_config *config) + } + + shell_len = util_array_len((const char **)shell); +- if (shell_len > (SIZE_MAX / sizeof(char *)) - config->healthcheck->test_len) { +- ERROR("Invalid shell length"); ++ ++ if (config->healthcheck->test_len > SIZE_MAX - shell_len) { ++ ERROR("Invalid test comand length"); + goto out; + } +- cmd_slice = util_common_calloc_s((shell_len + config->healthcheck->test_len) * sizeof(char *)); ++ ++ cmd_slice = util_smart_calloc_s(sizeof(char *), (shell_len + config->healthcheck->test_len)); + if (cmd_slice == NULL) { +- ERROR("out of memory"); ++ ERROR("Out of memory"); + goto out; + } + for (i = 0; i < shell_len; i++) { +@@ -423,8 +425,7 @@ static int handle_increment_streak(container_t *cont, int retries) + if (cont->common_config->config->healthcheck->exit_on_unhealthy) { + pthread_t stop_container_tid = { 0 }; + char *container_id = util_strdup_s(cont->common_config->id); +- if (pthread_create(&stop_container_tid, NULL, stop_container_on_unhealthy, +- (void *)container_id)) { ++ if (pthread_create(&stop_container_tid, NULL, stop_container_on_unhealthy, (void *)container_id)) { + free(container_id); + ERROR("Failed to create thread to exec health check"); + ret = -1; +@@ -845,8 +846,8 @@ static void *health_check_monitor(void *arg) + case MONITOR_IDLE: + /* fall-through */ + default: +- if (do_monitor_default(container_id, probe_interval, cont->health_check, +- &start_timestamp, &last_timestamp) != 0) { ++ if (do_monitor_default(container_id, probe_interval, cont->health_check, &start_timestamp, ++ &last_timestamp) != 0) { + goto out; + } + break; +diff --git a/src/daemon/modules/image/embedded/embedded_image.c b/src/daemon/modules/image/embedded/embedded_image.c +index e6c136e0..910ba24a 100644 +--- a/src/daemon/modules/image/embedded/embedded_image.c ++++ b/src/daemon/modules/image/embedded/embedded_image.c +@@ -169,13 +169,7 @@ static int embedded_images_to_imagetool_images(struct db_all_images *all_images, + goto out; + } + +- if (images_num >= (SIZE_MAX / sizeof(imagetool_image_summary *))) { +- ERROR("Too many images, out of memory"); +- ret = -1; +- isulad_try_set_error_message("Get too many images info, out of memory"); +- goto out; +- } +- list->images = util_common_calloc_s(sizeof(imagetool_image_summary *) * images_num); ++ list->images = util_smart_calloc_s(sizeof(imagetool_image_summary *), images_num); + if (list->images == NULL) { + ERROR("Out of memory"); + ret = -1; +diff --git a/src/daemon/modules/image/oci/oci_config_merge.c b/src/daemon/modules/image/oci/oci_config_merge.c +index 41529a11..dc9cbb74 100644 +--- a/src/daemon/modules/image/oci/oci_config_merge.c ++++ b/src/daemon/modules/image/oci/oci_config_merge.c +@@ -73,12 +73,7 @@ static int do_duplicate_commands(const oci_image_spec_config *config, container_ + return 0; + } + +- if (config->cmd_len > SIZE_MAX / sizeof(char *)) { +- ERROR("too many commands!"); +- return -1; +- } +- +- container_spec->cmd = (char **)util_common_calloc_s(sizeof(char *) * config->cmd_len); ++ container_spec->cmd = (char **)util_smart_calloc_s(sizeof(char *), config->cmd_len); + if (container_spec->cmd == NULL) { + ERROR("Out of memory"); + return -1; +@@ -239,13 +234,7 @@ static int dup_health_check_from_image(const defs_health_check *image_health_che + return -1; + } + +- if (image_health_check->test_len > SIZE_MAX / sizeof(char *)) { +- ERROR("invalid health check commands!"); +- ret = -1; +- goto out; +- } +- +- health_check->test = util_common_calloc_s(sizeof(char *) * image_health_check->test_len); ++ health_check->test = util_smart_calloc_s(sizeof(char *), image_health_check->test_len); + if (health_check->test == NULL) { + ERROR("Out of memory"); + ret = -1; +diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c +index a8eecfe9..64ef2a1a 100644 +--- a/src/daemon/modules/image/oci/oci_load.c ++++ b/src/daemon/modules/image/oci/oci_load.c +@@ -224,7 +224,7 @@ static char **str_array_copy(char **arr, size_t len) + char **str_arr = NULL; + size_t i = 0; + +- str_arr = util_common_calloc_s(sizeof(char *) * len); ++ str_arr = util_smart_calloc_s(sizeof(char *), len); + if (str_arr == NULL) { + ERROR("Out of memory"); + return NULL; +@@ -705,7 +705,8 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items + } + + if (conf->rootfs->diff_ids_len != im->layers_len) { +- ERROR("Invalid manifest, layers length mismatch: expected %zu, got %zu", im->layers_len, conf->rootfs->diff_ids_len); ++ ERROR("Invalid manifest, layers length mismatch: expected %zu, got %zu", im->layers_len, ++ conf->rootfs->diff_ids_len); + ret = -1; + goto out; + } +@@ -727,7 +728,8 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items + // The format is sha256:xxx + im->layers[i]->chain_id = oci_load_calc_chain_id(parent_chain_id_sha256, conf->rootfs->diff_ids[i]); + if (im->layers[i]->chain_id == NULL) { +- ERROR("calc chain id failed, diff id %s, parent chain id %s", conf->rootfs->diff_ids[i], parent_chain_id_sha256); ++ ERROR("calc chain id failed, diff id %s, parent chain id %s", conf->rootfs->diff_ids[i], ++ parent_chain_id_sha256); + ret = -1; + goto out; + } +@@ -881,7 +883,7 @@ static int oci_load_set_manifest_info(load_image_t *im) + } + + im->manifest->schema_version = OCI_SCHEMA_VERSION; +- im->manifest->layers = util_common_calloc_s(sizeof(oci_image_content_descriptor *) * im->layers_len); ++ im->manifest->layers = util_smart_calloc_s(sizeof(oci_image_content_descriptor *), im->layers_len); + if (im->manifest->layers == NULL) { + ERROR("Out of memory"); + ret = -1; +diff --git a/src/daemon/modules/image/oci/registry/auths.c b/src/daemon/modules/image/oci/registry/auths.c +index f8cd7977..02b9753c 100644 +--- a/src/daemon/modules/image/oci/registry/auths.c ++++ b/src/daemon/modules/image/oci/registry/auths.c +@@ -236,7 +236,7 @@ static int add_allocated_auth(registry_auths *auths, char *host, char *auth) + + result_len = auths->auths->len + 1; + element = util_common_calloc_s(sizeof(defs_map_string_object_auths_element)); +- values = util_common_calloc_s(sizeof(defs_map_string_object_auths_element *) * result_len); ++ values = util_smart_calloc_s(sizeof(defs_map_string_object_auths_element *), result_len); + if (element == NULL || values == NULL) { + ERROR("out of memory"); + ret = -1; +diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c +index 25973c71..e6369f90 100644 +--- a/src/daemon/modules/image/oci/registry/registry.c ++++ b/src/daemon/modules/image/oci/registry/registry.c +@@ -132,7 +132,7 @@ static int parse_manifest_schema1(pull_descriptor *desc) + goto out; + } + +- desc->layers = util_common_calloc_s(sizeof(layer_blob) * manifest->fs_layers_len); ++ desc->layers = util_smart_calloc_s(sizeof(layer_blob), manifest->fs_layers_len); + if (desc->layers == NULL) { + ERROR("out of memory"); + ret = -1; +@@ -197,7 +197,7 @@ static int parse_manifest_schema2(pull_descriptor *desc) + goto out; + } + +- desc->layers = util_common_calloc_s(sizeof(layer_blob) * manifest->layers_len); ++ desc->layers = util_smart_calloc_s(sizeof(layer_blob), manifest->layers_len); + if (desc->layers == NULL) { + ERROR("out of memory"); + ret = -1; +@@ -250,7 +250,7 @@ static int parse_manifest_ociv1(pull_descriptor *desc) + goto out; + } + +- desc->layers = util_common_calloc_s(sizeof(layer_blob) * manifest->layers_len); ++ desc->layers = util_smart_calloc_s(sizeof(layer_blob), manifest->layers_len); + if (desc->layers == NULL) { + ERROR("out of memory"); + ret = -1; +@@ -390,7 +390,7 @@ static int add_cached_layer(char *blob_digest, char *file, thread_fetch_info *in + struct linked_list *node = NULL; + char *src_file = NULL; + thread_fetch_info *src_info = NULL; +- file_elem *elem = {NULL}; ++ file_elem *elem = { NULL }; + pull_descriptor *desc = info->desc; + + cache = (cached_layer *)map_search(g_shared->cached_layers, blob_digest); +@@ -430,8 +430,8 @@ static int add_cached_layer(char *blob_digest, char *file, thread_fetch_info *in + ret = -1; + goto out; + } +- src_file = ((file_elem*)elem)->file; +- src_info = ((file_elem*)elem)->info; ++ src_file = ((file_elem *)elem)->file; ++ src_info = ((file_elem *)elem)->info; + if (src_info == NULL) { + ERROR("source info is NULL, this should never happen"); + ret = -1; +@@ -561,16 +561,16 @@ static int set_cached_info_to_desc(thread_fetch_info *info) + } + + if (desc->layers[i].diff_id == NULL) { +- ERROR("layer %zu of image %s have invalid NULL diffid, info->use=%d, info->diffid=%s", +- i, desc->image_name, info->use, info->diffid); ++ ERROR("layer %zu of image %s have invalid NULL diffid, info->use=%d, info->diffid=%s", i, desc->image_name, ++ info->use, info->diffid); + return -1; + } + + if (desc->layers[i].chain_id == NULL) { + desc->layers[i].chain_id = calc_chain_id(desc->parent_chain_id, desc->layers[i].diff_id); + if (desc->layers[i].chain_id == NULL) { +- ERROR("calc chain id failed, diff id %s, parent chain id %s", +- desc->layers[i].diff_id, desc->parent_chain_id); ++ ERROR("calc chain id failed, diff id %s, parent chain id %s", desc->layers[i].diff_id, ++ desc->parent_chain_id); + return -1; + } + } +@@ -1177,7 +1177,7 @@ static void notify_cached_descs(char *blob_digest) + + // notify all related register threads to do register + linked_list_for_each_safe(item, &cache->file_list, next) { +- info = ((file_elem*)item->elem)->info; ++ info = ((file_elem *)item->elem)->info; + info->notified = true; + register_layer_notify(info->desc); + } +@@ -1249,7 +1249,7 @@ static int add_fetch_task(thread_fetch_info *info) + pthread_t tid = 0; + bool cached_layers_added = true; + cached_layer *cache = NULL; +- struct timespec ts = {0}; ++ struct timespec ts = { 0 }; + + mutex_lock(&g_shared->mutex); + cache = get_cached_layer(info->blob_digest); +@@ -1406,7 +1406,7 @@ static void *register_layers_in_thread(void *arg) + int ret = 0; + int cond_ret = 0; + size_t i = 0; +- struct timespec ts = {0}; ++ struct timespec ts = { 0 }; + + ret = pthread_detach(pthread_self()); + if (ret != 0) { +@@ -1425,8 +1425,8 @@ static void *register_layers_in_thread(void *arg) + // here we can't just break and cleanup resources because threads are running. + // desc is freed if we break and then isulad crash. sleep some time + // instead to avoid cpu full running and then retry. +- ERROR("condition wait for layer %zu to complete failed, ret %d, error: %s", +- i, cond_ret, strerror(errno)); ++ ERROR("condition wait for layer %zu to complete failed, ret %d, error: %s", i, cond_ret, ++ strerror(errno)); + sleep(10); + continue; + } +@@ -1504,14 +1504,14 @@ static int fetch_all(pull_descriptor *desc) + char *parent_chain_id = NULL; + struct layer_list *list = NULL; + pthread_t tid = 0; +- struct timespec ts = {0}; ++ struct timespec ts = { 0 }; + + if (desc == NULL) { + ERROR("Invalid NULL param"); + return -1; + } + +- infos = util_common_calloc_s(sizeof(thread_fetch_info) * desc->layers_len); ++ infos = util_smart_calloc_s(sizeof(thread_fetch_info), desc->layers_len); + if (infos == NULL) { + ERROR("out of memory"); + return -1; +@@ -1611,8 +1611,7 @@ static int fetch_all(pull_descriptor *desc) + // here we can't just break and cleanup resources because threads are running. + // desc is freed if we break and then isulad crash. sleep some time + // instead to avoid cpu full running and then retry. +- ERROR("condition wait for all layers to complete failed, ret %d, error: %s", +- cond_ret, strerror(errno)); ++ ERROR("condition wait for all layers to complete failed, ret %d, error: %s", cond_ret, strerror(errno)); + sleep(10); + continue; + } +diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c +index edb28b78..3ee69ee7 100644 +--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c ++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c +@@ -2256,7 +2256,7 @@ static int pack_health_check_from_image(const oci_image_spec *spec, imagetool_im + goto out; + } + +- healthcheck->test = util_common_calloc_s(sizeof(char *) * spec->config->healthcheck->test_len); ++ healthcheck->test = util_smart_calloc_s(sizeof(char *), spec->config->healthcheck->test_len); + if (healthcheck->test == NULL) { + ERROR("Out of memory"); + ret = -1; +@@ -2662,7 +2662,7 @@ int image_store_get_all_images(imagetool_images_list *images_list) + goto unlock; + } + +- images_list->images = util_common_calloc_s(g_image_store->images_list_len * sizeof(imagetool_image *)); ++ images_list->images = util_smart_calloc_s(g_image_store->images_list_len, sizeof(imagetool_image *)); + if (images_list->images == NULL) { + ERROR("Out of memory"); + ret = -1; +@@ -3175,7 +3175,7 @@ static int get_layers_from_manifest(const registry_manifest_schema1 *manifest, l + goto out; + } + +- layers = util_common_calloc_s(sizeof(layer_blob) * manifest->fs_layers_len); ++ layers = util_smart_calloc_s(sizeof(layer_blob), manifest->fs_layers_len); + if (layers == NULL) { + ERROR("out of memory"); + ret = -1; +diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c +index 415f2004..80a25502 100644 +--- a/src/daemon/modules/image/oci/utils_images.c ++++ b/src/daemon/modules/image/oci/utils_images.c +@@ -305,7 +305,7 @@ char *make_big_data_base_name(const char *key) + } + name_size = 1 + strlen(b64_encode_name) + 1; // '=' + encode string + '\0' + +- base_name = (char *)util_common_calloc_s(name_size * sizeof(char)); ++ base_name = (char *)util_smart_calloc_s(sizeof(char), name_size); + if (base_name == NULL) { + ERROR("Out of memory"); + ret = -1; +@@ -436,7 +436,7 @@ int add_rootfs_and_history(const layer_blob *layers, size_t layers_len, const re + } + + config->rootfs = util_common_calloc_s(sizeof(docker_image_rootfs)); +- config->history = util_common_calloc_s(sizeof(docker_image_history *) * layers_len); ++ config->history = util_smart_calloc_s(sizeof(docker_image_history *), layers_len); + if (config->rootfs == NULL || config->history == NULL) { + ERROR("out of memory"); + return -1; +diff --git a/src/daemon/modules/plugin/plugin.c b/src/daemon/modules/plugin/plugin.c +index 4e343a20..bd45f8a3 100644 +--- a/src/daemon/modules/plugin/plugin.c ++++ b/src/daemon/modules/plugin/plugin.c +@@ -1123,12 +1123,7 @@ static int pm_init_plugin(const plugin_t *plugin) + * prepare or delete dirty resource. + */ + if (container_num) { +- if (container_num > SIZE_MAX / sizeof(plugin_init_plugin_request_containers_element *)) { +- ERROR("Invalid container nums"); +- ret = -1; +- goto out; +- } +- reqs.containers = util_common_calloc_s(container_num * sizeof(plugin_init_plugin_request_containers_element *)); ++ reqs.containers = util_smart_calloc_s(sizeof(plugin_init_plugin_request_containers_element *), container_num); + if (reqs.containers == NULL) { + ERROR("Out of memory"); + ret = -1; +diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +index f5313fa8..724def25 100644 +--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c ++++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +@@ -335,7 +335,7 @@ static int generate_user_string_by_uid_gid(const defs_process_user *puser, char + } + + len = strlen(uid_str) + 1 + strlen(gid_str) + 1; +- *user = (char *)util_common_calloc_s(len * sizeof(char)); ++ *user = (char *)util_smart_calloc_s(sizeof(char), len); + if (*user == NULL) { + ERROR("Out of memory"); + return -1; +diff --git a/src/daemon/modules/service/inspect_container.c b/src/daemon/modules/service/inspect_container.c +index b060fe12..3136433f 100644 +--- a/src/daemon/modules/service/inspect_container.c ++++ b/src/daemon/modules/service/inspect_container.c +@@ -42,12 +42,7 @@ static int dup_path_and_args(const container_t *cont, char **path, char ***args, + *path = util_strdup_s(cont->common_config->path); + } + if (cont->common_config->args_len > 0) { +- if ((cont->common_config->args_len) > SIZE_MAX / sizeof(char *)) { +- ERROR("Containers config args len is too many!"); +- ret = -1; +- goto out; +- } +- *args = util_common_calloc_s(cont->common_config->args_len * sizeof(char *)); ++ *args = util_smart_calloc_s(sizeof(char *), cont->common_config->args_len); + if ((*args) == NULL) { + ERROR("Out of memory"); + ret = -1; +@@ -111,12 +106,7 @@ static int dup_health_check_config(const container_config *src, container_inspec + goto out; + } + if (src->healthcheck->test != NULL && src->healthcheck->test_len != 0) { +- if (src->healthcheck->test_len > SIZE_MAX / sizeof(char *)) { +- ERROR("health check test is too much!"); +- ret = -1; +- goto out; +- } +- dest->health_check->test = util_common_calloc_s(src->healthcheck->test_len * sizeof(char *)); ++ dest->health_check->test = util_smart_calloc_s(sizeof(char *), src->healthcheck->test_len); + if (dest->health_check->test == NULL) { + ERROR("Out of memory"); + ret = -1; +@@ -313,11 +303,7 @@ static int mount_point_to_inspect(const container_t *cont, container_inspect *in + } + + len = cont->common_config->mount_points->len; +- if (len > SIZE_MAX / sizeof(docker_types_mount_point *)) { +- ERROR("Invalid mount point size"); +- return -1; +- } +- inspect->mounts = util_common_calloc_s(sizeof(docker_types_mount_point *) * len); ++ inspect->mounts = util_smart_calloc_s(sizeof(docker_types_mount_point *), len); + if (inspect->mounts == NULL) { + ERROR("Out of memory"); + return -1; +diff --git a/src/daemon/modules/service/io_handler.c b/src/daemon/modules/service/io_handler.c +index d57894f2..893733bc 100644 +--- a/src/daemon/modules/service/io_handler.c ++++ b/src/daemon/modules/service/io_handler.c +@@ -218,22 +218,18 @@ static void io_copy_thread_cleanup(struct io_write_wrapper *writers, struct io_c + free(channels); + } + +-static int io_copy_init_fds(size_t len, int **infds, int **outfds, int **srcfds, +- struct io_write_wrapper **writers, transfer_channel_type **channels) ++static int io_copy_init_fds(size_t len, int **infds, int **outfds, int **srcfds, struct io_write_wrapper **writers, ++ transfer_channel_type **channels) + { + size_t i; + +- if (len > SIZE_MAX / sizeof(struct io_write_wrapper)) { +- ERROR("Invalid arguments"); +- return -1; +- } +- *srcfds = util_common_calloc_s(sizeof(int) * len); ++ *srcfds = util_smart_calloc_s(sizeof(int), len); + if (*srcfds == NULL) { + ERROR("Out of memory"); + return -1; + } + +- *infds = util_common_calloc_s(sizeof(int) * len); ++ *infds = util_smart_calloc_s(sizeof(int), len); + if (*infds == NULL) { + ERROR("Out of memory"); + return -1; +@@ -241,7 +237,7 @@ static int io_copy_init_fds(size_t len, int **infds, int **outfds, int **srcfds, + for (i = 0; i < len; i++) { + (*infds)[i] = -1; + } +- *outfds = util_common_calloc_s(sizeof(int) * len); ++ *outfds = util_smart_calloc_s(sizeof(int), len); + if (*outfds == NULL) { + ERROR("Out of memory"); + return -1; +@@ -250,13 +246,13 @@ static int io_copy_init_fds(size_t len, int **infds, int **outfds, int **srcfds, + (*outfds)[i] = -1; + } + +- *writers = util_common_calloc_s(sizeof(struct io_write_wrapper) * len); ++ *writers = util_smart_calloc_s(sizeof(struct io_write_wrapper), len); + if (*writers == NULL) { + ERROR("Out of memory"); + return -1; + } + +- *channels = util_common_calloc_s(sizeof(transfer_channel_type) * len); ++ *channels = util_smart_calloc_s(sizeof(transfer_channel_type), len); + if (*channels == NULL) { + ERROR("Out of memory"); + return -1; +@@ -266,7 +262,6 @@ static int io_copy_init_fds(size_t len, int **infds, int **outfds, int **srcfds, + (*channels)[i] = MAX_CHANNEL; + } + return 0; +- + } + typedef int (*src_io_type_handle)(int index, struct io_copy_arg *copy_arg, int *infds, int *srcfds); + +@@ -305,8 +300,8 @@ static int handle_src_io_max(int index, struct io_copy_arg *copy_arg, int *infds + return -1; + } + +-static int io_copy_make_srcfds(size_t len, struct io_copy_arg *copy_arg, int *infds, +- int *srcfds, transfer_channel_type *channels) ++static int io_copy_make_srcfds(size_t len, struct io_copy_arg *copy_arg, int *infds, int *srcfds, ++ transfer_channel_type *channels) + { + size_t i; + +@@ -536,11 +531,13 @@ int ready_copy_io_data(int sync_fd, bool detach, const char *fifoin, const char + if (fifoout != NULL) { + // fifos[1] : lxc -> iSulad read + // fifoout : iSulad -> iSula write +- add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[1], IO_FIFO, (void *)fifoout, O_WRONLY, STDOUT_CHANNEL); ++ add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[1], IO_FIFO, (void *)fifoout, O_WRONLY, ++ STDOUT_CHANNEL); + } + + if (fifoerr != NULL) { +- add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[2], IO_FIFO, (void *)fifoerr, O_WRONLY, STDERR_CHANNEL); ++ add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[2], IO_FIFO, (void *)fifoerr, O_WRONLY, ++ STDERR_CHANNEL); + } + + if (stdin_fd > 0) { +@@ -548,11 +545,13 @@ int ready_copy_io_data(int sync_fd, bool detach, const char *fifoin, const char + } + + if (stdout_handler != NULL) { +- add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[1], IO_FUNC, stdout_handler, O_WRONLY, STDOUT_CHANNEL); ++ add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[1], IO_FUNC, stdout_handler, O_WRONLY, ++ STDOUT_CHANNEL); + } + + if (stderr_handler != NULL) { +- add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[2], IO_FUNC, stderr_handler, O_WRONLY, STDERR_CHANNEL); ++ add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[2], IO_FUNC, stderr_handler, O_WRONLY, ++ STDERR_CHANNEL); + } + + if (start_io_copy_thread(sync_fd, detach, io_copy, len, tid) != 0) { +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index 43a4a0c9..f90ffd7d 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -1690,7 +1690,7 @@ static int dup_defs_process_user(defs_process_user *src, defs_process_user **dst + (*dst)->gid = src->gid; + + if (src->additional_gids_len != 0) { +- (*dst)->additional_gids = util_common_calloc_s(sizeof(gid_t) * src->additional_gids_len); ++ (*dst)->additional_gids = util_smart_calloc_s(sizeof(gid_t), src->additional_gids_len); + if ((*dst)->additional_gids == NULL) { + ERROR("Out of memory"); + ret = -1; +diff --git a/src/daemon/modules/spec/parse_volume.c b/src/daemon/modules/spec/parse_volume.c +index 7b02f6ca..40c4cecb 100644 +--- a/src/daemon/modules/spec/parse_volume.c ++++ b/src/daemon/modules/spec/parse_volume.c +@@ -341,14 +341,14 @@ static int check_volume_element(const char *volume) + return ret; + } + +-static int set_volume_element_options(defs_mount *mount_element, const char **modes, bool *with_rw, +- bool *with_pro, bool *with_label) ++static int set_volume_element_options(defs_mount *mount_element, const char **modes, bool *with_rw, bool *with_pro, ++ bool *with_label) + { + const size_t max_options_len = 4; + size_t options_len = 0; + size_t i = 0; + +- mount_element->options = util_common_calloc_s(max_options_len * sizeof(char *)); ++ mount_element->options = util_smart_calloc_s(sizeof(char *), max_options_len); + if (mount_element->options == NULL) { + ERROR("Out of memory"); + return -1; +diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c +index 7023fa41..cf4aa111 100644 +--- a/src/daemon/modules/spec/specs.c ++++ b/src/daemon/modules/spec/specs.c +@@ -1305,11 +1305,7 @@ static int prepare_process_args(oci_runtime_spec *oci_spec, size_t args_len) + oci_spec->process->args_len = 0; + } + +- if (args_len > (SIZE_MAX / sizeof(char *))) { +- return -1; +- } +- +- oci_spec->process->args = util_common_calloc_s(args_len * sizeof(char *)); ++ oci_spec->process->args = util_smart_calloc_s(sizeof(char *), args_len); + if (oci_spec->process->args == NULL) { + return -1; + } +diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c +index e55832c5..62fd875c 100644 +--- a/src/daemon/modules/spec/specs_mount.c ++++ b/src/daemon/modules/spec/specs_mount.c +@@ -376,7 +376,7 @@ static defs_mount *mount_point_to_defs_mnt(container_config_v2_common_config_mou + return NULL; + } + mnt->options = +- util_common_calloc_s(sizeof(char *) * (options_len + 3)); // +2 for readonly/propagation/selinux_relabel ++ util_smart_calloc_s(sizeof(char *), (options_len + 3)); // +2 for readonly/propagation/selinux_relabel + if (mnt->options == NULL) { + ERROR("Out of memory"); + ret = -1; +@@ -1154,12 +1154,7 @@ static host_config_devices_element **parse_multi_devices(const char *dir_host, c + return NULL; + } + +- if (devices_len > SIZE_MAX / sizeof(host_config_devices_element *)) { +- ERROR("Too many devices"); +- return NULL; +- } +- +- dev_maps = util_common_calloc_s(devices_len * sizeof(host_config_devices_element *)); ++ dev_maps = util_smart_calloc_s(sizeof(host_config_devices_element *), devices_len); + if (dev_maps == NULL) { + ERROR("Memory out"); + return NULL; +@@ -2312,7 +2307,7 @@ static bool mount_file(defs_mount ***all_mounts, size_t *all_mounts_len, const c + bool ret = false; + defs_mount *tmp_mounts = NULL; + +- options = util_common_calloc_s(options_len * sizeof(char *)); ++ options = util_smart_calloc_s(sizeof(char *), options_len); + if (options == NULL) { + ERROR("Out of memory"); + goto out_free; +@@ -2359,7 +2354,7 @@ static bool add_host_channel_mount(defs_mount ***all_mounts, size_t *all_mounts_ + bool ret = false; + defs_mount *tmp_mounts = NULL; + +- options = util_common_calloc_s(options_len * sizeof(char *)); ++ options = util_smart_calloc_s(sizeof(char *), options_len); + if (options == NULL) { + ERROR("Out of memory"); + goto out_free; +@@ -3262,7 +3257,7 @@ static int merge_all_fs_mounts(host_config *host_spec, container_config *contain + return 0; + } + +- merged_mounts = util_common_calloc_s(sizeof(defs_mount *) * len); ++ merged_mounts = util_smart_calloc_s(sizeof(defs_mount *), len); + if (merged_mounts == NULL) { + ERROR("out of memory"); + ret = -1; +diff --git a/src/daemon/modules/spec/specs_security.c b/src/daemon/modules/spec/specs_security.c +index 8a8b2d86..643c2745 100644 +--- a/src/daemon/modules/spec/specs_security.c ++++ b/src/daemon/modules/spec/specs_security.c +@@ -42,11 +42,11 @@ + + static const char * const g_system_caps[] = { "SYS_BOOT", "SETPCAP", "NET_RAW", "NET_BIND_SERVICE", + #ifdef CAP_AUDIT_WRITE +- "AUDIT_WRITE", ++ "AUDIT_WRITE", + #endif +- "DAC_OVERRIDE", "SETFCAP", "SETGID", "SETUID", "MKNOD", "CHOWN", +- "FOWNER", "FSETID", "KILL", "SYS_CHROOT" +- }; ++ "DAC_OVERRIDE", "SETFCAP", "SETGID", "SETUID", "MKNOD", "CHOWN", ++ "FOWNER", "FSETID", "KILL", "SYS_CHROOT" ++ }; + + static int append_capability(char ***dstcaps, size_t *dstcaps_len, const char *cap) + { +@@ -83,12 +83,7 @@ static int copy_capabilities(char ***dstcaps, size_t *dstcaps_len, const char ** + *dstcaps_len = 0; + return ret; + } +- if (srccaps_len > SIZE_MAX / sizeof(char *)) { +- ERROR("Too many capabilities to copy!"); +- return -1; +- } +- +- *dstcaps = util_common_calloc_s(srccaps_len * sizeof(char *)); ++ *dstcaps = util_smart_calloc_s(sizeof(char *), srccaps_len); + if (*dstcaps == NULL) { + ret = -1; + goto out; +@@ -457,7 +452,7 @@ static bool meet_filtering_rules(const docker_seccomp *seccomp, const docker_sec + return meet_include_arch && meet_include_cap && meet_exclude_arch && meet_exclude_cap; + } + +-static size_t docker_seccomp_arches_count(const char* seccomp_architecture, const docker_seccomp *docker_seccomp_spec) ++static size_t docker_seccomp_arches_count(const char *seccomp_architecture, const docker_seccomp *docker_seccomp_spec) + { + size_t count = 0; + size_t i = 0; +@@ -468,7 +463,7 @@ static size_t docker_seccomp_arches_count(const char* seccomp_architecture, cons + } + + for (i = 0; i < docker_seccomp_spec->arch_map_len; ++i) { +- if (docker_seccomp_spec->arch_map[i] == NULL || docker_seccomp_spec->arch_map[i]->architecture == NULL) { ++ if (docker_seccomp_spec->arch_map[i] == NULL || docker_seccomp_spec->arch_map[i]->architecture == NULL) { + continue; + } + if (strcmp(seccomp_architecture, docker_seccomp_spec->arch_map[i]->architecture) == 0) { +@@ -485,7 +480,7 @@ static size_t docker_seccomp_arches_count(const char* seccomp_architecture, cons + return count; + } + +-static int dup_architectures_to_oci_spec(const char* seccomp_architecture, const docker_seccomp *docker_seccomp_spec, ++static int dup_architectures_to_oci_spec(const char *seccomp_architecture, const docker_seccomp *docker_seccomp_spec, + oci_runtime_config_linux_seccomp *oci_seccomp_spec) + { + size_t i = 0; +@@ -503,7 +498,7 @@ static int dup_architectures_to_oci_spec(const char* seccomp_architecture, const + return -1; + } + +- oci_seccomp_spec->architectures = util_common_calloc_s(arch_size * sizeof(char *)); ++ oci_seccomp_spec->architectures = util_smart_calloc_s(sizeof(char *), arch_size); + if (oci_seccomp_spec->architectures == NULL) { + ERROR("Failed to calloc memory for architectures in seccomp spec"); + return -1; +@@ -582,12 +577,7 @@ static int dup_syscall_args_to_oci_spec(const docker_seccomp_syscalls_element *d + if (docker_syscall->args_len == 0) { + return 0; + } +- +- if (docker_syscall->args_len > (SIZE_MAX / sizeof(defs_syscall_arg *))) { +- return -1; +- } +- +- oci_syscall->args = util_common_calloc_s(docker_syscall->args_len * sizeof(defs_syscall_arg *)); ++ oci_syscall->args = util_smart_calloc_s(sizeof(defs_syscall_arg *), docker_syscall->args_len); + if (oci_syscall->args == NULL) { + return -1; + } +@@ -620,11 +610,7 @@ static int dup_syscall_to_oci_spec(const docker_seccomp *docker_seccomp_spec, + return 0; + } + +- if (docker_seccomp_spec->syscalls_len > (SIZE_MAX / sizeof(defs_syscall *))) { +- return -1; +- } +- +- oci_seccomp_spec->syscalls = util_common_calloc_s(docker_seccomp_spec->syscalls_len * sizeof(defs_syscall *)); ++ oci_seccomp_spec->syscalls = util_smart_calloc_s(sizeof(defs_syscall *), docker_seccomp_spec->syscalls_len); + if (oci_seccomp_spec->syscalls == NULL) { + return -1; + } +@@ -639,12 +625,8 @@ static int dup_syscall_to_oci_spec(const docker_seccomp *docker_seccomp_spec, + } + oci_seccomp_spec->syscalls_len++; + +- if (docker_seccomp_spec->syscalls[i]->names_len > (SIZE_MAX / sizeof(char *))) { +- return -1; +- } +- + oci_seccomp_spec->syscalls[k]->names = +- util_common_calloc_s(docker_seccomp_spec->syscalls[i]->names_len * sizeof(char *)); ++ util_smart_calloc_s(sizeof(char *), docker_seccomp_spec->syscalls[i]->names_len); + if (oci_seccomp_spec->syscalls[k]->names == NULL) { + return -1; + } +@@ -670,8 +652,9 @@ static int dup_syscall_to_oci_spec(const docker_seccomp *docker_seccomp_spec, + return 0; + } + +-static oci_runtime_config_linux_seccomp *trans_docker_seccomp_to_oci_format(const docker_seccomp *docker_seccomp_spec, +- const defs_process_capabilities *capabilities) ++static oci_runtime_config_linux_seccomp * ++trans_docker_seccomp_to_oci_format(const docker_seccomp *docker_seccomp_spec, ++ const defs_process_capabilities *capabilities) + { + oci_runtime_config_linux_seccomp *oci_seccomp_spec = NULL; + +@@ -771,11 +754,7 @@ static defs_syscall *make_seccomp_syscalls_element(const char **names, size_t na + ret->action = util_strdup_s(action ? action : ""); + ret->args_len = args_len; + if (args_len) { +- if (args_len > SIZE_MAX / sizeof(defs_syscall_arg *)) { +- CRIT("Too many seccomp syscalls!"); +- goto out; +- } +- ret->args = util_common_calloc_s(args_len * sizeof(defs_syscall_arg *)); ++ ret->args = util_smart_calloc_s(sizeof(defs_syscall_arg *), args_len); + if (ret->args == NULL) { + CRIT("Memory allocation error."); + goto out; +@@ -794,11 +773,7 @@ static defs_syscall *make_seccomp_syscalls_element(const char **names, size_t na + } + + ret->names_len = names_len; +- if (names_len > SIZE_MAX / sizeof(char *)) { +- CRIT("Too many syscalls!"); +- goto out; +- } +- ret->names = util_common_calloc_s(names_len * sizeof(char *)); ++ ret->names = util_smart_calloc_s(sizeof(char *), names_len); + if (ret->names == NULL) { + CRIT("Memory allocation error."); + goto out; +diff --git a/src/daemon/modules/spec/verify.c b/src/daemon/modules/spec/verify.c +index 4bd11558..fe53bb0f 100644 +--- a/src/daemon/modules/spec/verify.c ++++ b/src/daemon/modules/spec/verify.c +@@ -627,16 +627,12 @@ static bool is_cpuset_list_available(const char *provided, const char *available + } + + cpu_num = sysinfo->ncpus; +- if ((size_t)cpu_num > SIZE_MAX / sizeof(bool)) { +- ERROR("invalid cpu num"); +- goto out; +- } +- parsed_provided = util_common_calloc_s(sizeof(bool) * (unsigned int)cpu_num); ++ parsed_provided = util_smart_calloc_s(sizeof(bool), (unsigned int)cpu_num); + if (parsed_provided == NULL) { + ERROR("memory alloc failed!"); + goto out; + } +- parsed_available = util_common_calloc_s(sizeof(bool) * (unsigned int)cpu_num); ++ parsed_available = util_smart_calloc_s(sizeof(bool), (unsigned int)cpu_num); + if (parsed_available == NULL) { + ERROR("memory alloc failed!"); + goto out; +@@ -1093,7 +1089,7 @@ static int verify_resources_device(defs_resources *resources) + + for (i = 0; i < resources->devices_len; i++) { + if (!util_valid_device_mode(resources->devices[i]->access)) { +- ERROR("Invalid device mode \"%s\" for device \"%" PRId64" %" PRId64 "\"", resources->devices[i]->access, ++ ERROR("Invalid device mode \"%s\" for device \"%" PRId64 " %" PRId64 "\"", resources->devices[i]->access, + resources->devices[i]->major, resources->devices[i]->minor); + isulad_set_error_message("Invalid device mode \"%s\" for device \"%ld %ld\"", resources->devices[i]->access, + resources->devices[i]->major, resources->devices[i]->minor); +diff --git a/src/daemon/modules/volume/local.c b/src/daemon/modules/volume/local.c +index 18961eb1..87b90317 100644 +--- a/src/daemon/modules/volume/local.c ++++ b/src/daemon/modules/volume/local.c +@@ -87,7 +87,7 @@ void free_volumes_info(struct volumes_info *vols) + return; + } + +-static struct volume * dup_volume(char *name, char *path) ++static struct volume *dup_volume(char *name, char *path) + { + struct volume *vol = NULL; + +@@ -105,7 +105,7 @@ static struct volume * dup_volume(char *name, char *path) + return vol; + } + +-struct volume * local_volume_get(char *name) ++struct volume *local_volume_get(char *name) + { + struct volume *v = NULL; + +@@ -289,7 +289,7 @@ out: + + static int load_volumes(struct volumes_info *vols) + { +- return util_scan_subdirs((const char*)vols->root_dir, load_volume, vols); ++ return util_scan_subdirs((const char *)vols->root_dir, load_volume, vols); + } + + static int local_volume_init(char *scope) +@@ -339,7 +339,7 @@ static int create_volume_meminfo(char *name, struct volume **vol) + struct volume *v = NULL; + int ret = 0; + int sret = 0; +- char path[PATH_MAX] = {0}; ++ char path[PATH_MAX] = { 0 }; + + v = util_common_calloc_s(sizeof(struct volume)); + if (v == NULL) { +@@ -367,7 +367,7 @@ out: + return ret; + } + +-static struct volume * volume_create_nolock(char *name) ++static struct volume *volume_create_nolock(char *name) + { + struct volume *v = NULL; + int ret = 0; +@@ -419,7 +419,7 @@ out: + return v; + } + +-struct volume * local_volume_create(char *name) ++struct volume *local_volume_create(char *name) + { + struct volume *v_out = NULL; + struct volume *v = NULL; +@@ -473,7 +473,7 @@ static struct volumes *new_empty_volumes(size_t size) + return vols; + } + +- vols->vols = util_common_calloc_s(sizeof(struct volume*) * size); ++ vols->vols = util_smart_calloc_s(sizeof(struct volume *), size); + if (vols->vols == NULL) { + ERROR("out of memory"); + free_volumes(vols); +@@ -483,7 +483,7 @@ static struct volumes *new_empty_volumes(size_t size) + return vols; + } + +-struct volumes * local_volume_list(void) ++struct volumes *local_volume_list(void) + { + int ret = 0; + map_itor *itor = NULL; +@@ -661,4 +661,3 @@ out: + + return ret; + } +- +diff --git a/src/daemon/modules/volume/volume.c b/src/daemon/modules/volume/volume.c +index 9d496594..8255aff9 100644 +--- a/src/daemon/modules/volume/volume.c ++++ b/src/daemon/modules/volume/volume.c +@@ -221,7 +221,7 @@ static struct volume_names * empty_volume_names(size_t size) + return NULL; + } + +- vns->names = util_common_calloc_s(sizeof(char *) * size); ++ vns->names = util_smart_calloc_s(sizeof(char *), size); + if (vns->names == NULL) { + ERROR("out of memory"); + ret = -1; +@@ -575,7 +575,7 @@ int volume_prune(struct volume_names **pruned) + } + + if (list->vols_len != 0) { +- (*pruned)->names = util_common_calloc_s(sizeof(char*) * list->vols_len); ++ (*pruned)->names = util_smart_calloc_s(sizeof(char *), list->vols_len); + if ((*pruned)->names == NULL) { + ret = -1; + goto out; +diff --git a/src/utils/console/console.c b/src/utils/console/console.c +index b0dc7ee5..3565eef3 100644 +--- a/src/utils/console/console.c ++++ b/src/utils/console/console.c +@@ -453,11 +453,8 @@ int console_loop_io_copy(int sync_fd, const int *srcfds, struct io_write_wrapper + size_t i = 0; + struct epoll_descr descr; + struct tty_state *ts = NULL; +- if (len > (SIZE_MAX / sizeof(struct tty_state)) - 1) { +- ERROR("Invalid io size"); +- return -1; +- } +- ts = util_common_calloc_s(sizeof(struct tty_state) * (len + 1)); ++ ++ ts = util_smart_calloc_s(sizeof(struct tty_state), (len + 1)); + if (ts == NULL) { + ERROR("Out of memory"); + return -1; +diff --git a/src/utils/cutils/utils_array.c b/src/utils/cutils/utils_array.c +index 448c9d9d..4e2ed6fd 100644 +--- a/src/utils/cutils/utils_array.c ++++ b/src/utils/cutils/utils_array.c +@@ -72,11 +72,7 @@ int util_array_append(char ***array, const char *element) + // let new len to len + 2 for element and null + len = util_array_len((const char **)(*array)); + +- if (len > SIZE_MAX / sizeof(char *) - 2) { +- ERROR("Too many array elements!"); +- return -1; +- } +- new_array = util_common_calloc_s((len + 2) * sizeof(char *)); ++ new_array = util_smart_calloc_s(sizeof(char *), (len + 2)); + if (new_array == NULL) { + ERROR("Out of memory"); + return -1; +@@ -92,8 +88,7 @@ int util_array_append(char ***array, const char *element) + return 0; + } + +-int util_grow_array(char ***orig_array, size_t *orig_capacity, size_t size, +- size_t increment) ++int util_grow_array(char ***orig_array, size_t *orig_capacity, size_t size, size_t increment) + { + size_t add_capacity; + char **add_array = NULL; +@@ -102,7 +97,7 @@ int util_grow_array(char ***orig_array, size_t *orig_capacity, size_t size, + return -1; + } + +- if (((*orig_array) == NULL) || ((*orig_capacity) == 0)) { ++ if (((*orig_array) == NULL) || ((*orig_capacity) == 0)) { + UTIL_FREE_AND_SET_NULL(*orig_array); + *orig_capacity = 0; + } +@@ -112,10 +107,7 @@ int util_grow_array(char ***orig_array, size_t *orig_capacity, size_t size, + add_capacity += increment; + } + if (add_capacity != *orig_capacity) { +- if (add_capacity > SIZE_MAX / sizeof(void *)) { +- return -1; +- } +- add_array = util_common_calloc_s(add_capacity * sizeof(void *)); ++ add_array = util_smart_calloc_s(sizeof(void *), add_capacity); + if (add_array == NULL) { + return -1; + } +diff --git a/src/utils/cutils/utils_string.c b/src/utils/cutils/utils_string.c +index 8c9b2eea..de1cc60e 100644 +--- a/src/utils/cutils/utils_string.c ++++ b/src/utils/cutils/utils_string.c +@@ -303,11 +303,7 @@ static char **util_shrink_array(char **orig_array, size_t new_size) + if (new_size == 0) { + return orig_array; + } +- if (new_size > SIZE_MAX / sizeof(char *)) { +- ERROR("Invalid arguments"); +- return orig_array; +- } +- new_array = util_common_calloc_s(new_size * sizeof(char *)); ++ new_array = util_smart_calloc_s(sizeof(char *), new_size); + if (new_array == NULL) { + return orig_array; + } +@@ -724,11 +720,7 @@ int util_dup_array_of_strings(const char **src, size_t src_len, char ***dst, siz + + *dst = NULL; + *dst_len = 0; +- if (src_len > SIZE_MAX / sizeof(char *)) { +- ERROR("Src elements is too much!"); +- return -1; +- } +- *dst = (char **)util_common_calloc_s(src_len * sizeof(char *)); ++ *dst = (char **)util_smart_calloc_s(sizeof(char *), src_len); + if (*dst == NULL) { + ERROR("Out of memory"); + return -1; +@@ -853,7 +845,7 @@ int util_string_array_unique(const char **elements, size_t length, char ***uniqu + } + + tmp_elements_len = map_size(map); +- tmp_elements = (char **)util_common_calloc_s(tmp_elements_len * sizeof(char *)); ++ tmp_elements = (char **)util_smart_calloc_s(sizeof(char *), tmp_elements_len); + if (tmp_elements == NULL) { + ERROR("Out of memory"); + ret = -1; +diff --git a/test/image/oci/oci_config_merge/oci_config_merge_ut.cc b/test/image/oci/oci_config_merge/oci_config_merge_ut.cc +index 3c9d5004..d94229b2 100644 +--- a/test/image/oci/oci_config_merge/oci_config_merge_ut.cc ++++ b/test/image/oci/oci_config_merge/oci_config_merge_ut.cc +@@ -353,9 +353,7 @@ TEST(oci_config_merge_ut, test_oci_image_merge_config) + tool_image->spec->config->entrypoint_len = 1; + } + +- MOCK_SET_V(util_smart_calloc_s, util_smart_calloc_s_fail); + ASSERT_EQ(oci_image_merge_config(tool_image, custom_config), 0); +- MOCK_CLEAR(util_smart_calloc_s); + + free_imagetool_image(tool_image); + tool_image = nullptr; +-- +2.25.1 + diff --git a/0028-increase-websocket-lws_lookup-size.patch b/0028-increase-websocket-lws_lookup-size.patch new file mode 100644 index 0000000..61e15cc --- /dev/null +++ b/0028-increase-websocket-lws_lookup-size.patch @@ -0,0 +1,41 @@ +From 2ca552a7faee850c6cfdccc4625b4459add56074 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Tue, 21 Jun 2022 17:34:23 +0800 +Subject: [PATCH 28/28] increase websocket lws_lookup size + +Signed-off-by: zhangxiaoyu +--- + src/daemon/entry/cri/websocket/service/ws_server.cc | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/daemon/entry/cri/websocket/service/ws_server.cc b/src/daemon/entry/cri/websocket/service/ws_server.cc +index 0e462737..98c0fee0 100644 +--- a/src/daemon/entry/cri/websocket/service/ws_server.cc ++++ b/src/daemon/entry/cri/websocket/service/ws_server.cc +@@ -187,7 +187,13 @@ void WebsocketServer::EmitLog(int level, const char *line) + + int WebsocketServer::CreateContext() + { +- const size_t WS_ULIMIT_FDS { 1024 }; ++ /* ++ context->lws_lookup is allocated ( sizeof(struct lws *) * max_fds ) spaces, ++ In general, max_fds should be the process maximum number of open file descriptor. ++ If WS_ULIMIT_FDS set too large, context->lws_lookup will cost too much memory. ++ If WS_ULIMIT_FDS set too small, maybe fd > max_fds and context->lws_lookup[fd] will overflow. ++ */ ++ const size_t WS_ULIMIT_FDS { 10240 }; + + m_url.SetScheme("ws"); + m_url.SetHost("localhost:" + std::to_string(m_listenPort)); +@@ -208,7 +214,7 @@ int WebsocketServer::CreateContext() + + /* daemon set RLIMIT_NOFILE to a large value at main.c, + * belowing lws_create_context limit the fds of websocket to RLIMIT_NOFILE, +- * and malloced memory according to it. To reduce memory, we recover it to 1024 before create m_context. ++ * and malloced memory according to it. To reduce memory, we recover it to WS_ULIMIT_FDS before create m_context. + */ + rlimit oldLimit, newLimit; + newLimit.rlim_cur = WS_ULIMIT_FDS; +-- +2.25.1 + diff --git a/iSulad.spec b/iSulad.spec index 202cbeb..b361152 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ %global _version 2.0.14 -%global _release 8 +%global _release 9 %global is_systemd 1 %global enable_shimv2 1 %global is_embedded 1 @@ -35,6 +35,12 @@ Patch0019: 0019-add-null-terminal-at-end-of-gr-mem-list.patch Patch0020: 0020-fix-shm-size-set-invalid-when-reboot.patch Patch0021: 0021-set-the-name-of-each-container-and-image-operation-t.patch Patch0022: 0022-set-the-name-of-each-container-and-image-operation-t.patch +Patch0023: 0023-fix-inspect-f-error-when-bionic.patch +Patch0024: 0024-refactor-devmapper_parse_options-function.patch +Patch0025: 0025-refactor-parse_volume-function.patch +Patch0026: 0026-fix-parse-volume-failed.patch +Patch0027: 0027-use-util_smart_calloc_t-to-prevent-overflow.patch +Patch0028: 0028-increase-websocket-lws_lookup-size.patch %ifarch x86_64 aarch64 Provides: libhttpclient.so()(64bit) @@ -262,6 +268,12 @@ fi %endif %changelog +* Tue Jun 21 2022 zhangxiaoyu - 2.0.14-9 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: sync from upstream openeuler/iSulad + * Wed Jun 15 2022 chengzeruizhi - 2.0.14-8 - Type: enhancement - ID: NA