diff --git a/0001-do-not-mkdir-of-isulad-if-no-controller-found.patch b/0001-do-not-mkdir-of-isulad-if-no-controller-found.patch deleted file mode 100644 index b366ee2..0000000 --- a/0001-do-not-mkdir-of-isulad-if-no-controller-found.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 9837be14200fecb32db0337652e60532f1adb7be Mon Sep 17 00:00:00 2001 -From: WangFengTu -Date: Mon, 23 May 2022 17:06:19 +0800 -Subject: [PATCH 01/30] do not mkdir of isulad if no controller found - -If selinux disable the capibility DAC_OVERRIDE, -mkdir isulad may fail when run container. - -Signed-off-by: WangFengTu ---- - src/daemon/common/sysinfo.c | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - -diff --git a/src/daemon/common/sysinfo.c b/src/daemon/common/sysinfo.c -index e60377dd..6fb4ec38 100644 ---- a/src/daemon/common/sysinfo.c -+++ b/src/daemon/common/sysinfo.c -@@ -1303,6 +1303,21 @@ out: - return ret; - } - -+#ifdef __ANDROID__ -+static bool cgroup2_no_controller() { -+ char *controllers_str = NULL; -+ -+ controllers_str = util_read_content_from_file(CGROUP2_CONTROLLERS_PATH); -+ if (controllers_str == NULL || strlen(controllers_str) == 0 || strcmp(controllers_str, "\n") == 0) { -+ free(controllers_str); -+ return true; -+ } -+ -+ free(controllers_str); -+ return false; -+} -+#endif -+ - static int make_sure_cgroup2_isulad_path_exist() - { - int ret = 0; -@@ -1315,6 +1330,13 @@ static int make_sure_cgroup2_isulad_path_exist() - return -1; - } - -+#ifdef __ANDROID__ -+ if (cgroup2_no_controller()) { -+ DEBUG("no cgroup controller found"); -+ return 0; -+ } -+#endif -+ - ret = mkdir(CGROUP_ISULAD_PATH, DEFAULT_CGROUP_DIR_MODE); - if (ret != 0 && (errno != EEXIST || !util_dir_exists(CGROUP_ISULAD_PATH))) { - return -1; --- -2.32.1 (Apple Git-133) - diff --git a/0002-fix-install-error-when-android.patch b/0002-fix-install-error-when-android.patch deleted file mode 100644 index 1770e49..0000000 --- a/0002-fix-install-error-when-android.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 426a282802b8b81c66e6857857a745583f816c0a Mon Sep 17 00:00:00 2001 -From: WangFengTu -Date: Tue, 24 May 2022 16:51:02 +0800 -Subject: [PATCH 02/30] fix install error when android - -Signed-off-by: WangFengTu ---- - src/common/constants.h | 2 +- - src/contrib/config/{lxc_contexts => container_contexts} | 0 - src/daemon/common/selinux_label.c | 2 +- - 3 files changed, 2 insertions(+), 2 deletions(-) - rename src/contrib/config/{lxc_contexts => container_contexts} (100%) - -diff --git a/src/common/constants.h b/src/common/constants.h -index 56c88d46..60fb9abe 100644 ---- a/src/common/constants.h -+++ b/src/common/constants.h -@@ -66,7 +66,7 @@ extern "C" { - - #define ISULAD_CONFIG SYSCONFDIR_PREFIX"/etc/isulad" - --#define ISULAD_DAEMON_LXC_CONTEXTS ISULAD_CONFIG "/container_contexts" -+#define ISULAD_DAEMON_CONTAINER_CONTEXTS ISULAD_CONFIG "/container_contexts" - #define ISULAD_DAEMON_JSON_CONF_FILE ISULAD_CONFIG "/daemon.json" - #define ISULAD_DAEMON_CONSTANTS_JSON_CONF_FILE ISULAD_CONFIG "/daemon_constants.json" - -diff --git a/src/contrib/config/lxc_contexts b/src/contrib/config/container_contexts -similarity index 100% -rename from src/contrib/config/lxc_contexts -rename to src/contrib/config/container_contexts -diff --git a/src/daemon/common/selinux_label.c b/src/daemon/common/selinux_label.c -index 9efd16e9..5468111e 100644 ---- a/src/daemon/common/selinux_label.c -+++ b/src/daemon/common/selinux_label.c -@@ -593,7 +593,7 @@ static int container_label(char **process_label, char **file_label) - } - - #ifdef __ANDROID__ -- lxc_path = ISULAD_DAEMON_LXC_CONTEXTS; -+ lxc_path = ISULAD_DAEMON_CONTAINER_CONTEXTS; - #else - lxc_path = selinux_lxc_contexts_path(); - #endif --- -2.32.1 (Apple Git-133) - diff --git a/0003-imp-fuzz-for-pw-gr-parser.patch b/0003-imp-fuzz-for-pw-gr-parser.patch deleted file mode 100644 index 36e22d0..0000000 --- a/0003-imp-fuzz-for-pw-gr-parser.patch +++ /dev/null @@ -1,249 +0,0 @@ -From 9ccb30fa430c7b98ecab4406dabe8498c74db8c3 Mon Sep 17 00:00:00 2001 -From: chegJH -Date: Thu, 12 May 2022 16:40:41 +0800 -Subject: [PATCH 03/30] imp fuzz for pw gr parser - -Signed-off-by: chegJH ---- - test/fuzz/CMakeLists.txt | 48 ++++++++++++++++++++++++++++ - test/fuzz/dict/gr_fuzz.dict | 4 +++ - test/fuzz/dict/pw_fuzz.dict | 6 ++++ - test/fuzz/fuzz.sh | 4 +++ - test/fuzz/test_gr_obj_parser_fuzz.cc | 45 ++++++++++++++++++++++++++ - test/fuzz/test_pw_obj_parser_fuzz.cc | 46 ++++++++++++++++++++++++++ - 6 files changed, 153 insertions(+) - create mode 100644 test/fuzz/dict/gr_fuzz.dict - create mode 100644 test/fuzz/dict/pw_fuzz.dict - create mode 100644 test/fuzz/test_gr_obj_parser_fuzz.cc - create mode 100644 test/fuzz/test_pw_obj_parser_fuzz.cc - -diff --git a/test/fuzz/CMakeLists.txt b/test/fuzz/CMakeLists.txt -index 61ab47d7..555c3813 100644 ---- a/test/fuzz/CMakeLists.txt -+++ b/test/fuzz/CMakeLists.txt -@@ -20,6 +20,8 @@ SET(EXE1 im_config_image_exist_fuzz) - SET(EXE2 im_get_image_count_fuzz) - SET(EXE3 test_volume_mount_spec_fuzz) - SET(EXE4 test_volume_parse_volume_fuzz) -+SET(EXE5 test_pw_obj_parser_fuzz) -+SET(EXE6 test_gr_obj_parser_fuzz) - add_executable(${EXE0} - ${CMAKE_CURRENT_SOURCE_DIR}/../../src/daemon/config/isulad_config.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../src/daemon/config/daemon_arguments.c -@@ -66,6 +68,36 @@ add_executable(${EXE4} - ${CMAKE_CURRENT_SOURCE_DIR}/../../src/daemon/config/daemon_arguments.c - test_volume_parse_volume_fuzz.cc - ) -+add_executable(${EXE5} -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_string.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_array.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_file.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_convert.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_verify.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_regex.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_pwgr.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/sha256/sha256.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/map.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/rb_tree.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/path.c -+ test_pw_obj_parser_fuzz.cc -+ ) -+add_executable(${EXE6} -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_string.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_array.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_file.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_convert.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_verify.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_regex.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_pwgr.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/sha256/sha256.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/map.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/rb_tree.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/path.c -+ test_gr_obj_parser_fuzz.cc -+ ) - - SET(IMAGE_FUZZ_INCLUDE_DIRS - ${GTEST_INCLUDE_DIR} -@@ -107,6 +139,14 @@ target_include_directories(${EXE4} PUBLIC - ${IMAGE_FUZZ_INCLUDE_DIRS} - ) - -+target_include_directories(${EXE5} PUBLIC -+ ${IMAGE_FUZZ_INCLUDE_DIRS} -+) -+ -+target_include_directories(${EXE6} PUBLIC -+ ${IMAGE_FUZZ_INCLUDE_DIRS} -+) -+ - set_target_properties(${EXE0} PROPERTIES LINKER_LANGUAGE CXX) - set_target_properties(${EXE0} PROPERTIES LINK_FLAGS "-fsanitize=address -fsanitize-coverage=trace-pc") - target_link_libraries(${EXE0} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} ${LIB_FUZZING_ENGINE} pthread rt -lisulad_img -lgcov) -@@ -126,3 +166,11 @@ target_link_libraries(${EXE3} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY - set_target_properties(${EXE4} PROPERTIES LINKER_LANGUAGE CXX) - set_target_properties(${EXE4} PROPERTIES LINK_FLAGS "-fsanitize=address -fsanitize-coverage=trace-pc") - target_link_libraries(${EXE4} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} ${LIB_FUZZING_ENGINE} pthread rt -lcrypto -lyajl -lz -lisulad_img -lgcov) -+ -+set_target_properties(${EXE5} PROPERTIES LINKER_LANGUAGE CXX) -+set_target_properties(${EXE5} PROPERTIES LINK_FLAGS "-fsanitize=address -fsanitize-coverage=trace-pc") -+target_link_libraries(${EXE5} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} ${LIB_FUZZING_ENGINE} pthread rt -lcrypto -lyajl -lz -lisulad_img -lgcov) -+ -+set_target_properties(${EXE6} PROPERTIES LINKER_LANGUAGE CXX) -+set_target_properties(${EXE6} PROPERTIES LINK_FLAGS "-fsanitize=address -fsanitize-coverage=trace-pc") -+target_link_libraries(${EXE6} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} ${LIB_FUZZING_ENGINE} pthread rt -lcrypto -lyajl -lz -lisulad_img -lgcov) -\ No newline at end of file -diff --git a/test/fuzz/dict/gr_fuzz.dict b/test/fuzz/dict/gr_fuzz.dict -new file mode 100644 -index 00000000..0f14d1c3 ---- /dev/null -+++ b/test/fuzz/dict/gr_fuzz.dict -@@ -0,0 +1,4 @@ -+"root:x:0:" -+"+adm:x:4:" -+"adm:x:4:root,john, boob,jason" -+"empty" -\ No newline at end of file -diff --git a/test/fuzz/dict/pw_fuzz.dict b/test/fuzz/dict/pw_fuzz.dict -new file mode 100644 -index 00000000..0b7790a4 ---- /dev/null -+++ b/test/fuzz/dict/pw_fuzz.dict -@@ -0,0 +1,6 @@ -+"root:x:0:0:root:/root:/bin/bash" -+"bin:x:-1:1:bin:/bin:/sbin/nologin" -+"uidonly:x:1::bin:/bin:/sbin/nologin" -+"::::1:1:bin:/bin:/sbin/nologin" -+"-npt:*::::/etc/ntp:/sbin/nologin" -+"empty" -\ No newline at end of file -diff --git a/test/fuzz/fuzz.sh b/test/fuzz/fuzz.sh -index 6c8ce19a..c5b55979 100755 ---- a/test/fuzz/fuzz.sh -+++ b/test/fuzz/fuzz.sh -@@ -17,6 +17,8 @@ - current_dir=$(cd $(dirname $0) && pwd) - FUZZ_OPTION="${current_dir}/corpus -dict=${current_dir}/dict/im_oci_image_exist_fuzz.dict -runs=1000000 -max_total_time=3600" - VOLUME_FUZZ_OPTION="${current_dir}/corpus -dict=${current_dir}/dict/volume_fuzz.dict -runs=1000000 -max_total_time=3600" -+PW_FUZZ_OPTION="${current_dir}/corpus -dict=${current_dir}/dict/pw_fuzz.dict -runs=30000000 -max_total_time=10800" -+GR_FUZZ_OPTION="${current_dir}/corpus -dict=${current_dir}/dict/gr_fuzz.dict -runs=30000000 -max_total_time=10800" - - find /usr -name "libclang_rt.fuzzer-$(uname -m)*" - if [ $? != 0 ];then -@@ -34,6 +36,8 @@ ${current_dir}/im_config_image_exist_fuzz ${FUZZ_OPTION} -artifact_prefix=im_con - ${current_dir}/im_get_image_count_fuzz ${FUZZ_OPTION} -artifact_prefix=im_get_image_count_fuzz- - ${current_dir}/test_volume_mount_spec_fuzz ${VOLUME_FUZZ_OPTION} -artifact_prefix=test_volume_mount_spec_fuzz- - ${current_dir}/test_volume_parse_volume_fuzz ${VOLUME_FUZZ_OPTION} -artifact_prefix=test_volume_parse_volume_fuzz- -+${current_dir}/test_pw_obj_parser_fuzz ${PW_FUZZ_OPTION} -artifact_prefix=test_pw_obj_parser_fuzz- -+${current_dir}/test_gr_obj_parser_fuzz ${GR_FUZZ_OPTION} -artifact_prefix=test_gr_obj_parser_fuzz- - - # 查找crash文件 - -diff --git a/test/fuzz/test_gr_obj_parser_fuzz.cc b/test/fuzz/test_gr_obj_parser_fuzz.cc -new file mode 100644 -index 00000000..01db0cf2 ---- /dev/null -+++ b/test/fuzz/test_gr_obj_parser_fuzz.cc -@@ -0,0 +1,45 @@ -+/****************************************************************************** -+ * Copyright (c) Huawei Technologies Co., Ltd. 2018-2019. All rights reserved. -+ * iSulad licensed under the Mulan PSL v2. -+ * You can use this software according to the terms and conditions of the Mulan PSL v2. -+ * You may obtain a copy of Mulan PSL v2 at: -+ * http://license.coscl.org.cn/MulanPSL2 -+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR -+ * PURPOSE. -+ * See the Mulan PSL v2 for more details. -+ * Author: hejunjie -+ * Create: 2022-05-12 -+ * Description: provide fuzz test for parser of group object -+ ******************************************************************************/ -+ -+#include -+#include -+#include -+#include -+#include -+#include "utils_pwgr.h" -+ -+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) -+{ -+ std::string testData(reinterpret_cast(data), size); -+ std::string fileName("grstreamfile.txt"); -+ struct group gr; -+ struct group *pgr = nullptr; -+ char buf[BUFSIZ]; -+ -+ std::ofstream outFile(fileName); -+ outFile << testData; -+ outFile.close(); -+ -+ FILE *f = fopen(fileName.c_str(), "r"); -+ -+ if (testData == "empty") { -+ util_getgrent_r(nullptr, &gr, buf, sizeof(buf), &pgr); -+ } else { -+ util_getgrent_r(f, &gr, buf, sizeof(buf), &pgr); -+ } -+ -+ fclose(f); -+ return 0; -+} -diff --git a/test/fuzz/test_pw_obj_parser_fuzz.cc b/test/fuzz/test_pw_obj_parser_fuzz.cc -new file mode 100644 -index 00000000..3a2195c6 ---- /dev/null -+++ b/test/fuzz/test_pw_obj_parser_fuzz.cc -@@ -0,0 +1,46 @@ -+/****************************************************************************** -+ * Copyright (c) Huawei Technologies Co., Ltd. 2018-2019. All rights reserved. -+ * iSulad licensed under the Mulan PSL v2. -+ * You can use this software according to the terms and conditions of the Mulan PSL v2. -+ * You may obtain a copy of Mulan PSL v2 at: -+ * http://license.coscl.org.cn/MulanPSL2 -+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR -+ * PURPOSE. -+ * See the Mulan PSL v2 for more details. -+ * Author: hejunjie -+ * Create: 2022-05-12 -+ * Description: provide fuzz test for passwd object parser -+ ******************************************************************************/ -+ -+#include -+#include -+#include -+#include -+#include -+#include "utils_pwgr.h" -+ -+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) -+{ -+ std::string testData(reinterpret_cast(data), size); -+ std::string fileName("pwstreamfile.txt"); -+ struct passwd pw; -+ struct passwd *ppw = nullptr; -+ char buf[BUFSIZ]; -+ -+ std::ofstream outFile(fileName); -+ outFile << testData; -+ outFile.close(); -+ -+ FILE *f = fopen(fileName.c_str(), "r"); -+ -+ if (testData == "empty") { -+ util_getpwent_r(nullptr, &pw, buf, sizeof(buf), &ppw); -+ } else { -+ util_getpwent_r(f, &pw, buf, sizeof(buf), &ppw); -+ } -+ -+ fclose(f); -+ return 0; -+ -+} --- -2.32.1 (Apple Git-133) - diff --git a/0004-improve-fuzz-test.patch b/0004-improve-fuzz-test.patch deleted file mode 100644 index 706110a..0000000 --- a/0004-improve-fuzz-test.patch +++ /dev/null @@ -1,119 +0,0 @@ -From 31a92265a6bd29dc8f98179947406f1bb56ac5a8 Mon Sep 17 00:00:00 2001 -From: haozi007 -Date: Thu, 26 May 2022 13:53:09 +0100 -Subject: [PATCH 04/30] improve fuzz test - -Signed-off-by: haozi007 ---- - test/fuzz/CMakeLists.txt | 50 ++++++++++++++-------------- - test/fuzz/test_gr_obj_parser_fuzz.cc | 2 +- - test/fuzz/test_pw_obj_parser_fuzz.cc | 2 +- - test/mocks/oci_image_mock.cc | 2 +- - 4 files changed, 28 insertions(+), 28 deletions(-) - -diff --git a/test/fuzz/CMakeLists.txt b/test/fuzz/CMakeLists.txt -index 555c3813..8561b495 100644 ---- a/test/fuzz/CMakeLists.txt -+++ b/test/fuzz/CMakeLists.txt -@@ -1,6 +1,6 @@ - project(iSulad_UT) - --execute_process(COMMAND bash "-c" "find /usr -name *libclang_rt.fuzzer-${CMAKE_HOST_SYSTEM_PROCESSOR}*" -+execute_process(COMMAND bash "-c" "find /usr -name *libclang_rt.fuzzer-${CMAKE_HOST_SYSTEM_PROCESSOR}* | head -1" - OUTPUT_VARIABLE LIB_FUZZING_ENGINE - OUTPUT_STRIP_TRAILING_WHITESPACE) - -@@ -69,33 +69,33 @@ add_executable(${EXE4} - test_volume_parse_volume_fuzz.cc - ) - add_executable(${EXE5} -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_string.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_array.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_file.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_convert.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_verify.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_regex.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_pwgr.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/sha256/sha256.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/map.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/rb_tree.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/path.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_string.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_array.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_file.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_convert.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_verify.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_regex.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_pwgr.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/sha256/sha256.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/map/map.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/map/rb_tree.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/path.c - test_pw_obj_parser_fuzz.cc - ) - add_executable(${EXE6} -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_string.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_array.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_file.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_convert.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_verify.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_regex.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_pwgr.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/sha256/sha256.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/map.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/rb_tree.c -- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/path.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_string.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_array.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_file.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_convert.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_verify.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_regex.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_pwgr.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/sha256/sha256.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/map/map.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/map/rb_tree.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/path.c - test_gr_obj_parser_fuzz.cc - ) - -diff --git a/test/fuzz/test_gr_obj_parser_fuzz.cc b/test/fuzz/test_gr_obj_parser_fuzz.cc -index 01db0cf2..d43d153d 100644 ---- a/test/fuzz/test_gr_obj_parser_fuzz.cc -+++ b/test/fuzz/test_gr_obj_parser_fuzz.cc -@@ -1,5 +1,5 @@ - /****************************************************************************** -- * Copyright (c) Huawei Technologies Co., Ltd. 2018-2019. All rights reserved. -+ * Copyright (c) Huawei Technologies Co., Ltd. 2022. All rights reserved. - * iSulad licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: -diff --git a/test/fuzz/test_pw_obj_parser_fuzz.cc b/test/fuzz/test_pw_obj_parser_fuzz.cc -index 3a2195c6..cf09f576 100644 ---- a/test/fuzz/test_pw_obj_parser_fuzz.cc -+++ b/test/fuzz/test_pw_obj_parser_fuzz.cc -@@ -1,5 +1,5 @@ - /****************************************************************************** -- * Copyright (c) Huawei Technologies Co., Ltd. 2018-2019. All rights reserved. -+ * Copyright (c) Huawei Technologies Co., Ltd. 2022. All rights reserved. - * iSulad licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: -diff --git a/test/mocks/oci_image_mock.cc b/test/mocks/oci_image_mock.cc -index 8e975e3b..c333c0dd 100644 ---- a/test/mocks/oci_image_mock.cc -+++ b/test/mocks/oci_image_mock.cc -@@ -37,5 +37,5 @@ struct oci_image_module_data *get_oci_image_data(void) - if (g_oci_image_mock != nullptr) { - return g_oci_image_mock->GetOciImageData(); - } -- return { 0 }; -+ return nullptr; - } --- -2.32.1 (Apple Git-133) - diff --git a/0005-Seccomp-optimization.patch b/0005-Seccomp-optimization.patch deleted file mode 100644 index acbeaac..0000000 --- a/0005-Seccomp-optimization.patch +++ /dev/null @@ -1,262 +0,0 @@ -From 02167555e702316fe14cc963f9e978e9f66f59ba Mon Sep 17 00:00:00 2001 -From: chengzrz -Date: Fri, 24 Dec 2021 10:47:31 +0800 -Subject: [PATCH 05/30] Seccomp optimization - -Signed-off-by: chengzrz ---- - src/common/constants.h | 2 + - src/daemon/modules/spec/specs_security.c | 112 +++++++++++++++++++---- - src/utils/cutils/utils.c | 54 ++++++----- - 3 files changed, 128 insertions(+), 40 deletions(-) - -diff --git a/src/common/constants.h b/src/common/constants.h -index 60fb9abe..294f4b78 100644 ---- a/src/common/constants.h -+++ b/src/common/constants.h -@@ -142,6 +142,8 @@ extern "C" { - - /* RUNPATH is defined by -DRUNPATH=$value when execute cmake, default is "/var/run" */ - #define CLIENT_RUNDIR RUNPATH"/isula" -+#define SCMP_ARCH_X86_64 "SCMP_ARCH_X86_64" -+#define SCMP_ARCH_AARCH64 "SCMP_ARCH_AARCH64" - - typedef enum { - CONTAINER_STATUS_UNKNOWN = 0, -diff --git a/src/daemon/modules/spec/specs_security.c b/src/daemon/modules/spec/specs_security.c -index 658c2e1f..8a8b2d86 100644 ---- a/src/daemon/modules/spec/specs_security.c -+++ b/src/daemon/modules/spec/specs_security.c -@@ -457,45 +457,123 @@ static bool meet_filtering_rules(const docker_seccomp *seccomp, const docker_sec - return meet_include_arch && meet_include_cap && meet_exclude_arch && meet_exclude_cap; - } - --static size_t docker_seccomp_arches_count(const docker_seccomp *docker_seccomp_spec) -+static size_t docker_seccomp_arches_count(const char* seccomp_architecture, const docker_seccomp *docker_seccomp_spec) - { - size_t count = 0; - size_t i = 0; -- for (i = 0; i < docker_seccomp_spec->arch_map_len; i++) { -- count += docker_seccomp_spec->arch_map[i]->sub_architectures_len + 1; -+ -+ if (seccomp_architecture == NULL) { -+ ERROR("Invalid input seccomp architecture"); -+ return -1; -+ } -+ -+ for (i = 0; i < docker_seccomp_spec->arch_map_len; ++i) { -+ if (docker_seccomp_spec->arch_map[i] == NULL || docker_seccomp_spec->arch_map[i]->architecture == NULL) { -+ continue; -+ } -+ if (strcmp(seccomp_architecture, docker_seccomp_spec->arch_map[i]->architecture) == 0) { -+ count = docker_seccomp_spec->arch_map[i]->sub_architectures_len + 1; -+ break; -+ } -+ } -+ -+ if (count == 0) { -+ ERROR("seccomp architecture not found"); -+ count = -1; - } -+ - return count; - } - --static int dup_architectures_to_oci_spec(const docker_seccomp *docker_seccomp_spec, -+static int dup_architectures_to_oci_spec(const char* seccomp_architecture, const docker_seccomp *docker_seccomp_spec, - oci_runtime_config_linux_seccomp *oci_seccomp_spec) - { -+ size_t i = 0; -+ size_t j = 0; - size_t arch_size = 0; - -- arch_size = docker_seccomp_arches_count(docker_seccomp_spec); -- if (arch_size != 0) { -- size_t i; -- size_t j; -- if (arch_size > (SIZE_MAX / sizeof(char *))) { -- return -1; -- } -- oci_seccomp_spec->architectures = util_common_calloc_s(arch_size * sizeof(char *)); -- if (oci_seccomp_spec->architectures == NULL) { -- return -1; -+ if (seccomp_architecture == NULL) { -+ oci_seccomp_spec->architectures_len = 0; -+ return 0; -+ } -+ -+ arch_size = docker_seccomp_arches_count(seccomp_architecture, docker_seccomp_spec); -+ if (arch_size < 0) { -+ ERROR("Failed to get arches count from docker seccomp spec"); -+ return -1; -+ } -+ -+ oci_seccomp_spec->architectures = util_common_calloc_s(arch_size * sizeof(char *)); -+ if (oci_seccomp_spec->architectures == NULL) { -+ ERROR("Failed to calloc memory for architectures in seccomp spec"); -+ return -1; -+ } -+ -+ for (i = 0; i < docker_seccomp_spec->arch_map_len; ++i) { -+ if (docker_seccomp_spec->arch_map[i] == NULL || docker_seccomp_spec->arch_map[i]->architecture == NULL) { -+ continue; - } -- for (i = 0; i < docker_seccomp_spec->arch_map_len; i++) { -+ if (strcmp(seccomp_architecture, docker_seccomp_spec->arch_map[i]->architecture) == 0) { - oci_seccomp_spec->architectures[oci_seccomp_spec->architectures_len++] = - util_strdup_s(docker_seccomp_spec->arch_map[i]->architecture); -- for (j = 0; j < docker_seccomp_spec->arch_map[i]->sub_architectures_len; j++) { -+ -+ for (j = 0; j < docker_seccomp_spec->arch_map[i]->sub_architectures_len; ++j) { - oci_seccomp_spec->architectures[oci_seccomp_spec->architectures_len++] = - util_strdup_s(docker_seccomp_spec->arch_map[i]->sub_architectures[j]); - } -+ break; - } - } - - return 0; - } - -+// return 0 when normalized_arch has been properly set into seccomp spec -+static int normalized_arch_to_seccomp_arch(const char *host_arch, const docker_seccomp *docker_seccomp_spec, -+ oci_runtime_config_linux_seccomp *oci_seccomp_spec) -+{ -+ INFO("host architecture is %s", host_arch); -+ // x86 archs -+ if (strcasecmp(host_arch, "386") == 0 || strcasecmp(host_arch, "amd64") == 0) { -+ return dup_architectures_to_oci_spec(SCMP_ARCH_X86_64, docker_seccomp_spec, oci_seccomp_spec); -+ } -+ // arm archs -+ if (strcasecmp(host_arch, "arm64") == 0 || strcasecmp(host_arch, "arm") == 0) { -+ return dup_architectures_to_oci_spec(SCMP_ARCH_AARCH64, docker_seccomp_spec, oci_seccomp_spec); -+ } -+ //other archs -+ return dup_architectures_to_oci_spec(NULL, docker_seccomp_spec, oci_seccomp_spec); -+} -+ -+static int load_architectures_into_oci_spec(const docker_seccomp *docker_seccomp_spec, -+ oci_runtime_config_linux_seccomp *oci_seccomp_spec) -+{ -+ int ret = 0; -+ char *host_os = NULL; -+ char *host_arch = NULL; -+ char *host_variant = NULL; -+ -+ ret = util_normalized_host_os_arch(&host_os, &host_arch, &host_variant); -+ if (ret != 0) { -+ ERROR("get host os and arch for import failed"); -+ isulad_try_set_error_message("get host os and arch for import failed"); -+ goto out; -+ } -+ -+ ret = normalized_arch_to_seccomp_arch(host_arch, docker_seccomp_spec, oci_seccomp_spec); -+ if (ret != 0) { -+ ERROR("transfer normalized arch to seccomp arch failed"); -+ isulad_try_set_error_message("transfer normalized arch to seccomp arch failed"); -+ goto out; -+ } -+ -+out: -+ free(host_os); -+ free(host_arch); -+ free(host_variant); -+ return ret; -+} -+ - static int dup_syscall_args_to_oci_spec(const docker_seccomp_syscalls_element *docker_syscall, - defs_syscall *oci_syscall) - { -@@ -606,7 +684,7 @@ static oci_runtime_config_linux_seccomp *trans_docker_seccomp_to_oci_format(cons - oci_seccomp_spec->default_action = util_strdup_s(docker_seccomp_spec->default_action); - - // architectures -- if (dup_architectures_to_oci_spec(docker_seccomp_spec, oci_seccomp_spec)) { -+ if (load_architectures_into_oci_spec(docker_seccomp_spec, oci_seccomp_spec)) { - goto out; - } - -diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c -index a647f7bc..278a72c5 100644 ---- a/src/utils/cutils/utils.c -+++ b/src/utils/cutils/utils.c -@@ -1353,6 +1353,7 @@ static char *get_cpu_variant() - int util_normalized_host_os_arch(char **host_os, char **host_arch, char **host_variant) - { - int ret = 0; -+ int i = 0; - struct utsname uts; - char *tmp_variant = NULL; - -@@ -1367,20 +1368,31 @@ int util_normalized_host_os_arch(char **host_os, char **host_arch, char **host_v - goto out; - } - -+ const char *arch_map[][2] = { { "i386", "386" }, -+ { "x86_64", "amd64" }, -+ { "x86-64", "amd64" }, -+ { "aarch64", "arm64" }, -+ { "armhf", "arm" }, -+ { "armel", "arm" }, -+ { "mips64le", "mips64le" }, -+ { "mips64el", "mips64le" } -+ }; -+ -+ const char *variant_map[][2] = { { "5", "v5" }, -+ { "6", "v6" }, -+ { "7", "v7" }, -+ { "8", "v8" } -+ }; -+ - *host_os = util_strings_to_lower(uts.sysname); -+ *host_arch = util_strdup_s(uts.machine); - -- if (strcasecmp("i386", uts.machine) == 0) { -- *host_arch = util_strdup_s("386"); -- } else if ((strcasecmp("x86_64", uts.machine) == 0) || (strcasecmp("x86-64", uts.machine) == 0)) { -- *host_arch = util_strdup_s("amd64"); -- } else if (strcasecmp("aarch64", uts.machine) == 0) { -- *host_arch = util_strdup_s("arm64"); -- } else if ((strcasecmp("armhf", uts.machine) == 0) || (strcasecmp("armel", uts.machine) == 0)) { -- *host_arch = util_strdup_s("arm"); -- } else if ((strcasecmp("mips64le", uts.machine) == 0) || (strcasecmp("mips64el", uts.machine) == 0)) { -- *host_arch = util_strdup_s("mips64le"); -- } else { -- *host_arch = util_strdup_s(uts.machine); -+ for (i = 0; i < sizeof(arch_map) / sizeof(arch_map[0]); ++i) { -+ if (strcasecmp(uts.machine, arch_map[i][0]) == 0) { -+ free(*host_arch); -+ *host_arch = util_strdup_s(arch_map[i][1]); -+ break; -+ } - } - - if (!strcmp(*host_arch, "arm") || !strcmp(*host_arch, "arm64")) { -@@ -1394,17 +1406,13 @@ int util_normalized_host_os_arch(char **host_os, char **host_arch, char **host_v - *host_variant = util_strdup_s("v7"); - } else if (!strcmp(*host_arch, "arm") && *host_variant != NULL) { - tmp_variant = *host_variant; -- *host_variant = NULL; -- if (!strcmp(tmp_variant, "5")) { -- *host_variant = util_strdup_s("v5"); -- } else if (!strcmp(tmp_variant, "6")) { -- *host_variant = util_strdup_s("v6"); -- } else if (!strcmp(tmp_variant, "7")) { -- *host_variant = util_strdup_s("v7"); -- } else if (!strcmp(tmp_variant, "8")) { -- *host_variant = util_strdup_s("v8"); -- } else { -- *host_variant = util_strdup_s(tmp_variant); -+ *host_variant = util_strdup_s(tmp_variant); -+ for (i = 0; i < sizeof(variant_map) / sizeof(variant_map[0]); ++i) { -+ if (!strcmp(tmp_variant, variant_map[i][0])) { -+ free(*host_variant); -+ *host_variant = util_strdup_s(variant_map[i][1]); -+ break; -+ } - } - free(tmp_variant); - tmp_variant = NULL; --- -2.32.1 (Apple Git-133) - diff --git a/0006-fix-different-type-convert.patch b/0006-fix-different-type-convert.patch deleted file mode 100644 index 5a5e6fc..0000000 --- a/0006-fix-different-type-convert.patch +++ /dev/null @@ -1,264 +0,0 @@ -From 1db2941da2eba089f3ed07c59f4925c857860023 Mon Sep 17 00:00:00 2001 -From: haozi007 -Date: Tue, 31 May 2022 03:33:16 +0100 -Subject: [PATCH 06/30] fix different type convert - -Signed-off-by: haozi007 ---- - src/cmd/isula/isula_host_spec.c | 23 ++++++++++++++----- - src/cmd/isula/stream/exec.c | 6 +++-- - src/cmd/isulad/isulad_commands.c | 11 +++++++-- - src/cmd/options/opt_ulimit.c | 9 ++++++-- - .../modules/runtime/engines/lcr/lcr_engine.c | 2 +- - src/daemon/modules/spec/specs_mount.c | 8 +++++-- - src/utils/http/parser.c | 2 +- - 7 files changed, 45 insertions(+), 16 deletions(-) - -diff --git a/src/cmd/isula/isula_host_spec.c b/src/cmd/isula/isula_host_spec.c -index 85451dd4..297f9299 100644 ---- a/src/cmd/isula/isula_host_spec.c -+++ b/src/cmd/isula/isula_host_spec.c -@@ -516,6 +516,7 @@ static int parse_blkio_throttle_bps_device(const char *device, char **path, uint - { - int ret = 0; - char **split = NULL; -+ int64_t converted = 0; - - split = util_string_split_multi(device, ':'); - if (split == NULL || util_array_len((const char **)split) != 2) { -@@ -530,13 +531,16 @@ static int parse_blkio_throttle_bps_device(const char *device, char **path, uint - goto out; - } - -- if (util_parse_byte_size_string(split[1], (int64_t *)rate) != 0) { -+ ret = util_parse_byte_size_string(split[1], &converted); -+ if (ret != 0 || converted < 0) { - COMMAND_ERROR("invalid rate for device: %s. The correct format is :[]." - " Number must be a positive integer. Unit is optional and can be kb, mb, or gb", - device); - ret = -1; - goto out; - } -+ -+ *rate = converted; - *path = util_strdup_s(split[0]); - - out: -@@ -691,6 +695,7 @@ static host_config_hugetlbs_element *pase_hugetlb_limit(const char *input) - char *trans_page = NULL; - uint64_t limit = 0; - uint64_t page = 0; -+ int64_t tconverted = 0; - host_config_hugetlbs_element *limit_element = NULL; - - temp = util_strdup_s(input); -@@ -704,18 +709,21 @@ static host_config_hugetlbs_element *pase_hugetlb_limit(const char *input) - goto free_out; - } - -- ret = util_parse_byte_size_string(limit_value, (int64_t *)(&limit)); -- if (ret != 0) { -+ ret = util_parse_byte_size_string(limit_value, &tconverted); -+ if (ret != 0 || tconverted < 0) { - COMMAND_ERROR("Parse limit value: %s failed:%s", limit_value, strerror(-ret)); - goto free_out; - } -+ limit = (uint64_t)tconverted; - - if (pagesize != NULL) { -- ret = util_parse_byte_size_string(pagesize, (int64_t *)(&page)); -- if (ret != 0) { -+ tconverted = 0; -+ ret = util_parse_byte_size_string(pagesize, &tconverted); -+ if (ret != 0 || tconverted < 0) { - COMMAND_ERROR("Parse pagesize error.Invalid hugepage size: %s: %s", pagesize, strerror(-ret)); - goto free_out; - } -+ page = (uint64_t)tconverted; - - trans_page = util_human_size(page); - if (trans_page == NULL) { -@@ -842,15 +850,18 @@ static bool parse_size(const char *input, const char *token, host_config_host_ch - uint64_t size = 0; - uint64_t mem_total_size = 0; - uint64_t mem_available_size = 0; -+ int64_t converted = 0; - - if (strcmp(token, "") == 0) { - host_channel->size = 64 * SIZE_MB; - return true; - } -- if (util_parse_byte_size_string(token, (int64_t *)(&size))) { -+ if (util_parse_byte_size_string(token, &converted) != 0 || converted < 0) { - COMMAND_ERROR("Invalid size limit for host channel: %s", input); - return false; - } -+ size = (uint64_t)converted; -+ - if (size < HOST_CHANNLE_MIN_SIZE) { - COMMAND_ERROR("Invalid size, larger than 4KB is allowed"); - return false; -diff --git a/src/cmd/isula/stream/exec.c b/src/cmd/isula/stream/exec.c -index aa702b90..df911d0b 100644 ---- a/src/cmd/isula/stream/exec.c -+++ b/src/cmd/isula/stream/exec.c -@@ -49,6 +49,7 @@ static int fill_exec_request(const struct client_arguments *args, const struct c - { - int ret = 0; - size_t i = 0; -+ size_t tconverted = 0; - char *new_env = NULL; - - request->name = util_strdup_s(args->name); -@@ -67,12 +68,13 @@ static int fill_exec_request(const struct client_arguments *args, const struct c - request->user = util_strdup_s(args->custom_conf.user); - request->workdir = util_strdup_s(args->custom_conf.workdir); - -- if (util_dup_array_of_strings((const char **)args->argv, args->argc, &(request->argv), -- (size_t *)(&request->argc)) != 0) { -+ ret = util_dup_array_of_strings((const char **)args->argv, args->argc, &(request->argv), &tconverted); -+ if (ret != 0 || tconverted >= INT_MAX) { - ERROR("Failed to dup args"); - ret = -1; - goto out; - } -+ request->argc = (int)tconverted; - - /* environment variables */ - for (i = 0; i < util_array_len((const char **)(args->extra_env)); i++) { -diff --git a/src/cmd/isulad/isulad_commands.c b/src/cmd/isulad/isulad_commands.c -index 2a0ccf92..f73a82e2 100644 ---- a/src/cmd/isulad/isulad_commands.c -+++ b/src/cmd/isulad/isulad_commands.c -@@ -517,7 +517,6 @@ out: - static int do_merge_conf_default_ulimit_into_global(struct service_arguments *args) - { - size_t i, j, json_default_ulimit_len; -- isulad_daemon_configs_default_ulimits_element *ptr = NULL; - - if (args->json_confs->default_ulimits == NULL) { - return 0; -@@ -525,6 +524,9 @@ static int do_merge_conf_default_ulimit_into_global(struct service_arguments *ar - - json_default_ulimit_len = args->json_confs->default_ulimits->len; - for (i = 0; i < json_default_ulimit_len; i++) { -+ isulad_daemon_configs_default_ulimits_element *ptr = NULL; -+ host_config_ulimits_element telem = { 0 }; -+ - ptr = args->json_confs->default_ulimits->values[i]; - for (j = 0; j < args->default_ulimit_len; j++) { - if (strcmp(ptr->name, args->default_ulimit[j]->name) == 0) { -@@ -532,12 +534,17 @@ static int do_merge_conf_default_ulimit_into_global(struct service_arguments *ar - } - } - -+ // ulimit of name setted, just update values - if (j < args->default_ulimit_len) { - args->default_ulimit[j]->soft = ptr->soft; - args->default_ulimit[j]->hard = ptr->hard; - continue; - } -- if (ulimit_array_append(&args->default_ulimit, (host_config_ulimits_element *)ptr, args->default_ulimit_len) != -+ -+ telem.name = ptr->name; -+ telem.hard = ptr->hard; -+ telem.soft = ptr->soft; -+ if (ulimit_array_append(&args->default_ulimit, &telem, args->default_ulimit_len) != - 0) { - ERROR("merge json confs default ulimit config failed"); - return -1; -diff --git a/src/cmd/options/opt_ulimit.c b/src/cmd/options/opt_ulimit.c -index 1a9c6165..b9eddf8a 100644 ---- a/src/cmd/options/opt_ulimit.c -+++ b/src/cmd/options/opt_ulimit.c -@@ -58,22 +58,27 @@ static void get_ulimit_split_parts(const char *val, char ***parts, size_t *parts - static int parse_soft_hard_ulimit(const char *val, char **limitvals, size_t limitvals_len, int64_t *soft, int64_t *hard) - { - int ret = 0; -+ long long converted = 0; -+ - // parse soft -- ret = util_safe_llong(limitvals[0], (long long *)soft); -+ ret = util_safe_llong(limitvals[0], &converted); - if (ret < 0) { - COMMAND_ERROR("Invalid ulimit soft value: \"%s\", parse int64 failed: %s", val, strerror(-ret)); - ret = -1; - goto out; - } -+ *soft = (int64_t)converted; - - // parse hard if exists - if (limitvals_len > 1) { -- ret = util_safe_llong(limitvals[1], (long long *)hard); -+ converted = 0; -+ ret = util_safe_llong(limitvals[1], &converted); - if (ret < 0) { - COMMAND_ERROR("Invalid ulimit hard value: \"%s\", parse int64 failed: %s", val, strerror(-ret)); - ret = -1; - goto out; - } -+ *hard = (int64_t)converted; - - if (*soft > *hard) { - COMMAND_ERROR("Ulimit soft limit must be less than or equal to hard limit: %lld > %lld", -diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_engine.c b/src/daemon/modules/runtime/engines/lcr/lcr_engine.c -index 0d29e362..2ca12545 100644 ---- a/src/daemon/modules/runtime/engines/lcr/lcr_engine.c -+++ b/src/daemon/modules/runtime/engines/lcr/lcr_engine.c -@@ -30,7 +30,7 @@ - typedef bool (*lcr_state_op_t)(const char *name, const char *lcrpath, struct lcr_container_state *lcs); - typedef void (*lcr_container_state_free_t)(struct lcr_container_state *lcs); - typedef bool (*lcr_update_op_t)(const char *name, const char *lcrpath, struct lcr_cgroup_resources *cr); --typedef bool (*lcr_start_op_t)(struct lcr_start_request *request); -+typedef bool (*lcr_start_op_t)(const struct lcr_start_request *request); - typedef bool (*lcr_exec_op_t)(const struct lcr_exec_request *request, int *exit_code); - - static lcr_state_op_t g_lcr_state_op = NULL; -diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c -index c89f077f..b35061d8 100644 ---- a/src/daemon/modules/spec/specs_mount.c -+++ b/src/daemon/modules/spec/specs_mount.c -@@ -2089,21 +2089,25 @@ static int parse_device_cgroup_rule(defs_device_cgroup *spec_dev_cgroup, const c - if (strcmp(file_mode[0], "*") == 0) { - spec_dev_cgroup->major = -1; - } else { -- if (util_safe_llong(file_mode[0], (long long *)&spec_dev_cgroup->major) != 0) { -+ long long converted = 0; -+ if (util_safe_llong(file_mode[0], &converted) != 0) { - ERROR("Invalid rule mode %s", file_mode[0]); - ret = -1; - goto free_out; - } -+ spec_dev_cgroup->major = converted; - } - - if (strcmp(file_mode[1], "*") == 0) { - spec_dev_cgroup->minor = -1; - } else { -- if (util_safe_llong(file_mode[1], (long long *)&spec_dev_cgroup->minor) != 0) { -+ long long converted = 0; -+ if (util_safe_llong(file_mode[1], &converted) != 0) { - ERROR("Invalid rule mode %s", file_mode[1]); - ret = -1; - goto free_out; - } -+ spec_dev_cgroup->minor = (int64_t)converted; - } - - free_out: -diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c -index 5ea1677c..37475b33 100644 ---- a/src/utils/http/parser.c -+++ b/src/utils/http/parser.c -@@ -47,7 +47,7 @@ - #include "utils.h" - #include "isula_libutils/log.h" - --size_t strlncat(char *dststr, size_t size, const char *srcstr, size_t nsize) -+static size_t strlncat(char *dststr, size_t size, const char *srcstr, size_t nsize) - { - size_t ssize, dsize; - --- -2.32.1 (Apple Git-133) - diff --git a/0007-add-pointer-parameters-NULL-check.patch b/0007-add-pointer-parameters-NULL-check.patch deleted file mode 100644 index aa4d354..0000000 --- a/0007-add-pointer-parameters-NULL-check.patch +++ /dev/null @@ -1,226 +0,0 @@ -From 17b6015d5abe3500a5a89d171af79698e57545f2 Mon Sep 17 00:00:00 2001 -From: zhangxiaoyu -Date: Tue, 31 May 2022 19:35:35 +0800 -Subject: [PATCH 07/30] add pointer parameters NULL check - -Signed-off-by: zhangxiaoyu -Signed-off-by: haozi007 ---- - src/cmd/isula/extend/update.c | 24 +++++++++---------- - src/cmd/isula/extend/update.h | 1 - - src/cmd/isula/isula_commands.c | 2 +- - src/cmd/isula/isula_commands.h | 2 -- - src/daemon/config/isulad_config.c | 4 ++++ - src/daemon/modules/api/container_api.h | 2 -- - src/daemon/modules/api/plugin_api.h | 1 - - .../modules/container/container_state.c | 2 +- - .../modules/container/containers_store.c | 5 ++++ - .../graphdriver/devmapper/deviceset.c | 2 +- - .../graphdriver/overlay2/driver_overlay2.c | 2 +- - src/daemon/modules/plugin/plugin.c | 2 +- - src/daemon/modules/spec/specs_extend.c | 4 ++++ - 13 files changed, 30 insertions(+), 23 deletions(-) - -diff --git a/src/cmd/isula/extend/update.c b/src/cmd/isula/extend/update.c -index a9b0fccf..27cd07c0 100644 ---- a/src/cmd/isula/extend/update.c -+++ b/src/cmd/isula/extend/update.c -@@ -86,6 +86,18 @@ error_out: - return NULL; - } - -+static int update_checker(const struct client_arguments *args) -+{ -+ int ret = 0; -+ -+ if (args->argc == 0) { -+ COMMAND_ERROR("Update requires at least 1 container names"); -+ return EINVALIDARGS; -+ } -+ -+ return ret; -+} -+ - static int client_update(const struct client_arguments *args) - { - int ret = 0; -@@ -191,15 +203,3 @@ int cmd_update_main(int argc, const char **argv) - - return ret; - } -- --int update_checker(const struct client_arguments *args) --{ -- int ret = 0; -- -- if (args->argc == 0) { -- COMMAND_ERROR("Update requires at least 1 container names"); -- return EINVALIDARGS; -- } -- -- return ret; --} -diff --git a/src/cmd/isula/extend/update.h b/src/cmd/isula/extend/update.h -index a527b46a..15a6ce59 100644 ---- a/src/cmd/isula/extend/update.h -+++ b/src/cmd/isula/extend/update.h -@@ -114,7 +114,6 @@ extern const char g_cmd_update_desc[]; - extern const char g_cmd_update_usage[]; - extern struct client_arguments g_cmd_update_args; - int cmd_update_main(int argc, const char **argv); --int update_checker(const struct client_arguments *args); - - #ifdef __cplusplus - } -diff --git a/src/cmd/isula/isula_commands.c b/src/cmd/isula/isula_commands.c -index db37f705..89d9ca96 100644 ---- a/src/cmd/isula/isula_commands.c -+++ b/src/cmd/isula/isula_commands.c -@@ -94,7 +94,7 @@ static void print_version() - } - - /* compare commands */ --int compare_commands(const void *s1, const void *s2) -+static int compare_commands(const void *s1, const void *s2) - { - return strcmp((*(const struct command *)s1).name, (*(const struct command *)s2).name); - } -diff --git a/src/cmd/isula/isula_commands.h b/src/cmd/isula/isula_commands.h -index 0518025f..1ee773ee 100644 ---- a/src/cmd/isula/isula_commands.h -+++ b/src/cmd/isula/isula_commands.h -@@ -44,8 +44,6 @@ struct command { - // NOTE: Command arrays must end in a command with all member is NULL - const struct command *command_by_name(const struct command *cmds, const char * const name); - --int compare_commands(const void *s1, const void *s2); -- - // Default help command if implementation doesn't prvide one - int command_default_help(const char * const program_name, struct command *commands, int argc, const char **argv); - -diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c -index 287e5707..92d86a3b 100644 ---- a/src/daemon/config/isulad_config.c -+++ b/src/daemon/config/isulad_config.c -@@ -1069,6 +1069,10 @@ int conf_get_isulad_default_ulimit(host_config_ulimits_element ***ulimit) - size_t i, ulimit_len; - struct service_arguments *conf = NULL; - -+ if (ulimit == NULL) { -+ return -1; -+ } -+ - if (isulad_server_conf_rdlock() != 0) { - return -1; - } -diff --git a/src/daemon/modules/api/container_api.h b/src/daemon/modules/api/container_api.h -index 3b7f2889..1140d4d5 100644 ---- a/src/daemon/modules/api/container_api.h -+++ b/src/daemon/modules/api/container_api.h -@@ -244,8 +244,6 @@ char *container_state_get_started_at(container_state_t *s); - - bool container_is_valid_state_string(const char *state); - --int container_dup_health_check_status(defs_health **dst, const defs_health *src); -- - void container_update_health_monitor(const char *container_id); - - extern int container_supervisor_add_exit_monitor(int fd, const pid_ppid_info_t *pid_info, const char *name, -diff --git a/src/daemon/modules/api/plugin_api.h b/src/daemon/modules/api/plugin_api.h -index 82011363..4346b9e9 100644 ---- a/src/daemon/modules/api/plugin_api.h -+++ b/src/daemon/modules/api/plugin_api.h -@@ -68,7 +68,6 @@ plugin_t *plugin_new(const char *name, const char *addr); - void plugin_get(plugin_t *plugin); /* ref++ */ - void plugin_put(plugin_t *plugin); /* ref-- */ - --int plugin_set_activated(plugin_t *plugin, bool activated, const char *errmsg); - int plugin_set_manifest(plugin_t *plugin, const plugin_manifest_t *manifest); - bool plugin_is_watching(plugin_t *plugin, uint64_t pe); - -diff --git a/src/daemon/modules/container/container_state.c b/src/daemon/modules/container/container_state.c -index 834901f3..efcbe852 100644 ---- a/src/daemon/modules/container/container_state.c -+++ b/src/daemon/modules/container/container_state.c -@@ -462,7 +462,7 @@ Container_Status container_state_get_status(container_state_t *s) - return status; - } - --int container_dup_health_check_status(defs_health **dst, const defs_health *src) -+static int container_dup_health_check_status(defs_health **dst, const defs_health *src) - { - int ret = 0; - size_t i = 0; -diff --git a/src/daemon/modules/container/containers_store.c b/src/daemon/modules/container/containers_store.c -index 42972392..e0700296 100644 ---- a/src/daemon/modules/container/containers_store.c -+++ b/src/daemon/modules/container/containers_store.c -@@ -247,6 +247,11 @@ int containers_store_list(container_t ***out, size_t *size) - container_t **conts = NULL; - map_itor *itor = NULL; - -+ if (out == NULL || size == NULL) { -+ ERROR("Invalid arguments"); -+ return -1; -+ } -+ - if (pthread_rwlock_rdlock(&g_containers_store->rwlock) != 0) { - ERROR("lock memory store failed"); - return -1; -diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c -index 728b0a62..e20d4f1b 100644 ---- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c -+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c -@@ -3019,7 +3019,7 @@ int unmount_device(const char *hash, const char *mount_path, struct device_set * - int ret = 0; - devmapper_device_info_t *device_info = NULL; - -- if (hash == NULL || mount_path == NULL) { -+ if (hash == NULL || mount_path == NULL || devset == NULL) { - ERROR("devmapper: invalid input params to unmount device"); - return -1; - } -diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c -index 6d1832be..7a45f880 100644 ---- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c -+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c -@@ -2123,7 +2123,7 @@ int overlay2_get_layer_fs_info(const char *id, const struct graphdriver *driver, - char *layer_dir = NULL; - char *layer_diff = NULL; - -- if (id == NULL || fs_info == NULL) { -+ if (id == NULL || driver == NULL || fs_info == NULL) { - ERROR("Invalid input arguments"); - return -1; - } -diff --git a/src/daemon/modules/plugin/plugin.c b/src/daemon/modules/plugin/plugin.c -index 4a14ee46..4cea2b2a 100644 ---- a/src/daemon/modules/plugin/plugin.c -+++ b/src/daemon/modules/plugin/plugin.c -@@ -785,7 +785,7 @@ bad: - return NULL; - } - --int plugin_set_activated(plugin_t *plugin, bool activated, const char *errmsg) -+static int plugin_set_activated(plugin_t *plugin, bool activated, const char *errmsg) - { - plugin_wrlock(plugin); - plugin->activated = activated; -diff --git a/src/daemon/modules/spec/specs_extend.c b/src/daemon/modules/spec/specs_extend.c -index 7f43ae57..6276a586 100644 ---- a/src/daemon/modules/spec/specs_extend.c -+++ b/src/daemon/modules/spec/specs_extend.c -@@ -496,6 +496,10 @@ int make_sure_oci_spec_linux_resources(oci_runtime_spec *oci_spec) - { - int ret = 0; - -+ if (oci_spec == NULL) { -+ return -1; -+ } -+ - ret = make_sure_oci_spec_linux(oci_spec); - if (ret < 0) { - return -1; --- -2.32.1 (Apple Git-133) - diff --git a/0008-add-check-to-arguments.patch b/0008-add-check-to-arguments.patch deleted file mode 100644 index c26c6ba..0000000 --- a/0008-add-check-to-arguments.patch +++ /dev/null @@ -1,533 +0,0 @@ -From 56c2a6a98d51ea893939079cc31e3a7897fa5aba Mon Sep 17 00:00:00 2001 -From: haozi007 -Date: Tue, 31 May 2022 12:53:10 +0100 -Subject: [PATCH 08/30] add check to arguments - -Signed-off-by: haozi007 ---- - src/cmd/isula/base/create.c | 7 ++- - src/cmd/isula/stream/attach.c | 5 ++ - src/cmd/isulad/isulad_commands.c | 2 +- - src/daemon/common/err_msg.c | 5 +- - src/daemon/common/selinux_label.c | 7 ++- - src/daemon/common/sysinfo.c | 9 +++ - src/daemon/config/isulad_config.c | 9 +++ - src/daemon/modules/api/plugin_api.h | 1 - - src/daemon/modules/image/image.c | 6 ++ - .../modules/image/oci/oci_common_operators.c | 2 +- - .../graphdriver/devmapper/deviceset.c | 5 ++ - .../graphdriver/devmapper/metadata_store.c | 4 ++ - src/daemon/modules/plugin/plugin.c | 58 ++----------------- - src/utils/console/console.c | 10 ++++ - src/utils/cutils/filters.c | 2 +- - src/utils/cutils/map/rb_tree.c | 4 ++ - src/utils/cutils/path.c | 5 ++ - src/utils/cutils/utils.c | 48 +++++++-------- - src/utils/http/http.c | 7 ++- - src/utils/http/parser.c | 5 ++ - test/path/path_ut.cc | 5 ++ - 21 files changed, 120 insertions(+), 86 deletions(-) - -diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c -index ce485f0d..2db2fd21 100644 ---- a/src/cmd/isula/base/create.c -+++ b/src/cmd/isula/base/create.c -@@ -393,7 +393,7 @@ static int read_label_from_file(const char *path, size_t file_size, isula_contai - if (file_size == 0) { - return 0; - } -- fp = fopen(path, "re"); -+ fp = util_fopen(path, "re"); - if (fp == NULL) { - ERROR("Failed to open '%s'", path); - return -1; -@@ -1477,12 +1477,13 @@ int callback_log_opt(command_option_t *option, const char *value) - - int callback_log_driver(command_option_t *option, const char *value) - { -- struct client_arguments *args = (struct client_arguments *)option->data; -+ struct client_arguments *args = NULL; - -- if (value == NULL) { -+ if (value == NULL || option == NULL) { - COMMAND_ERROR("log driver is NULL"); - return -1; - } -+ args = (struct client_arguments *)option->data; - - if (!check_opt_container_log_driver(value)) { - COMMAND_ERROR("Unsupported log driver: %s", value); -diff --git a/src/cmd/isula/stream/attach.c b/src/cmd/isula/stream/attach.c -index 3a434bca..9cc19161 100644 ---- a/src/cmd/isula/stream/attach.c -+++ b/src/cmd/isula/stream/attach.c -@@ -104,6 +104,11 @@ int inspect_container(const struct client_arguments *args, container_inspect **i - isula_connect_ops *ops = NULL; - parser_error perr = NULL; - -+ if (inspect_data == NULL) { -+ COMMAND_ERROR("Empty inspect data"); -+ return -1; -+ } -+ - inspect_response = util_common_calloc_s(sizeof(struct isula_inspect_response)); - if (inspect_response == NULL) { - COMMAND_ERROR("Out of memory"); -diff --git a/src/cmd/isulad/isulad_commands.c b/src/cmd/isulad/isulad_commands.c -index f73a82e2..89d91c1b 100644 ---- a/src/cmd/isulad/isulad_commands.c -+++ b/src/cmd/isulad/isulad_commands.c -@@ -657,7 +657,7 @@ static int check_conf_default_ulimit(const struct service_arguments *args) - ret = -1; - goto out; - } -- if (strcmp(ptr->name, type) != 0) { -+ if (type == NULL || strcmp(ptr->name, type) != 0) { - COMMAND_ERROR("Ulimit Name \"%s\" must same as type \"%s\" in %s", ptr->name, type, - ISULAD_DAEMON_JSON_CONF_FILE); - ret = -1; -diff --git a/src/daemon/common/err_msg.c b/src/daemon/common/err_msg.c -index 739cb353..3e62fad6 100644 ---- a/src/daemon/common/err_msg.c -+++ b/src/daemon/common/err_msg.c -@@ -29,8 +29,11 @@ void isulad_set_error_message(const char *format, ...) - { - int ret = 0; - char errbuf[BUFSIZ + 1] = { 0 }; -- - va_list argp; -+ -+ if (format == NULL) { -+ return; -+ } - va_start(argp, format); - - ret = vsnprintf(errbuf, BUFSIZ, format, argp); -diff --git a/src/daemon/common/selinux_label.c b/src/daemon/common/selinux_label.c -index 5468111e..533393a6 100644 ---- a/src/daemon/common/selinux_label.c -+++ b/src/daemon/common/selinux_label.c -@@ -602,7 +602,7 @@ static int container_label(char **process_label, char **file_label) - return -1; - } - -- file = fopen(lxc_path, "re"); -+ file = util_fopen(lxc_path, "re"); - if (file == NULL) { - ERROR("Failed to open '%s'", lxc_path); - return -1; -@@ -782,6 +782,11 @@ int init_label(const char **label_opts, size_t label_opts_len, char **dst_proces - return 0; - } - -+ if (label_opts == NULL || dst_process_label == NULL || dst_mount_label == NULL) { -+ ERROR("Empty arguments"); -+ return -1; -+ } -+ - if (container_label(&process_label, &mount_label) != 0) { - ret = -1; - goto out; -diff --git a/src/daemon/common/sysinfo.c b/src/daemon/common/sysinfo.c -index 6fb4ec38..89ca5225 100644 ---- a/src/daemon/common/sysinfo.c -+++ b/src/daemon/common/sysinfo.c -@@ -915,6 +915,11 @@ int find_cgroup_mountpoint_and_root(const char *subsystem, char **mountpoint, ch - size_t length = 0; - char *pline = NULL; - -+ if (subsystem == NULL) { -+ ERROR("Empty subsystem"); -+ return -1; -+ } -+ - fp = util_fopen("/proc/self/mountinfo", "r"); - if (fp == NULL) { - ERROR("Failed to open \"/proc/self/mountinfo\"\n"); -@@ -1566,6 +1571,10 @@ mountinfo_t *find_mount_info(mountinfo_t **minfos, const char *dir) - { - mountinfo_t **it = NULL; - -+ if (dir == NULL) { -+ return NULL; -+ } -+ - for (it = minfos; it && *it; it++) { - if ((*it)->mountpoint && !strcmp((*it)->mountpoint, dir)) { - return *it; -diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c -index 92d86a3b..38d2a0bf 100644 ---- a/src/daemon/config/isulad_config.c -+++ b/src/daemon/config/isulad_config.c -@@ -227,6 +227,10 @@ int conf_get_cgroup_cpu_rt(int64_t *cpu_rt_period, int64_t *cpu_rt_runtime) - { - struct service_arguments *conf = NULL; - -+ if (cpu_rt_period == NULL || cpu_rt_runtime == NULL) { -+ return -1; -+ } -+ - if (isulad_server_conf_rdlock() != 0) { - return -1; - } -@@ -776,6 +780,11 @@ out: - - int conf_get_daemon_log_config(char **loglevel, char **logdriver, char **engine_log_path) - { -+ if (loglevel == NULL || logdriver == NULL || engine_log_path == NULL) { -+ ERROR("Empty arguments"); -+ return -1; -+ } -+ - *loglevel = conf_get_isulad_loglevel(); - if (*loglevel == NULL) { - ERROR("DoStart: Failed to get log level"); -diff --git a/src/daemon/modules/api/plugin_api.h b/src/daemon/modules/api/plugin_api.h -index 4346b9e9..303ba6bf 100644 ---- a/src/daemon/modules/api/plugin_api.h -+++ b/src/daemon/modules/api/plugin_api.h -@@ -101,7 +101,6 @@ int pm_del_plugin(const plugin_t *plugin); - */ - int pm_get_plugin(const char *name, plugin_t **rplugin); - void pm_put_plugin(plugin_t *plugin); --int pm_get_plugins_nolock(uint64_t pe, plugin_t ***rplugins, size_t *count); - - int start_plugin_manager(void); - int plugin_event_container_pre_create(const char *cid, oci_runtime_spec *ocic); -diff --git a/src/daemon/modules/image/image.c b/src/daemon/modules/image/image.c -index 6832aec3..f487f831 100644 ---- a/src/daemon/modules/image/image.c -+++ b/src/daemon/modules/image/image.c -@@ -831,11 +831,17 @@ static int append_images_to_response(im_list_response *response, imagetool_image - out: - return ret; - } -+ - int im_list_images(const im_list_request *ctx, im_list_response **response) - { - size_t i; - imagetool_images_list *images_tmp = NULL; - -+ if (response == NULL) { -+ ERROR("Empty arguments"); -+ return -1; -+ } -+ - *response = util_common_calloc_s(sizeof(im_list_response)); - if (*response == NULL) { - ERROR("Out of memory"); -diff --git a/src/daemon/modules/image/oci/oci_common_operators.c b/src/daemon/modules/image/oci/oci_common_operators.c -index 09405651..fd23096a 100644 ---- a/src/daemon/modules/image/oci/oci_common_operators.c -+++ b/src/daemon/modules/image/oci/oci_common_operators.c -@@ -459,7 +459,7 @@ int oci_status_image(im_status_request *request, im_status_response *response) - char *image_ref = NULL; - char *resolved_name = NULL; - -- if (response == NULL) { -+ if (request == NULL || response == NULL) { - ERROR("Invalid arguments"); - return -1; - } -diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c -index e20d4f1b..d90dde50 100644 ---- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c -+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c -@@ -3183,6 +3183,11 @@ struct status *device_set_status(struct device_set *devset) - int sem_usz = 0; - int sem_mni = 0; - -+ if (devset == NULL) { -+ ERROR("empty arguments"); -+ return NULL; -+ } -+ - if (pthread_rwlock_wrlock(&(devset->devmapper_driver_rwlock)) != 0) { - ERROR("lock devmapper conf failed"); - return NULL; -diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/metadata_store.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/metadata_store.c -index c8d10b7a..93fc9758 100644 ---- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/metadata_store.c -+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/metadata_store.c -@@ -201,6 +201,10 @@ char **metadata_store_list_hashes(metadata_store_t *meta_store) - char **hashes_array = NULL; - map_itor *itor = NULL; - -+ if (meta_store == NULL) { -+ return NULL; -+ } -+ - if (map_size(meta_store->map) == 0) { - DEBUG("Metadata store hash list is empty"); - ret = true; -diff --git a/src/daemon/modules/plugin/plugin.c b/src/daemon/modules/plugin/plugin.c -index 4cea2b2a..4e343a20 100644 ---- a/src/daemon/modules/plugin/plugin.c -+++ b/src/daemon/modules/plugin/plugin.c -@@ -760,8 +760,14 @@ plugin_t *plugin_new(const char *name, const char *addr) - plugin_t *plugin = NULL; - int errcode = 0; - -+ if (name == NULL || addr == NULL) { -+ ERROR("Empty arguments"); -+ return NULL; -+ } -+ - plugin = util_common_calloc_s(sizeof(plugin_t)); - if (plugin == NULL) { -+ ERROR("Out of memory"); - goto bad; - } - -@@ -1234,58 +1240,6 @@ void pm_put_plugin(plugin_t *plugin) - plugin_put(plugin); - } - --int pm_get_plugins_nolock(uint64_t pe, plugin_t ***rplugins, size_t *count) --{ -- int ret = 0; -- int i = 0; -- size_t size = 0; -- plugin_t **plugins = NULL; -- map_itor *itor = NULL; -- -- size = map_size(g_plugin_manager->np); -- if (size == 0) { /* empty */ -- return 0; -- } -- if (size > SIZE_MAX / sizeof(plugin_t *)) { -- ret = -1; -- ERROR("Invalid plugins size"); -- goto out; -- } -- -- plugins = util_common_calloc_s(sizeof(plugin_t *) * size); -- if (plugins == NULL) { -- ret = -1; -- ERROR("Out of memory"); -- goto out; -- } -- -- itor = map_itor_new(g_plugin_manager->np); -- if (itor == NULL) { -- ret = -1; -- ERROR("Out of memory"); -- goto out; -- } -- -- for (i = 0; i < (int)size && map_itor_valid(itor); i++, map_itor_next(itor)) { -- plugins[i] = map_itor_value(itor); -- /* plugin_put() called in pm_put_plugins() */ -- plugin_get(plugins[i]); -- } -- -- *rplugins = plugins; -- *count = (size_t)i; -- --out: -- map_itor_free(itor); -- itor = NULL; -- -- if (ret < 0) { -- UTIL_FREE_AND_SET_NULL(plugins); -- } -- -- return ret; --} -- - static void pm_np_item_free(void *key, void *val) - { - plugin_t *plugin = val; -diff --git a/src/utils/console/console.c b/src/utils/console/console.c -index 17c8b242..8492eb4d 100644 ---- a/src/utils/console/console.c -+++ b/src/utils/console/console.c -@@ -253,6 +253,11 @@ int console_fifo_open(const char *fifo_path, int *fdout, int flags) - { - int fd = 0; - -+ if (fifo_path ==NULL || fdout == NULL) { -+ ERROR("Argument must not be NULL"); -+ return -1; -+ } -+ - fd = util_open(fifo_path, flags, (mode_t)0); - if (fd < 0) { - ERROR("Failed to open fifo %s to send message: %s.", fifo_path, strerror(errno)); -@@ -302,6 +307,11 @@ int setup_tios(int fd, struct termios *curr_tios) - struct termios tmptios; - int ret = 0; - -+ if (curr_tios == NULL) { -+ ERROR("Empty terminal io setting"); -+ return -1; -+ } -+ - if (!isatty(fd)) { - ERROR("Specified fd: '%d' is not a tty", fd); - return -1; -diff --git a/src/utils/cutils/filters.c b/src/utils/cutils/filters.c -index a8fa220f..1885e9cc 100644 ---- a/src/utils/cutils/filters.c -+++ b/src/utils/cutils/filters.c -@@ -66,7 +66,7 @@ char **filters_args_get(const struct filters_args *filters, const char *field) - map_t *field_values_map = NULL; - map_itor *itor = NULL; - -- if (filters == NULL || filters->fields == NULL) { -+ if (filters == NULL || filters->fields == NULL || field == NULL) { - return NULL; - } - -diff --git a/src/utils/cutils/map/rb_tree.c b/src/utils/cutils/map/rb_tree.c -index ddae0646..b63165d5 100644 ---- a/src/utils/cutils/map/rb_tree.c -+++ b/src/utils/cutils/map/rb_tree.c -@@ -133,6 +133,10 @@ void rbtree_clear(rb_tree_t *tree) - - void rbtree_free(rb_tree_t *tree) - { -+ if (tree == NULL) { -+ return; -+ } -+ - rbtree_clear(tree); - free(tree->nil); - tree->nil = NULL; -diff --git a/src/utils/cutils/path.c b/src/utils/cutils/path.c -index f195257d..2446f479 100644 ---- a/src/utils/cutils/path.c -+++ b/src/utils/cutils/path.c -@@ -590,6 +590,11 @@ int util_resolve_path(const char *rootpath, const char *path, char **resolvedpat - char tmppath[PATH_MAX] = { 0 }; - char cleanedpath[PATH_MAX] = { 0 }; - -+ if (abspath == NULL || resolvedpath == NULL || rootpath == NULL) { -+ ERROR("Empty arguments"); -+ return -1; -+ } -+ - *resolvedpath = NULL; - *abspath = NULL; - -diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c -index 278a72c5..30ff629f 100644 ---- a/src/utils/cutils/utils.c -+++ b/src/utils/cutils/utils.c -@@ -1475,32 +1475,32 @@ void util_parse_user_group(const char *username, char **user, char **group, char - return; - } - -- if (username != NULL) { -- tmp = util_strdup_s(username); -- -- // for free tmp in caller -- *tmp_dup = tmp; -- -- pdot = strstr(tmp, ":"); -- if (pdot != NULL) { -- *pdot = '\0'; -- if (pdot != tmp) { -- // User found -- *user = tmp; -- } -- if (*(pdot + 1) != '\0') { -- // group found -- *group = pdot + 1; -- } -- } else { -- // No : found -- if (*tmp != '\0') { -- *user = tmp; -- } -- } -+ if (username == NULL) { -+ return; - } - -- return; -+ tmp = util_strdup_s(username); -+ -+ // for free tmp in caller -+ *tmp_dup = tmp; -+ -+ pdot = strstr(tmp, ":"); -+ if (pdot != NULL) { -+ *pdot = '\0'; -+ if (pdot != tmp) { -+ // User found -+ *user = tmp; -+ } -+ if (*(pdot + 1) != '\0') { -+ // group found -+ *group = pdot + 1; -+ } -+ } else { -+ // No : found -+ if (*tmp != '\0') { -+ *user = tmp; -+ } -+ } - } - - defs_map_string_object *dup_map_string_empty_object(defs_map_string_object *src) -diff --git a/src/utils/http/http.c b/src/utils/http/http.c -index 0b53cf1e..e4788efd 100644 ---- a/src/utils/http/http.c -+++ b/src/utils/http/http.c -@@ -241,7 +241,7 @@ static void http_custom_general_options(CURL *curl_handle, const struct http_get - - static int http_custom_options(CURL *curl_handle, const struct http_get_options *options) - { -- if (curl_handle == NULL || options == NULL) { -+ if (curl_handle == NULL) { - return -1; - } - -@@ -413,6 +413,11 @@ int http_request(const char *url, struct http_get_options *options, long *respon - size_t fsize = 0; - char *replaced_url = 0; - -+ if (url == NULL || options == NULL) { -+ ERROR("must set url and options to use http request"); -+ return -1; -+ } -+ - if (recursive_len + 1 >= MAX_REDIRCT_NUMS) { - ERROR("reach the max redirect num"); - return -1; -diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c -index 37475b33..0e0e603b 100644 ---- a/src/utils/http/parser.c -+++ b/src/utils/http/parser.c -@@ -319,6 +319,11 @@ char *get_header_value(const struct parsed_http_message *m, const char *header) - int i = 0; - char *ret = NULL; - -+ if (m == NULL || header == NULL) { -+ ERROR("Empty arguments"); -+ return NULL; -+ } -+ - for (i = 0; i < m->num_headers; i++) { - if (strcasecmp(m->headers[i][0], header) == 0) { - ret = (char *)m->headers[i][1]; -diff --git a/test/path/path_ut.cc b/test/path/path_ut.cc -index ce6dcc08..0068ecb4 100644 ---- a/test/path/path_ut.cc -+++ b/test/path/path_ut.cc -@@ -311,6 +311,11 @@ TEST(path_ut, test_resolve_path) - char *resolvedpath = nullptr; - char *abspath = nullptr; - -+ rootpath = "/home"; -+ path = "/home/dir/test"; -+ ASSERT_EQ(util_resolve_path(rootpath.c_str(), path.c_str(), nullptr, &abspath), -1); -+ ASSERT_EQ(util_resolve_path(rootpath.c_str(), path.c_str(), &resolvedpath, nullptr), -1); -+ - ASSERT_EQ(util_resolve_path(nullptr, nullptr, &resolvedpath, &abspath), -1); - free(resolvedpath); - resolvedpath = nullptr; --- -2.32.1 (Apple Git-133) - diff --git a/0009-remove-static-of-strlncat.patch b/0009-remove-static-of-strlncat.patch deleted file mode 100644 index 8c9776b..0000000 --- a/0009-remove-static-of-strlncat.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 9133e2159e9e69434b41e9649762f8eaed191f37 Mon Sep 17 00:00:00 2001 -From: zhangxiaoyu -Date: Tue, 31 May 2022 22:39:44 +0800 -Subject: [PATCH 09/30] remove static of strlncat - -Signed-off-by: zhangxiaoyu ---- - src/utils/http/parser.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c -index 0e0e603b..12df2435 100644 ---- a/src/utils/http/parser.c -+++ b/src/utils/http/parser.c -@@ -47,7 +47,7 @@ - #include "utils.h" - #include "isula_libutils/log.h" - --static size_t strlncat(char *dststr, size_t size, const char *srcstr, size_t nsize) -+size_t strlncat(char *dststr, size_t size, const char *srcstr, size_t nsize) - { - size_t ssize, dsize; - --- -2.32.1 (Apple Git-133) - diff --git a/0010-remove-check-parameter-label_opts-in-init_label.patch b/0010-remove-check-parameter-label_opts-in-init_label.patch deleted file mode 100644 index 0d2c5ce..0000000 --- a/0010-remove-check-parameter-label_opts-in-init_label.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 60715b192de2cb1b4e8fe9ce48ddf081a6d2be53 Mon Sep 17 00:00:00 2001 -From: zhangxiaoyu -Date: Wed, 1 Jun 2022 09:50:03 +0800 -Subject: [PATCH 10/30] remove check parameter label_opts in init_label - -Signed-off-by: zhangxiaoyu ---- - src/daemon/common/selinux_label.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/daemon/common/selinux_label.c b/src/daemon/common/selinux_label.c -index 533393a6..52422970 100644 ---- a/src/daemon/common/selinux_label.c -+++ b/src/daemon/common/selinux_label.c -@@ -782,7 +782,7 @@ int init_label(const char **label_opts, size_t label_opts_len, char **dst_proces - return 0; - } - -- if (label_opts == NULL || dst_process_label == NULL || dst_mount_label == NULL) { -+ if (dst_process_label == NULL || dst_mount_label == NULL) { - ERROR("Empty arguments"); - return -1; - } --- -2.32.1 (Apple Git-133) - diff --git a/0011-update-seccomp-to-Linux-5.10-syscall-list.patch b/0011-update-seccomp-to-Linux-5.10-syscall-list.patch deleted file mode 100644 index 8e03c86..0000000 --- a/0011-update-seccomp-to-Linux-5.10-syscall-list.patch +++ /dev/null @@ -1,191 +0,0 @@ -From 55a4f57232c42a9c2d36a41de5d743ee9ebbe88e Mon Sep 17 00:00:00 2001 -From: vegbir -Date: Wed, 1 Jun 2022 13:44:37 +0800 -Subject: [PATCH 11/30] update seccomp to Linux 5.10 syscall list - -Signed-off-by: yangjiaqi ---- - src/contrib/config/seccomp_default.json | 39 +++++++++++++++++++++++-- - 1 file changed, 36 insertions(+), 3 deletions(-) - -diff --git a/src/contrib/config/seccomp_default.json b/src/contrib/config/seccomp_default.json -index 7218b99c..7b2fcad3 100644 ---- a/src/contrib/config/seccomp_default.json -+++ b/src/contrib/config/seccomp_default.json -@@ -31,10 +31,16 @@ - "chmod", - "chown", - "chown32", -+ "clock_adjtime", -+ "clock_adjtime64", - "clock_getres", -+ "clock_getres_time64", - "clock_gettime", -+ "clock_gettime64", - "clock_nanosleep", -+ "clock_nanosleep_time64", - "close", -+ "close_range", - "connect", - "copy_file_range", - "creat", -@@ -46,6 +52,7 @@ - "epoll_ctl", - "epoll_ctl_old", - "epoll_pwait", -+ "epoll_pwait2", - "epoll_wait", - "epoll_wait_old", - "eventfd", -@@ -55,6 +62,7 @@ - "exit", - "exit_group", - "faccessat", -+ "faccessat2", - "fadvise64", - "fadvise64_64", - "fallocate", -@@ -83,6 +91,7 @@ - "ftruncate", - "ftruncate64", - "futex", -+ "futex_time64", - "futimesat", - "getcpu", - "getcwd", -@@ -128,10 +137,15 @@ - "ioctl", - "io_destroy", - "io_getevents", -+ "io_pgetevents", -+ "io_pgetevents_time64", - "ioprio_get", - "ioprio_set", - "io_setup", - "io_submit", -+ "io_uring_enter", -+ "io_uring_register", -+ "io_uring_setup", - "ipc", - "kill", - "lchown", -@@ -149,6 +163,7 @@ - "lstat", - "lstat64", - "madvise", -+ "membarrier", - "memfd_create", - "mincore", - "mkdir", -@@ -165,7 +180,9 @@ - "mq_notify", - "mq_open", - "mq_timedreceive", -+ "mq_timedreceive_time64", - "mq_timedsend", -+ "mq_timedsend_time64", - "mq_unlink", - "mremap", - "msgctl", -@@ -181,17 +198,22 @@ - "_newselect", - "open", - "openat", -+ "openat2", - "pause", -+ "pidfd_open", -+ "pidfd_send_signal", - "pipe", - "pipe2", - "poll", - "ppoll", -+ "ppoll_time64", - "prctl", - "pread64", - "preadv", - "preadv2", - "prlimit64", - "pselect6", -+ "pselect6_time64", - "pwrite64", - "pwritev", - "pwritev2", -@@ -203,6 +225,7 @@ - "recv", - "recvfrom", - "recvmmsg", -+ "recvmmsg_time64", - "recvmsg", - "remap_file_pages", - "removexattr", -@@ -211,6 +234,7 @@ - "renameat2", - "restart_syscall", - "rmdir", -+ "rseq", - "rt_sigaction", - "rt_sigpending", - "rt_sigprocmask", -@@ -218,6 +242,7 @@ - "rt_sigreturn", - "rt_sigsuspend", - "rt_sigtimedwait", -+ "rt_sigtimedwait_time64", - "rt_tgsigqueueinfo", - "sched_getaffinity", - "sched_getattr", -@@ -226,6 +251,7 @@ - "sched_get_priority_min", - "sched_getscheduler", - "sched_rr_get_interval", -+ "sched_rr_get_interval_time64", - "sched_setaffinity", - "sched_setattr", - "sched_setparam", -@@ -237,6 +263,7 @@ - "semget", - "semop", - "semtimedop", -+ "semtimedop_time64", - "send", - "sendfile", - "sendfile64", -@@ -279,6 +306,7 @@ - "sigaltstack", - "signalfd", - "signalfd4", -+ "sigprocmask", - "sigreturn", - "socket", - "socketcall", -@@ -300,12 +328,16 @@ - "time", - "timer_create", - "timer_delete", -- "timerfd_create", -- "timerfd_gettime", -- "timerfd_settime", - "timer_getoverrun", - "timer_gettime", -+ "timer_gettime64", - "timer_settime", -+ "timer_settime64", -+ "timerfd_create", -+ "timerfd_gettime", -+ "timerfd_gettime64", -+ "timerfd_settime", -+ "timerfd_settime64", - "times", - "tkill", - "truncate", -@@ -317,6 +349,7 @@ - "unlinkat", - "utime", - "utimensat", -+ "utimensat_time64", - "utimes", - "vfork", - "vmsplice", --- -2.32.1 (Apple Git-133) - diff --git a/0012-fix-invalid-convert-and-format.patch b/0012-fix-invalid-convert-and-format.patch deleted file mode 100644 index 0fd0dde..0000000 --- a/0012-fix-invalid-convert-and-format.patch +++ /dev/null @@ -1,319 +0,0 @@ -From 8dcad172ea0241f35cdd464029523253ada7e99f Mon Sep 17 00:00:00 2001 -From: haozi007 -Date: Wed, 1 Jun 2022 12:53:56 +0100 -Subject: [PATCH 12/30] fix invalid convert and format - -1. invalid convert; -2. error print format; -3. unuse marco; - -Signed-off-by: haozi007 ---- - src/cmd/isula/base/create.h | 3 +-- - src/cmd/isula/information/inspect.c | 1 - - src/cmd/isula/information/ps.c | 1 - - src/cmd/isulad/isulad_commands.h | 3 +-- - src/cmd/isulad/main.c | 2 +- - src/daemon/modules/runtime/shim/shim_rt_ops.c | 11 ++++++----- - src/daemon/modules/service/service_container.c | 6 +++--- - src/daemon/modules/spec/specs_namespace.c | 8 +++++--- - src/utils/cutils/utils.c | 2 +- - src/utils/cutils/utils_aes.c | 7 +------ - src/utils/cutils/utils_aes.h | 1 - - src/utils/cutils/utils_file.c | 1 - - src/utils/cutils/utils_network.c | 11 +++++++++-- - 13 files changed, 28 insertions(+), 29 deletions(-) - -diff --git a/src/cmd/isula/base/create.h b/src/cmd/isula/base/create.h -index 36c0dc9e..467fefe8 100644 ---- a/src/cmd/isula/base/create.h -+++ b/src/cmd/isula/base/create.h -@@ -414,8 +414,7 @@ extern "C" { - "health-start-period", \ - 0, \ - &(cmdargs).custom_conf.health_start_period, \ -- "Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) " \ -- "(default 0s)", \ -+ "Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s)", \ - command_convert_nanoseconds }, \ - { CMD_OPT_TYPE_BOOL, \ - false, \ -diff --git a/src/cmd/isula/information/inspect.c b/src/cmd/isula/information/inspect.c -index 30b228a0..5058fb95 100644 ---- a/src/cmd/isula/information/inspect.c -+++ b/src/cmd/isula/information/inspect.c -@@ -639,7 +639,6 @@ out: - return ret_string; - } - --#define MATCH_NUM 1 - #define CHECK_FAILED (-1) - #ifdef __ANDROID__ - #define JSON_ARGS "^[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*(json)?[ \t\r\n\v\f]+[^ \t\r\n\v\f]+[ \t\r\n\v\f]*.*\\}[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*$" -diff --git a/src/cmd/isula/information/ps.c b/src/cmd/isula/information/ps.c -index 45296fad..74c2f94a 100644 ---- a/src/cmd/isula/information/ps.c -+++ b/src/cmd/isula/information/ps.c -@@ -765,7 +765,6 @@ static int get_header_field(const char *patten, struct filters *ff) - - static int format_field_check(const char *source, const char *patten) - { --#define MATCH_NUM 1 - #define CHECK_FAILED (-1) - int status = 0; - -diff --git a/src/cmd/isulad/isulad_commands.h b/src/cmd/isulad/isulad_commands.h -index e989466f..ad8ba9e5 100644 ---- a/src/cmd/isulad/isulad_commands.h -+++ b/src/cmd/isulad/isulad_commands.h -@@ -182,8 +182,7 @@ int command_default_ulimit_append(command_option_t *option, const char *arg); - "pod-sandbox-image", \ - 0, \ - &(cmdargs)->json_confs->pod_sandbox_image, \ -- "The image whose network/ipc namespaces containers in each pod will use. " \ -- "(default \"pause-${machine}:3.0\")", \ -+ "The image whose network/ipc namespaces containers in each pod will use. (default \"pause-${machine}:3.0\")", \ - NULL }, \ - { CMD_OPT_TYPE_STRING_DUP, \ - false, \ -diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c -index 9801c245..e644b16d 100644 ---- a/src/cmd/isulad/main.c -+++ b/src/cmd/isulad/main.c -@@ -707,7 +707,7 @@ static int update_graph_for_userns_remap(struct service_arguments *args) - goto out; - } - -- nret = snprintf(graph, sizeof(graph), "%s/%d.%d", args->json_confs->graph, host_uid, host_gid); -+ nret = snprintf(graph, sizeof(graph), "%s/%u.%u", args->json_confs->graph, host_uid, host_gid); - if (nret < 0 || (size_t)nret >= sizeof(graph)) { - ERROR("Path is too long"); - ret = -1; -diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c -index 346e6f48..21d339e5 100644 ---- a/src/daemon/modules/runtime/shim/shim_rt_ops.c -+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c -@@ -30,8 +30,6 @@ - #include "err_msg.h" - #include "engine.h" - --#define SHIM_LOG_SIZE ((BUFSIZ-100)/2) --#define PID_WAIT_TIME 120 - #define EXIT_SIGNAL_OFFSET_X 128 - - static void copy_process(shim_client_process_state *p, defs_process *dp) -@@ -112,7 +110,7 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w - int err_fd[2] = {-1, -1}; - int out_fd[2] = {-1, -1}; - char exec_buff[BUFSIZ + 1] = {0}; -- char stdout_buff[BUFSIZ + 1] = {0}; -+ char stdout_buff[PATH_MAX] = {0}; - char stderr_buff[BUFSIZ + 1] = {0}; - - -@@ -177,7 +175,10 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w - (void)dprintf(exec_fd[1], "close inherited fds failed"); - } - -- setenv("EXIT_FIFO_DIR", exit_fifo_dir, 1); -+ if (setenv("EXIT_FIFO_DIR", exit_fifo_dir, 1) != 0) { -+ (void)dprintf(exec_fd[1], "%s: failed to set env for process %d", id, getpid()); -+ exit(EXIT_FAILURE); -+ } - - execvp(binary, (char * const *)params); - (void)dprintf(exec_fd[1], "exec failed: %s", strerror(errno)); -@@ -379,7 +380,7 @@ int rt_shim_rm(const char *id, const char *runtime, const rt_rm_params_t *params - } - - nret = snprintf(libdir, sizeof(libdir), "%s/%s", params->rootpath, id); -- if (nret < 0 && nret >= sizeof(libdir)) { -+ if (nret < 0 || nret >= sizeof(libdir)) { - ERROR("failed to get shim workdir"); - ret = -1; - goto out; -diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c -index 64219423..c3c4fc1c 100644 ---- a/src/daemon/modules/service/service_container.c -+++ b/src/daemon/modules/service/service_container.c -@@ -1233,7 +1233,7 @@ static int send_signal_to_process(pid_t pid, unsigned long long start_time, uint - return 0; - } - --static int container_stop_signal(container_t *cont) -+static uint32_t container_stop_signal(container_t *cont) - { - int signal = 0; - -@@ -1245,7 +1245,7 @@ static int container_stop_signal(container_t *cont) - signal = SIGTERM; - } - -- return signal; -+ return (uint32_t)signal; - } - - static int kill_with_signal(container_t *cont, uint32_t signal) -@@ -1253,7 +1253,7 @@ static int kill_with_signal(container_t *cont, uint32_t signal) - int ret = 0; - int nret = 0; - const char *id = cont->common_config->id; -- int stop_signal = container_stop_signal(cont); -+ uint32_t stop_signal = container_stop_signal(cont); - bool need_unpause = container_is_paused(cont->state); - rt_resume_params_t params = { 0 }; - char annotations[EVENT_EXTRA_ANNOTATION_MAX] = { 0 }; -diff --git a/src/daemon/modules/spec/specs_namespace.c b/src/daemon/modules/spec/specs_namespace.c -index e9f98d00..3888f556 100644 ---- a/src/daemon/modules/spec/specs_namespace.c -+++ b/src/daemon/modules/spec/specs_namespace.c -@@ -191,7 +191,7 @@ int get_network_namespace_path(const host_config *host_spec, - const container_config_v2_common_config_network_settings *network_settings, - const char *type, char **dest_path) - { -- int index; -+ size_t index = 0; - int ret = -1; - struct get_netns_path_handler handler_jump_table[] = { - { SHARE_NAMESPACE_NONE, handle_get_path_from_none }, -@@ -200,11 +200,13 @@ int get_network_namespace_path(const host_config *host_spec, - { SHARE_NAMESPACE_FILE, handle_get_path_from_file }, - }; - size_t jump_table_size = sizeof(handler_jump_table) / sizeof(handler_jump_table[0]); -- const char *network_mode = host_spec->network_mode; -+ const char *network_mode = NULL; - -- if (network_mode == NULL || dest_path == NULL) { -+ if (host_spec == NULL || network_mode == NULL || dest_path == NULL) { -+ ERROR("Invalid input"); - return -1; - } -+ network_mode = host_spec->network_mode; - - for (index = 0; index < jump_table_size; ++index) { - if (strncmp(network_mode, handler_jump_table[index].mode, strlen(handler_jump_table[index].mode)) == 0) { -diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c -index 30ff629f..a47c5644 100644 ---- a/src/utils/cutils/utils.c -+++ b/src/utils/cutils/utils.c -@@ -1549,7 +1549,7 @@ out: - int convert_v2_runtime(const char *runtime, char *binary) - { - char **parts = NULL; -- int parts_len = 0; -+ size_t parts_len = 0; - char buf[PATH_MAX] = {0}; - int ret = 0; - -diff --git a/src/utils/cutils/utils_aes.c b/src/utils/cutils/utils_aes.c -index 5dc822a2..dec1e8bc 100644 ---- a/src/utils/cutils/utils_aes.c -+++ b/src/utils/cutils/utils_aes.c -@@ -28,8 +28,6 @@ - #include "openssl/evp.h" - #include "utils_file.h" - --#define AES_256_CFB_IV_LEN 16 -- - int util_aes_key(char *key_file, bool create, unsigned char *aeskey) - { - char *key_dir = NULL; -@@ -83,7 +81,6 @@ int util_aes_key(char *key_file, bool create, unsigned char *aeskey) - - out: - free(key_dir); -- key_dir = NULL; - if (fd != 0) { - close(fd); - } -@@ -97,7 +94,7 @@ size_t util_aes_decode_buf_len(size_t len) - return len; - } - -- return (len / AES_BLOCK_SIZE * AES_BLOCK_SIZE) + AES_BLOCK_SIZE; -+ return (len / AES_BLOCK_SIZE) * AES_BLOCK_SIZE + AES_BLOCK_SIZE; - } - - size_t util_aes_encode_buf_len(size_t len) -@@ -179,7 +176,6 @@ int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns - - out: - EVP_CIPHER_CTX_free(ctx); -- ctx = NULL; - if (ret != 0) { - free(*out); - *out = NULL; -@@ -262,7 +258,6 @@ int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns - - out: - EVP_CIPHER_CTX_free(ctx); -- ctx = NULL; - if (ret != 0) { - free(*out); - *out = NULL; -diff --git a/src/utils/cutils/utils_aes.h b/src/utils/cutils/utils_aes.h -index 2bfe3ea6..d429c9e0 100644 ---- a/src/utils/cutils/utils_aes.h -+++ b/src/utils/cutils/utils_aes.h -@@ -17,7 +17,6 @@ - #define UTILS_CUTILS_UTILS_AES_H - - #include --#include - #include - #include - -diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c -index 45e4842b..00f586f1 100644 ---- a/src/utils/cutils/utils_file.c -+++ b/src/utils/cutils/utils_file.c -@@ -1619,7 +1619,6 @@ static int do_check_args(const char *path) - - char *util_read_content_from_file(const char *path) - { --#define FILE_MODE 0640 - char *buf = NULL; - char rpath[PATH_MAX + 1] = { 0 }; - int fd = -1; -diff --git a/src/utils/cutils/utils_network.c b/src/utils/cutils/utils_network.c -index 1ca901ea..5192d06f 100644 ---- a/src/utils/cutils/utils_network.c -+++ b/src/utils/cutils/utils_network.c -@@ -27,6 +27,7 @@ - #include - #include - -+#include "utils.h" - #include "utils_fs.h" - #include "utils_file.h" - #include "constants.h" -@@ -67,10 +68,16 @@ out: - - static void* mount_netns(void *netns_path) - { -- int *ecode = (int *)malloc(sizeof(int)); -+ int *ecode = NULL; - char fullpath[PATH_MAX] = { 0x00 }; - int ret = 0; - -+ ecode = (int *)util_common_calloc_s(sizeof(int)); -+ if (ecode == NULL) { -+ ERROR("Out of memory"); -+ return NULL; -+ } -+ - if (unshare(CLONE_NEWNET) != 0) { - ERROR("Failed to unshare"); - goto err_out; -@@ -102,7 +109,7 @@ int util_mount_namespace(const char *netns_path) - int ret = 0; - void *status = NULL; - -- ret = pthread_create(&newns_thread, NULL, (void *)&mount_netns, (void *)netns_path); -+ ret = pthread_create(&newns_thread, NULL, mount_netns, (void *)netns_path); - if (ret != 0) { - ERROR("Failed to create thread"); - return -1; --- -2.32.1 (Apple Git-133) - diff --git a/0013-fix-get_network_namespace_path-check.patch b/0013-fix-get_network_namespace_path-check.patch deleted file mode 100644 index 6d33d2c..0000000 --- a/0013-fix-get_network_namespace_path-check.patch +++ /dev/null @@ -1,33 +0,0 @@ -From a96ad33008671e61bddebb744a7ac0aa3798313b Mon Sep 17 00:00:00 2001 -From: zhangxiaoyu -Date: Thu, 2 Jun 2022 10:33:07 +0800 -Subject: [PATCH 13/30] fix get_network_namespace_path check - -Signed-off-by: zhangxiaoyu ---- - src/daemon/modules/spec/specs_namespace.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/src/daemon/modules/spec/specs_namespace.c b/src/daemon/modules/spec/specs_namespace.c -index 3888f556..2bf4cc36 100644 ---- a/src/daemon/modules/spec/specs_namespace.c -+++ b/src/daemon/modules/spec/specs_namespace.c -@@ -200,13 +200,12 @@ int get_network_namespace_path(const host_config *host_spec, - { SHARE_NAMESPACE_FILE, handle_get_path_from_file }, - }; - size_t jump_table_size = sizeof(handler_jump_table) / sizeof(handler_jump_table[0]); -- const char *network_mode = NULL; -+ const char *network_mode = host_spec->network_mode; - -- if (host_spec == NULL || network_mode == NULL || dest_path == NULL) { -+ if (network_mode == NULL || dest_path == NULL) { - ERROR("Invalid input"); - return -1; - } -- network_mode = host_spec->network_mode; - - for (index = 0; index < jump_table_size; ++index) { - if (strncmp(network_mode, handler_jump_table[index].mode, strlen(handler_jump_table[index].mode)) == 0) { --- -2.32.1 (Apple Git-133) - diff --git a/0014-bugfix-for-double-free-and-use-after-free.patch b/0014-bugfix-for-double-free-and-use-after-free.patch deleted file mode 100644 index ec439b5..0000000 --- a/0014-bugfix-for-double-free-and-use-after-free.patch +++ /dev/null @@ -1,227 +0,0 @@ -From 7934311c1b1003021449b92900f3102ff77395e2 Mon Sep 17 00:00:00 2001 -From: zhangxiaoyu -Date: Tue, 7 Jun 2022 15:19:20 +0800 -Subject: [PATCH 14/30] bugfix for double free and use after free - -Signed-off-by: zhangxiaoyu ---- - src/client/connect/rest/rest_images_client.c | 2 +- - src/cmd/isula/information/ps.c | 4 ++- - src/daemon/common/sysinfo.c | 3 +- - .../cri_pod_sandbox_manager_service_impl.cc | 3 +- - .../entry/cri/websocket/service/ws_server.h | 19 +++++----- - .../oci/storage/image_store/image_store.c | 36 ++++++++++++++----- - .../oci/storage/layer_store/layer_store.c | 3 +- - src/utils/console/console.c | 2 +- - 8 files changed, 48 insertions(+), 24 deletions(-) - -diff --git a/src/client/connect/rest/rest_images_client.c b/src/client/connect/rest/rest_images_client.c -index 3deeeead..c2fc17f1 100644 ---- a/src/client/connect/rest/rest_images_client.c -+++ b/src/client/connect/rest/rest_images_client.c -@@ -929,7 +929,7 @@ out: - static int rest_image_import(const struct isula_import_request *request, struct isula_import_response *response, - void *arg) - { -- -+ - client_connect_config_t *connect_config = (client_connect_config_t *)arg; - const char *socketname = (const char *)(connect_config->socket); - char *body = NULL; -diff --git a/src/cmd/isula/information/ps.c b/src/cmd/isula/information/ps.c -index 74c2f94a..805cbbd6 100644 ---- a/src/cmd/isula/information/ps.c -+++ b/src/cmd/isula/information/ps.c -@@ -904,14 +904,16 @@ static int append_non_header_item_field(const char *prefix, const char *non_fiel - ret = -1; - goto out; - } -+ - field->name = non_field_string; -+ non_field_string = NULL; - field->is_field = false; -+ - if (append_field(ff, field) != 0) { - ERROR("Failed to append field"); - ret = -1; - goto out; - } -- non_field_string = NULL; - field = NULL; - - out: -diff --git a/src/daemon/common/sysinfo.c b/src/daemon/common/sysinfo.c -index 89ca5225..d52f8767 100644 ---- a/src/daemon/common/sysinfo.c -+++ b/src/daemon/common/sysinfo.c -@@ -1309,7 +1309,8 @@ out: - } - - #ifdef __ANDROID__ --static bool cgroup2_no_controller() { -+static bool cgroup2_no_controller() -+{ - char *controllers_str = NULL; - - controllers_str = util_read_content_from_file(CGROUP2_CONTROLLERS_PATH); -diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc -index f0c8e470..4bc9845f 100644 ---- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc -+++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc -@@ -99,7 +99,8 @@ void PodSandboxManagerServiceImpl::ApplySandboxResources(const runtime::v1alpha2 - } - - --void PodSandboxManagerServiceImpl::SetHostConfigDefaultValue(host_config *hc) { -+void PodSandboxManagerServiceImpl::SetHostConfigDefaultValue(host_config *hc) -+{ - free(hc->network_mode); - hc->network_mode = util_strdup_s(CRI::Constants::namespaceModeFile.c_str()); - } -diff --git a/src/daemon/entry/cri/websocket/service/ws_server.h b/src/daemon/entry/cri/websocket/service/ws_server.h -index 4af54067..b871aabc 100644 ---- a/src/daemon/entry/cri/websocket/service/ws_server.h -+++ b/src/daemon/entry/cri/websocket/service/ws_server.h -@@ -30,8 +30,7 @@ - #include "errors.h" - #include "read_write_lock.h" - --namespace --{ -+namespace { - const int MAX_ECHO_PAYLOAD = 4096; - const int MAX_ARRAY_LEN = 2; - const int MAX_PROTOCOL_NUM = 2; -@@ -97,13 +96,15 @@ private: - static struct lws_context *m_context; - volatile int m_forceExit = 0; - std::thread m_pthreadService; -- const struct lws_protocols m_protocols[MAX_PROTOCOL_NUM] = { { -- "channel.k8s.io", -- Callback, -- 0, -- MAX_ECHO_PAYLOAD, -- }, -- { nullptr, nullptr, 0, 0 } }; -+ const struct lws_protocols m_protocols[MAX_PROTOCOL_NUM] = { -+ { -+ "channel.k8s.io", -+ Callback, -+ 0, -+ MAX_ECHO_PAYLOAD, -+ }, -+ { nullptr, nullptr, 0, 0 } -+ }; - RouteCallbackRegister m_handler; - static std::unordered_map m_wsis; - url::URLDatum m_url; -diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c -index 727991fe..edb28b78 100644 ---- a/src/daemon/modules/image/oci/storage/image_store/image_store.c -+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c -@@ -734,6 +734,7 @@ static int image_store_append_image(const char *id, const char *searchable_diges - { - int ret = 0; - size_t i = 0; -+ size_t record_name_len = 0; - struct linked_list *item = NULL; - - item = util_smart_calloc_s(sizeof(struct linked_list), 1); -@@ -748,33 +749,52 @@ static int image_store_append_image(const char *id, const char *searchable_diges - if (!map_insert(g_image_store->byid, (void *)id, (void *)img)) { - ERROR("Failed to insert image to image store"); - ret = -1; -- goto out; -+ goto list_err_out; - } - - if (append_image_according_to_digest(g_image_store->bydigest, searchable_digest, img) != 0) { - ERROR("Failed to insert image to image store digest index"); - ret = -1; -- goto out; -+ goto id_err_out; - } - - for (i = 0; i < img->simage->names_len; i++) { - if (map_search(g_image_store->byname, (void *)img->simage->names[i]) != NULL) { - ERROR("Image name is already in use : %s", img->simage->names[i]); - ret = -1; -- goto out; -+ goto err_out; - } - if (!map_insert(g_image_store->byname, (void *)img->simage->names[i], (void *)img)) { - ERROR("Failed to insert image to image store's byname"); - ret = -1; -- goto out; -+ goto err_out; - } - } - --out: -- if (ret != 0) { -- linked_list_del(item); -- free(item); -+ return 0; -+ -+err_out: -+ record_name_len = i; -+ for (i = 0; i < record_name_len; i++) { -+ if (!map_remove(g_image_store->byname, (void *)img->simage->names[i])) { -+ ERROR("Failed to remove image from image store's byname"); -+ } - } -+ -+ if (remove_image_from_digest_index(img, searchable_digest) != 0) { -+ ERROR("Failed to remove image from image store digest index"); -+ } -+ -+id_err_out: -+ if (!map_remove(g_image_store->byid, (void *)id)) { -+ ERROR("Failed to remove image from ids map in image store"); -+ } -+ -+list_err_out: -+ linked_list_del(item); -+ g_image_store->images_list_len--; -+ free(item); -+ - return ret; - } - -diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c -index a35f61ee..bb9e5b94 100644 ---- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c -+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c -@@ -212,6 +212,7 @@ static bool append_layer_into_list(layer_t *l) - return true; - } - -+// only delete item from list, free item->elem by caller - static inline void delete_g_layer_list_item(struct linked_list *item) - { - if (item == NULL) { -@@ -220,8 +221,6 @@ static inline void delete_g_layer_list_item(struct linked_list *item) - - linked_list_del(item); - -- layer_ref_dec((layer_t *)item->elem); -- item->elem = NULL; - free(item); - g_metadata.layers_list_len -= 1; - } -diff --git a/src/utils/console/console.c b/src/utils/console/console.c -index 8492eb4d..b0dc7ee5 100644 ---- a/src/utils/console/console.c -+++ b/src/utils/console/console.c -@@ -253,7 +253,7 @@ int console_fifo_open(const char *fifo_path, int *fdout, int flags) - { - int fd = 0; - -- if (fifo_path ==NULL || fdout == NULL) { -+ if (fifo_path == NULL || fdout == NULL) { - ERROR("Argument must not be NULL"); - return -1; - } --- -2.32.1 (Apple Git-133) - diff --git a/0015-fix-isulad-shim-coredump-when-remove-ioc-fd-node.patch b/0015-fix-isulad-shim-coredump-when-remove-ioc-fd-node.patch deleted file mode 100644 index 6d02318..0000000 --- a/0015-fix-isulad-shim-coredump-when-remove-ioc-fd-node.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 18db58c919bb9767bbe2f11c7447cfed27312c63 Mon Sep 17 00:00:00 2001 -From: zhangxiaoyu -Date: Thu, 9 Jun 2022 21:16:26 +0800 -Subject: [PATCH 15/30] fix isulad-shim coredump when remove ioc fd node - -Signed-off-by: zhangxiaoyu ---- - src/cmd/isulad-shim/process.c | 19 +++++++++++++------ - 1 file changed, 13 insertions(+), 6 deletions(-) - -diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c -index 21b2523a..6de470f7 100644 ---- a/src/cmd/isulad-shim/process.c -+++ b/src/cmd/isulad-shim/process.c -@@ -195,10 +195,6 @@ static void remove_io_dispatch(io_thread_t *io_thd, int from, int to) - } - io_copy_t *ioc = io_thd->ioc; - -- if (pthread_mutex_lock(&(ioc->mutex))) { -- return; -- } -- - fd_node_t *tmp = NULL; - do { - /* remove src fd */ -@@ -233,7 +229,6 @@ static void remove_io_dispatch(io_thread_t *io_thd, int from, int to) - free(tmp); - tmp = NULL; - } -- pthread_mutex_unlock(&(ioc->mutex)); - } - - static int get_exec_winsize(const char *buf, struct winsize *wsize) -@@ -297,8 +292,14 @@ static void *do_io_copy(void *data) - /* End of file. The remote has closed the connection */ - break; - } else if (ioc->id != EXEC_RESIZE) { -+ if (pthread_mutex_lock(&(ioc->mutex)) != 0) { -+ continue; -+ } -+ - fd_node_t *fn = ioc->fd_to; -- for (; fn != NULL; fn = fn->next) { -+ fd_node_t *next = fn; -+ for (; fn != NULL; fn = next) { -+ next = fn->next; - if (fn->is_log) { - shim_write_container_log_file(io_thd->terminal, ioc->id, buf, r_count); - } else { -@@ -309,7 +310,12 @@ static void *do_io_copy(void *data) - } - } - } -+ pthread_mutex_unlock(&(ioc->mutex)); - } else { -+ if (pthread_mutex_lock(&(ioc->mutex)) != 0) { -+ continue; -+ } -+ - int resize_fd = ioc->fd_to->fd; - struct winsize wsize = { 0x00 }; - if (get_exec_winsize(buf, &wsize) < 0) { -@@ -318,6 +324,7 @@ static void *do_io_copy(void *data) - if (ioctl(resize_fd, TIOCSWINSZ, &wsize) < 0) { - break; - } -+ pthread_mutex_unlock(&(ioc->mutex)); - } - - /* --- -2.32.1 (Apple Git-133) - diff --git a/0016-do-not-fail-if-pw-is-not-NULL.patch b/0016-do-not-fail-if-pw-is-not-NULL.patch deleted file mode 100644 index 168b62f..0000000 --- a/0016-do-not-fail-if-pw-is-not-NULL.patch +++ /dev/null @@ -1,65 +0,0 @@ -From ae49fce8e19f7544c463cfbff58794f35f44c493 Mon Sep 17 00:00:00 2001 -From: WangFengTu -Date: Thu, 9 Jun 2022 16:17:52 +0800 -Subject: [PATCH 16/30] do not fail if pw is not NULL - -Signed-off-by: WangFengTu ---- - src/utils/cutils/utils_pwgr.c | 7 +------ - test/cutils/utils_pwgr/utils_pwgr_ut.cc | 5 ++--- - 2 files changed, 3 insertions(+), 9 deletions(-) - -diff --git a/src/utils/cutils/utils_pwgr.c b/src/utils/cutils/utils_pwgr.c -index 01490863..6b83f787 100644 ---- a/src/utils/cutils/utils_pwgr.c -+++ b/src/utils/cutils/utils_pwgr.c -@@ -212,11 +212,6 @@ int util_getpwent_r(FILE *stream, struct passwd *resbuf, char *buffer, size_t bu - return -1; - } - -- if (*result != NULL) { -- ERROR("Result shall point to null to start."); -- return -1; -- } -- - buff_end = buffer + buflen - 1; - flockfile(stream); - -@@ -337,4 +332,4 @@ int util_getgrent_r(FILE *stream, struct group *resbuf, char *buffer, size_t buf - out: - funlockfile(stream); - return ret; --} -\ No newline at end of file -+} -diff --git a/test/cutils/utils_pwgr/utils_pwgr_ut.cc b/test/cutils/utils_pwgr/utils_pwgr_ut.cc -index 00a32e05..bf9c9f06 100644 ---- a/test/cutils/utils_pwgr/utils_pwgr_ut.cc -+++ b/test/cutils/utils_pwgr/utils_pwgr_ut.cc -@@ -44,7 +44,7 @@ TEST(utils_pwgr, test_getpwent_r) - ASSERT_EQ(util_getpwent_r(NULL, &pw, buf, sizeof(buf), &ppw), -1); - ASSERT_EQ(util_getpwent_r(f_pw, &pw, NULL, 0, &ppw), -1); - ASSERT_EQ(util_getpwent_r(f_pw, &pw, invalid_buf, 1, &ppw), -1); -- ASSERT_EQ(util_getpwent_r(f_pw, &pw, buf, sizeof(buf), &ppw_alter), -1); -+ ASSERT_EQ(util_getpwent_r(f_pw, &pw, buf, sizeof(buf), &ppw_alter), 0); - ASSERT_EQ(util_getpwent_r(f_pw, &pw, buf, sizeof(buf), NULL), -1); - - while (!feof(f_pw)) { -@@ -65,7 +65,6 @@ TEST(utils_pwgr, test_getpwent_r) - ASSERT_STREQ(pw.pw_dir, std::get<5>(elem).c_str()); - ASSERT_STREQ(pw.pw_shell, std::get<6>(elem).c_str()); - EXPECT_TRUE(ppw == &pw); -- ppw = nullptr; - pw = {0}; - } - -@@ -134,4 +133,4 @@ TEST(utils_pwgr, test_getgrent_r) - } - - fclose(f_gr); --} -\ No newline at end of file -+} --- -2.32.1 (Apple Git-133) - diff --git a/0017-do-not-fail-if-gr-is-NULL.patch b/0017-do-not-fail-if-gr-is-NULL.patch deleted file mode 100644 index d175cc2..0000000 --- a/0017-do-not-fail-if-gr-is-NULL.patch +++ /dev/null @@ -1,51 +0,0 @@ -From b4596641a08891bfec9384f87815c8e671d594d4 Mon Sep 17 00:00:00 2001 -From: WangFengTu -Date: Thu, 9 Jun 2022 17:07:40 +0800 -Subject: [PATCH 17/30] do not fail if gr is NULL - -Signed-off-by: WangFengTu ---- - src/utils/cutils/utils_pwgr.c | 5 ----- - test/cutils/utils_pwgr/utils_pwgr_ut.cc | 3 +-- - 2 files changed, 1 insertion(+), 7 deletions(-) - -diff --git a/src/utils/cutils/utils_pwgr.c b/src/utils/cutils/utils_pwgr.c -index 6b83f787..b3aed14b 100644 ---- a/src/utils/cutils/utils_pwgr.c -+++ b/src/utils/cutils/utils_pwgr.c -@@ -279,11 +279,6 @@ int util_getgrent_r(FILE *stream, struct group *resbuf, char *buffer, size_t buf - return -1; - } - -- if (*result != NULL) { -- ERROR("Result shall point to null to start."); -- return -1; -- } -- - flockfile(stream); - buff_end = buffer + buflen - 1; - -diff --git a/test/cutils/utils_pwgr/utils_pwgr_ut.cc b/test/cutils/utils_pwgr/utils_pwgr_ut.cc -index bf9c9f06..c289e2b9 100644 ---- a/test/cutils/utils_pwgr/utils_pwgr_ut.cc -+++ b/test/cutils/utils_pwgr/utils_pwgr_ut.cc -@@ -106,7 +106,7 @@ TEST(utils_pwgr, test_getgrent_r) - ASSERT_EQ(util_getgrent_r(NULL, &gr, buf, sizeof(buf), &pgr), -1); - ASSERT_EQ(util_getgrent_r(f_gr, &gr, NULL, 0, &pgr), -1); - ASSERT_EQ(util_getgrent_r(f_gr, &gr, invalid_buf, 1, &pgr), -1); -- ASSERT_EQ(util_getgrent_r(f_gr, &gr, buf, sizeof(buf), &pgr_alter), -1); -+ ASSERT_EQ(util_getgrent_r(f_gr, &gr, buf, sizeof(buf), &pgr_alter), 0); - ASSERT_EQ(util_getgrent_r(f_gr, &gr, buf, sizeof(buf), NULL), -1); - - while (!feof(f_gr)) { -@@ -129,7 +129,6 @@ TEST(utils_pwgr, test_getgrent_r) - } - EXPECT_TRUE(pgr == &gr); - gr = {0}; -- pgr = nullptr; - } - - fclose(f_gr); --- -2.32.1 (Apple Git-133) - diff --git a/0018-fix-memory-leak-of-remove-layer.patch b/0018-fix-memory-leak-of-remove-layer.patch deleted file mode 100644 index 0767ba7..0000000 --- a/0018-fix-memory-leak-of-remove-layer.patch +++ /dev/null @@ -1,56 +0,0 @@ -From eb168d32053f9204336c37af98210810957cedd2 Mon Sep 17 00:00:00 2001 -From: haozi007 -Date: Fri, 10 Jun 2022 04:10:39 +0100 -Subject: [PATCH 18/30] fix memory leak of remove layer - -Signed-off-by: haozi007 ---- - .../image/oci/storage/layer_store/layer_store.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c -index bb9e5b94..7e95a52f 100644 ---- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c -+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c -@@ -213,7 +213,7 @@ static bool append_layer_into_list(layer_t *l) - } - - // only delete item from list, free item->elem by caller --static inline void delete_g_layer_list_item(struct linked_list *item) -+static inline void delete_g_layer_list_item(struct linked_list *item, bool rm_val) - { - if (item == NULL) { - return; -@@ -221,6 +221,11 @@ static inline void delete_g_layer_list_item(struct linked_list *item) - - linked_list_del(item); - -+ if (rm_val) { -+ layer_ref_dec((layer_t *)item->elem); -+ item->elem = NULL; -+ } -+ - free(item); - g_metadata.layers_list_len -= 1; - } -@@ -235,7 +240,7 @@ void remove_layer_list_tail() - - item = g_metadata.layers_list.prev; - -- delete_g_layer_list_item(item); -+ delete_g_layer_list_item(item, false); - } - - static bool init_from_conf(const struct storage_module_init_options *conf) -@@ -725,7 +730,7 @@ static int remove_memory_stores(const char *id) - if (strcmp(tl->slayer->id, id) != 0) { - continue; - } -- delete_g_layer_list_item(item); -+ delete_g_layer_list_item(item, true); - break; - } - --- -2.32.1 (Apple Git-133) - diff --git a/0019-add-null-terminal-at-end-of-gr-mem-list.patch b/0019-add-null-terminal-at-end-of-gr-mem-list.patch deleted file mode 100644 index 4627910..0000000 --- a/0019-add-null-terminal-at-end-of-gr-mem-list.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 12bbd939c1c2c55d0906b5a53a0b9b26b616c56b Mon Sep 17 00:00:00 2001 -From: haozi007 -Date: Fri, 10 Jun 2022 04:16:48 +0100 -Subject: [PATCH 19/30] add null terminal at end of gr mem list - -Signed-off-by: haozi007 ---- - src/utils/cutils/utils_pwgr.c | 4 +++- - test/cutils/utils_pwgr/utils_pwgr_ut.cc | 9 +++++++-- - 2 files changed, 10 insertions(+), 3 deletions(-) - -diff --git a/src/utils/cutils/utils_pwgr.c b/src/utils/cutils/utils_pwgr.c -index b3aed14b..a3c41dd5 100644 ---- a/src/utils/cutils/utils_pwgr.c -+++ b/src/utils/cutils/utils_pwgr.c -@@ -144,7 +144,7 @@ static char **hold_string_list(char **line, char *buf_start, char *buf_end, cons - - for (; walker < (char **)buf_end; ++walker) { - if (**line == '\0') { -- return result; -+ goto out; - } - - (void)util_trim_space(*line); -@@ -155,6 +155,8 @@ static char **hold_string_list(char **line, char *buf_start, char *buf_end, cons - } - } - -+out: -+ *walker = NULL; - return result; - } - -diff --git a/test/cutils/utils_pwgr/utils_pwgr_ut.cc b/test/cutils/utils_pwgr/utils_pwgr_ut.cc -index c289e2b9..2a6b7e08 100644 ---- a/test/cutils/utils_pwgr/utils_pwgr_ut.cc -+++ b/test/cutils/utils_pwgr/utils_pwgr_ut.cc -@@ -123,8 +123,13 @@ TEST(utils_pwgr, test_getgrent_r) - ASSERT_STREQ(gr.gr_passwd, std::get<1>(testcase[i]).c_str()); - ASSERT_EQ(gr.gr_gid, std::get<2>(testcase[i])); - if (string_list[i].size()) { -- for (j = 0; j < string_list[i].size(); ++j) { -- EXPECT_TRUE(strcmp(gr.gr_mem[j], string_list[i][j].c_str()) == 0); -+ char **walker = gr.gr_mem; -+ j = 0; -+ // use pointer to ensure gr_mem has end null pointer -+ while (walker != NULL && *walker != NULL) { -+ EXPECT_TRUE(strcmp(*walker, string_list[i][j].c_str()) == 0); -+ walker++; -+ j++; - } - } - EXPECT_TRUE(pgr == &gr); --- -2.32.1 (Apple Git-133) - diff --git a/0020-fix-shm-size-set-invalid-when-reboot.patch b/0020-fix-shm-size-set-invalid-when-reboot.patch deleted file mode 100644 index b8e7367..0000000 --- a/0020-fix-shm-size-set-invalid-when-reboot.patch +++ /dev/null @@ -1,246 +0,0 @@ -From b289a6b384ac5ba474dd477b2a92b89244b27c24 Mon Sep 17 00:00:00 2001 -From: zhangxiaoyu -Date: Mon, 13 Jun 2022 14:35:46 +0800 -Subject: [PATCH 20/30] fix shm size set invalid when reboot - -Signed-off-by: zhangxiaoyu ---- - .../modules/service/service_container.c | 8 +++ - src/daemon/modules/spec/specs_mount.c | 63 +++++++++++++++---- - src/daemon/modules/spec/specs_mount.h | 2 + - .../image/oci/oci_config_merge/CMakeLists.txt | 1 + - test/specs/specs/CMakeLists.txt | 1 + - test/specs/specs_extend/CMakeLists.txt | 1 + - 6 files changed, 63 insertions(+), 13 deletions(-) - -diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c -index c3c4fc1c..43a4a0c9 100644 ---- a/src/daemon/modules/service/service_container.c -+++ b/src/daemon/modules/service/service_container.c -@@ -43,6 +43,7 @@ - #include "events_sender_api.h" - #include "image_api.h" - #include "specs_api.h" -+#include "specs_mount.h" - #include "isulad_config.h" - #include "verify.h" - #include "plugin_api.h" -@@ -735,6 +736,13 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo - goto close_exit_fd; - } - -+ nret = setup_ipc_dirs(cont->hostconfig, cont->common_config); -+ if (nret != 0) { -+ ERROR("Failed to setup ipc dirs"); -+ ret = -1; -+ goto close_exit_fd; -+ } -+ - // embedded conainter is readonly, create mtab link will fail - // kata-runtime container's qemu donot support to create mtab in host - if (strcmp(IMAGE_TYPE_EMBEDDED, cont->common_config->image_type) != 0 && strcmp(KATA_RUNTIME, cont->runtime) != 0) { -diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c -index b35061d8..e55832c5 100644 ---- a/src/daemon/modules/spec/specs_mount.c -+++ b/src/daemon/modules/spec/specs_mount.c -@@ -49,6 +49,7 @@ - #include "utils_file.h" - #include "utils_string.h" - #include "utils_verify.h" -+#include "utils_fs.h" - #include "image_api.h" - #include "volume_api.h" - #include "parse_volume.h" -@@ -2574,10 +2575,11 @@ static int chown_for_shm(const char *shm_path, const char *user_remap) - - static char *get_prepare_share_shm_path(const char *truntime, const char *cid) - { --#define SHM_MOUNT_FILE_NAME "/mounts/shm/" -+#define SHM_MOUNT_FILE_NAME "/mounts/shm" - char *c_root_path = NULL; - size_t slen = 0; - char *spath = NULL; -+ char real_root_path[PATH_MAX] = { 0 }; - int nret = 0; - - if (truntime == NULL) { -@@ -2588,19 +2590,24 @@ static char *get_prepare_share_shm_path(const char *truntime, const char *cid) - goto err_out; - } - -- // c_root_path + "/" + cid + "/mounts/shm" -- if (strlen(c_root_path) > (((PATH_MAX - strlen(cid)) - 1) - strlen(SHM_MOUNT_FILE_NAME)) - 1) { -+ if (realpath(c_root_path, real_root_path) == NULL) { -+ ERROR("Failed to get %s realpath", c_root_path); -+ goto err_out; -+ } -+ -+ // real_root_path + "/" + cid + "/mounts/shm" -+ if (strlen(real_root_path) > (((PATH_MAX - strlen(cid)) - 1) - strlen(SHM_MOUNT_FILE_NAME)) - 1) { - ERROR("Too large path"); - goto err_out; - } -- slen = strlen(c_root_path) + 1 + strlen(cid) + strlen(SHM_MOUNT_FILE_NAME) + 1; -+ slen = strlen(real_root_path) + 1 + strlen(cid) + strlen(SHM_MOUNT_FILE_NAME) + 1; - spath = util_smart_calloc_s(sizeof(char), slen); - if (spath == NULL) { - ERROR("Out of memory"); - goto err_out; - } - -- nret = snprintf(spath, slen, "%s/%s/mounts/shm/", c_root_path, cid); -+ nret = snprintf(spath, slen, "%s/%s/mounts/shm", real_root_path, cid); - if (nret < 0 || nret >= slen) { - ERROR("Sprintf failed"); - goto err_out; -@@ -2637,7 +2644,7 @@ out: - return ret; - } - --static int prepare_share_shm(host_config *host_spec, container_config_v2_common_config *v2_spec) -+int setup_ipc_dirs(host_config *host_spec, container_config_v2_common_config *v2_spec) - { - #define MAX_PROPERTY_LEN 64 - char shmproperty[MAX_PROPERTY_LEN] = { 0 }; -@@ -2650,14 +2657,26 @@ static int prepare_share_shm(host_config *host_spec, container_config_v2_common_ - char *p = NULL; - char *userns_remap = NULL; - #endif -- // has mount for /dev/shm -- if (has_mount_shm(host_spec, v2_spec)) { -+ -+ // ignore shm of system container -+ if (host_spec->system_container) { -+ return 0; -+ } -+ // setup shareable dirs -+ if (host_spec->ipc_mode != NULL && !namespace_is_shareable(host_spec->ipc_mode)) { - return 0; - } - - spath = get_prepare_share_shm_path(host_spec->runtime, v2_spec->id); - if (spath == NULL) { -- goto out; -+ return -1; -+ } -+ -+ // container shm has been mounted -+ if (util_detect_mounted(spath)) { -+ DEBUG("shm path %s has been mounted", spath); -+ free(spath); -+ return 0; - } - - nret = util_mkdir_p(spath, 0700); -@@ -2683,7 +2702,6 @@ static int prepare_share_shm(host_config *host_spec, container_config_v2_common_ - goto out; - } - -- v2_spec->shm_path = spath; - #ifdef ENABLE_USERNS_REMAP - userns_remap = conf_get_isulad_userns_remap(); - -@@ -2716,7 +2734,6 @@ static int prepare_share_shm(host_config *host_spec, container_config_v2_common_ - } - #endif - -- spath = NULL; - ret = 0; - out: - if (ret != 0 && has_mount) { -@@ -2777,8 +2794,22 @@ out_free: - return ret; - } - -+static int set_share_shm(const host_config *host_spec, container_config_v2_common_config *v2_spec) -+{ -+ char *spath = NULL; -+ -+ spath = get_prepare_share_shm_path(host_spec->runtime, v2_spec->id); -+ if (spath == NULL) { -+ return -1; -+ } -+ -+ v2_spec->shm_path = spath; -+ -+ return 0; -+} -+ - #define SHM_MOUNT_POINT "/dev/shm" --static int setup_ipc_dirs(host_config *host_spec, container_config_v2_common_config *v2_spec) -+static int set_shm_path(host_config *host_spec, container_config_v2_common_config *v2_spec) - { - int ret = 0; - container_t *cont = NULL; -@@ -2791,7 +2822,7 @@ static int setup_ipc_dirs(host_config *host_spec, container_config_v2_common_con - } - // setup shareable dirs - if (host_spec->ipc_mode == NULL || namespace_is_shareable(host_spec->ipc_mode)) { -- return prepare_share_shm(host_spec, v2_spec); -+ return set_share_shm(host_spec, v2_spec); - } - - if (namespace_is_container(host_spec->ipc_mode)) { -@@ -3334,6 +3365,12 @@ int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec, contai - goto out; - } - -+ if (set_shm_path(host_spec, v2_spec) != 0) { -+ ERROR("Failed to set shm path"); -+ ret = -1; -+ goto out; -+ } -+ - /* add ipc mount */ - if (v2_spec->shm_path != NULL) { - // check whether duplication -diff --git a/src/daemon/modules/spec/specs_mount.h b/src/daemon/modules/spec/specs_mount.h -index b1e987e5..07c07a37 100644 ---- a/src/daemon/modules/spec/specs_mount.h -+++ b/src/daemon/modules/spec/specs_mount.h -@@ -41,4 +41,6 @@ bool mount_run_tmpfs(oci_runtime_spec *container, const host_config *host_spec, - - int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec); - -+int setup_ipc_dirs(host_config *host_spec, container_config_v2_common_config *v2_spec); -+ - #endif -diff --git a/test/image/oci/oci_config_merge/CMakeLists.txt b/test/image/oci/oci_config_merge/CMakeLists.txt -index 36dc3ead..88047fde 100644 ---- a/test/image/oci/oci_config_merge/CMakeLists.txt -+++ b/test/image/oci/oci_config_merge/CMakeLists.txt -@@ -13,6 +13,7 @@ add_executable(${EXE} - ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/utils_convert.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/utils_file.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/utils_timestamp.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/utils_fs.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/map/map.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/map/rb_tree.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/util_atomic.c -diff --git a/test/specs/specs/CMakeLists.txt b/test/specs/specs/CMakeLists.txt -index e0031e08..b730959c 100644 ---- a/test/specs/specs/CMakeLists.txt -+++ b/test/specs/specs/CMakeLists.txt -@@ -13,6 +13,7 @@ add_executable(${EXE} - ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_timestamp.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/util_atomic.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_mount_spec.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_fs.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/sha256/sha256.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/path.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/map.c -diff --git a/test/specs/specs_extend/CMakeLists.txt b/test/specs/specs_extend/CMakeLists.txt -index 45b21ecd..7d05deb4 100644 ---- a/test/specs/specs_extend/CMakeLists.txt -+++ b/test/specs/specs_extend/CMakeLists.txt -@@ -13,6 +13,7 @@ add_executable(${EXE} - ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_timestamp.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/util_atomic.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_mount_spec.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_fs.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/sha256/sha256.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/path.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/map.c --- -2.32.1 (Apple Git-133) - diff --git a/0021-set-the-name-of-each-container-and-image-operation-t.patch b/0021-set-the-name-of-each-container-and-image-operation-t.patch deleted file mode 100644 index 87466ac..0000000 --- a/0021-set-the-name-of-each-container-and-image-operation-t.patch +++ /dev/null @@ -1,338 +0,0 @@ -From 8878630c20163dc9b716e2fdc35cae23b8aec6d1 Mon Sep 17 00:00:00 2001 -From: wujing -Date: Tue, 14 Jun 2022 15:30:49 +0800 -Subject: [PATCH 21/30] set the name of each container and image operation - thread - -Signed-off-by: wujing ---- - .../connect/grpc/grpc_containers_service.cc | 54 +++++++++++++++++++ - .../entry/connect/grpc/grpc_images_service.cc | 16 ++++++ - 2 files changed, 70 insertions(+) - -diff --git a/src/daemon/entry/connect/grpc/grpc_containers_service.cc b/src/daemon/entry/connect/grpc/grpc_containers_service.cc -index f3066af4..62aeb05a 100644 ---- a/src/daemon/entry/connect/grpc/grpc_containers_service.cc -+++ b/src/daemon/entry/connect/grpc/grpc_containers_service.cc -@@ -153,6 +153,8 @@ Status ContainerServiceImpl::Version(ServerContext *context, const VersionReques - container_version_request *container_req = nullptr; - container_version_response *container_res = nullptr; - -+ prctl(PR_SET_NAME, "VersionOp"); -+ - auto status = GrpcServerTlsAuth::auth(context, "docker_version"); - if (!status.ok()) { - return status; -@@ -185,6 +187,8 @@ Status ContainerServiceImpl::Info(ServerContext *context, const InfoRequest *req - host_info_request *container_req = nullptr; - host_info_response *container_res = nullptr; - -+ prctl(PR_SET_NAME, "InfoOp"); -+ - auto status = GrpcServerTlsAuth::auth(context, "docker_info"); - if (!status.ok()) { - return status; -@@ -217,6 +221,8 @@ Status ContainerServiceImpl::Create(ServerContext *context, const CreateRequest - container_create_response *container_res = nullptr; - container_create_request *container_req = nullptr; - -+ prctl(PR_SET_NAME, "ContCreate"); -+ - auto status = GrpcServerTlsAuth::auth(context, "container_create"); - if (!status.ok()) { - return status; -@@ -249,6 +255,8 @@ Status ContainerServiceImpl::Start(ServerContext *context, const StartRequest *r - container_start_request *req = nullptr; - container_start_response *res = nullptr; - -+ prctl(PR_SET_NAME, "ContStart"); -+ - auto status = GrpcServerTlsAuth::auth(context, "container_start"); - if (!status.ok()) { - return status; -@@ -327,6 +335,8 @@ Status ContainerServiceImpl::RemoteStart(ServerContext *context, - container_start_response *container_res = nullptr; - sem_t sem; - -+ prctl(PR_SET_NAME, "ContRStart"); -+ - cb = get_service_executor(); - if (cb == nullptr || cb->container.start == nullptr) { - return Status(StatusCode::UNIMPLEMENTED, "Unimplemented callback"); -@@ -402,6 +412,8 @@ Status ContainerServiceImpl::Top(ServerContext *context, const TopRequest *reque - container_top_request *req = nullptr; - container_top_response *res = nullptr; - -+ prctl(PR_SET_NAME, "ContTop"); -+ - auto status = GrpcServerTlsAuth::auth(context, "container_top"); - if (!status.ok()) { - return status; -@@ -434,6 +446,8 @@ Status ContainerServiceImpl::Stop(ServerContext *context, const StopRequest *req - container_stop_request *container_req = nullptr; - container_stop_response *container_res = nullptr; - -+ prctl(PR_SET_NAME, "ContStop"); -+ - auto status = GrpcServerTlsAuth::auth(context, "container_stop"); - if (!status.ok()) { - return status; -@@ -466,6 +480,8 @@ Status ContainerServiceImpl::Restart(ServerContext *context, const RestartReques - container_restart_request *container_req = nullptr; - container_restart_response *container_res = nullptr; - -+ prctl(PR_SET_NAME, "ContRestart"); -+ - auto status = GrpcServerTlsAuth::auth(context, "container_restart"); - if (!status.ok()) { - return status; -@@ -498,6 +514,8 @@ Status ContainerServiceImpl::Kill(ServerContext *context, const KillRequest *req - container_kill_request *container_req = nullptr; - container_kill_response *container_res = nullptr; - -+ prctl(PR_SET_NAME, "ContKill"); -+ - auto status = GrpcServerTlsAuth::auth(context, "container_kill"); - if (!status.ok()) { - return status; -@@ -530,6 +548,8 @@ Status ContainerServiceImpl::Delete(ServerContext *context, const DeleteRequest - container_delete_request *container_req = nullptr; - container_delete_response *container_res = nullptr; - -+ prctl(PR_SET_NAME, "ContDelete"); -+ - auto status = GrpcServerTlsAuth::auth(context, "container_delete"); - if (!status.ok()) { - return status; -@@ -562,6 +582,8 @@ Status ContainerServiceImpl::Exec(ServerContext *context, const ExecRequest *req - container_exec_request *container_req = nullptr; - container_exec_response *container_res = nullptr; - -+ prctl(PR_SET_NAME, "ContExec"); -+ - auto status = GrpcServerTlsAuth::auth(context, "container_exec_create"); - if (!status.ok()) { - return status; -@@ -665,6 +687,8 @@ Status ContainerServiceImpl::RemoteExec(ServerContext *context, - container_exec_request *container_req = nullptr; - container_exec_response *container_res = nullptr; - -+ prctl(PR_SET_NAME, "ContRExec"); -+ - auto status = GrpcServerTlsAuth::auth(context, "container_exec_create"); - if (!status.ok()) { - return status; -@@ -739,6 +763,8 @@ Status ContainerServiceImpl::Inspect(ServerContext *context, const InspectContai - container_inspect_request *container_req = nullptr; - container_inspect_response *container_res = nullptr; - -+ prctl(PR_SET_NAME, "ContInspect"); -+ - Status status = GrpcServerTlsAuth::auth(context, "container_inspect"); - if (!status.ok()) { - return status; -@@ -772,6 +798,8 @@ Status ContainerServiceImpl::List(ServerContext *context, const ListRequest *req - container_list_request *container_req = nullptr; - container_list_response *container_res = nullptr; - -+ prctl(PR_SET_NAME, "ContList"); -+ - auto status = GrpcServerTlsAuth::auth(context, "container_list"); - if (!status.ok()) { - return status; -@@ -884,6 +912,8 @@ Status ContainerServiceImpl::Attach(ServerContext *context, ServerReaderWriter -Date: Tue, 14 Jun 2022 18:54:02 +0800 -Subject: [PATCH 22/30] set the name of each container and image operation - thread for restful version - -Signed-off-by: wujing ---- - .../connect/rest/rest_containers_service.c | 36 +++++++++++++++++++ - .../entry/connect/rest/rest_images_service.c | 19 ++++++++++ - 2 files changed, 55 insertions(+) - -diff --git a/src/daemon/entry/connect/rest/rest_containers_service.c b/src/daemon/entry/connect/rest/rest_containers_service.c -index a7c32500..9c822324 100644 ---- a/src/daemon/entry/connect/rest/rest_containers_service.c -+++ b/src/daemon/entry/connect/rest/rest_containers_service.c -@@ -522,6 +522,8 @@ static void rest_create_cb(evhtp_request_t *req, void *arg) - container_create_response *cresponse = NULL; - container_create_request *crequest = NULL; - -+ prctl(PR_SET_NAME, "ContCreate"); -+ - // only deal with POST request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); -@@ -557,6 +559,8 @@ static void rest_start_cb(evhtp_request_t *req, void *arg) - container_start_response *cresponse = NULL; - container_start_request *crequest = NULL; - -+ prctl(PR_SET_NAME, "ContStart"); -+ - // only deal with POST request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); -@@ -592,6 +596,8 @@ static void rest_wait_cb(evhtp_request_t *req, void *arg) - container_wait_request *crequest = NULL; - container_wait_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "ContWait"); -+ - // only deal with POST request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); -@@ -654,6 +660,8 @@ static void rest_stop_cb(evhtp_request_t *req, void *arg) - container_stop_request *crequest = NULL; - container_stop_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "ContStop"); -+ - // only deal with POST request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); -@@ -715,6 +723,8 @@ static void rest_restart_cb(evhtp_request_t *req, void *arg) - container_restart_request *crequest = NULL; - container_restart_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "ContRestart"); -+ - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); - return; -@@ -771,6 +781,8 @@ static void rest_version_cb(evhtp_request_t *req, void *arg) - container_version_request *crequest = NULL; - container_version_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "VersionOp"); -+ - // only deal with POST request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); -@@ -833,6 +845,8 @@ static void rest_info_cb(evhtp_request_t *req, void *arg) - host_info_request *crequest = NULL; - host_info_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "InfoOp"); -+ - // only deal with post request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); -@@ -896,6 +910,8 @@ static void rest_update_cb(evhtp_request_t *req, void *arg) - container_update_request *container_req = NULL; - container_update_response *container_res = NULL; - -+ prctl(PR_SET_NAME, "ContUpdate"); -+ - // only deal with POST request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); -@@ -957,6 +973,8 @@ static void rest_kill_cb(evhtp_request_t *req, void *arg) - container_kill_request *crequest = NULL; - container_kill_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "ContKill"); -+ - // only deal with POST request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); -@@ -1020,6 +1038,8 @@ static void rest_container_inspect_cb(evhtp_request_t *req, void *arg) - container_inspect_request *crequest = NULL; - container_inspect_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "ContInspect"); -+ - // only deal with POST request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); -@@ -1082,6 +1102,8 @@ static void rest_exec_cb(evhtp_request_t *req, void *arg) - container_exec_request *crequest = NULL; - container_exec_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "ContExec"); -+ - // only deal with POST request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); -@@ -1145,6 +1167,8 @@ static void rest_attach_cb(evhtp_request_t *req, void *arg) - container_attach_request *crequest = NULL; - container_attach_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "ContAttach"); -+ - // only deal with POST request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); -@@ -1206,6 +1230,8 @@ static void rest_remove_cb(evhtp_request_t *req, void *arg) - container_delete_request *crequest = NULL; - container_delete_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "ContRemove"); -+ - // only deal with POST request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); -@@ -1241,6 +1267,8 @@ static void rest_list_cb(evhtp_request_t *req, void *arg) - container_list_request *crequest = NULL; - container_list_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "ContList"); -+ - // only deal with POST request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); -@@ -1303,6 +1331,8 @@ static void rest_export_cb(evhtp_request_t *req, void *arg) - container_export_request *crequest = NULL; - container_export_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "ContExport"); -+ - // only deal with post request - if (evhtp_request_get_method(req) != htp_method_POST) { - ERROR("Only deal with post request"); -@@ -1367,6 +1397,8 @@ static void rest_pause_cb(evhtp_request_t *req, void *arg) - container_pause_request *crequest = NULL; - container_pause_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "ContPause"); -+ - // only deal with post request - if (evhtp_request_get_method(req) != htp_method_POST) { - ERROR("Only deal with post request: pause()"); -@@ -1431,6 +1463,8 @@ static void rest_resume_cb(evhtp_request_t *req, void *arg) - container_resume_request *crequest = NULL; - container_resume_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "ContResume"); -+ - // only deal with post request - if (evhtp_request_get_method(req) != htp_method_POST) { - ERROR("Only deal with post request: resume()"); -@@ -1501,6 +1535,8 @@ static void rest_rename_cb(evhtp_request_t *req, void *arg) - struct isulad_container_rename_request isuladreq = { 0 }; - struct isulad_container_rename_response *isuladres = NULL; - -+ prctl(PR_SET_NAME, "ContRename"); -+ - // only deal with post request - if (evhtp_request_get_method(req) != htp_method_POST) { - ERROR("Only deal with post request: rename()"); -diff --git a/src/daemon/entry/connect/rest/rest_images_service.c b/src/daemon/entry/connect/rest/rest_images_service.c -index 7107d255..bd367f29 100644 ---- a/src/daemon/entry/connect/rest/rest_images_service.c -+++ b/src/daemon/entry/connect/rest/rest_images_service.c -@@ -14,6 +14,7 @@ - ******************************************************************************/ - #include "rest_images_service.h" - #include -+#include - - #include "isula_libutils/log.h" - #include "callback.h" -@@ -276,6 +277,8 @@ static void rest_image_load_cb(evhtp_request_t *req, void *arg) - image_load_image_request *crequest = NULL; - image_load_image_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "ImageLoad"); -+ - // only deal with POST request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); -@@ -311,6 +314,8 @@ static void rest_image_list_cb(evhtp_request_t *req, void *arg) - image_list_images_request *crequest = NULL; - image_list_images_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "ImageList"); -+ - // only deal with POST request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); -@@ -346,6 +351,8 @@ static void rest_image_delete_cb(evhtp_request_t *req, void *arg) - image_delete_image_request *crequest = NULL; - image_delete_image_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "ImageDelete"); -+ - // only deal with POST request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); -@@ -381,6 +388,8 @@ static void rest_image_inspect_cb(evhtp_request_t *req, void *arg) - image_inspect_request *crequest = NULL; - image_inspect_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "ImageInspect"); -+ - // only deal with POST request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); -@@ -481,6 +490,8 @@ static void rest_image_pull_cb(evhtp_request_t *req, void *arg) - image_pull_image_request *crequest = NULL; - image_pull_image_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "ImagePull"); -+ - // only deal with POST request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); -@@ -592,6 +603,8 @@ static void rest_image_login_cb(evhtp_request_t *req, void *arg) - image_login_request *crequest = NULL; - image_login_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "RegistryLogin"); -+ - // only deal with POST request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); -@@ -686,6 +699,8 @@ static void rest_image_logout_cb(evhtp_request_t *req, void *arg) - image_logout_request *crequest = NULL; - image_logout_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "RegistryLogout"); -+ - // only deal with POST request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); -@@ -769,6 +784,8 @@ static void rest_image_tag_cb(evhtp_request_t *req, void *arg) - image_tag_image_request *crequest = NULL; - image_tag_image_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "ImageTag"); -+ - // only deal with POST request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); -@@ -852,6 +869,8 @@ static void rest_image_import_cb(evhtp_request_t *req, void *arg) - image_import_request *crequest = NULL; - image_import_response *cresponse = NULL; - -+ prctl(PR_SET_NAME, "ImageImport"); -+ - // only deal with POST request - if (evhtp_request_get_method(req) != htp_method_POST) { - evhtp_send_reply(req, RESTFUL_RES_NOTIMPL); --- -2.32.1 (Apple Git-133) - diff --git a/0023-fix-inspect-f-error-when-bionic.patch b/0023-fix-inspect-f-error-when-bionic.patch deleted file mode 100644 index 823cb7c..0000000 --- a/0023-fix-inspect-f-error-when-bionic.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 59557dbd1b4d0bde973941d383a30a7b9e0d63d4 Mon Sep 17 00:00:00 2001 -From: WangFengTu -Date: Thu, 16 Jun 2022 09:16:47 +0800 -Subject: [PATCH 23/30] fix inspect -f error when bionic - -Signed-off-by: WangFengTu ---- - src/cmd/isula/information/inspect.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/cmd/isula/information/inspect.c b/src/cmd/isula/information/inspect.c -index 5058fb95..55366551 100644 ---- a/src/cmd/isula/information/inspect.c -+++ b/src/cmd/isula/information/inspect.c -@@ -667,12 +667,12 @@ static int inspect_check(const char *json_str, const char *regex) - static int inspect_check_format_f(const char *json_str, bool *json_format) - { - #ifdef __ANDROID__ --#define JSON_FORMAT_FIRST "^[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*(json[ \t\r\n\v\f]+)?(\\.\\w+)+[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*$" -+#define JSON_FORMAT_FIRST "^[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*(json[ \t\r\n\v\f]+)?(\\.[a-zA-Z0-9_]+)+[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*$" - #else - #define JSON_FORMAT_FIRST "^\\s*\\{\\s*\\{\\s*(json\\s+)?(\\.\\w+)+\\s*\\}\\s*\\}\\s*$" - #endif - #ifdef __ANDROID__ --#define JSON_FORMAT_SECOND "^[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*json[ \t\r\n\v\f]+(\\.\\w+)+[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*$" -+#define JSON_FORMAT_SECOND "^[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*json[ \t\r\n\v\f]+(\\.[a-zA-Z0-9_]+)+[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*$" - #else - #define JSON_FORMAT_SECOND "^\\s*\\{\\s*\\{\\s*json\\s+(\\.\\w+)+\\s*\\}\\s*\\}\\s*$" - #endif --- -2.32.1 (Apple Git-133) - diff --git a/0024-refactor-devmapper_parse_options-function.patch b/0024-refactor-devmapper_parse_options-function.patch deleted file mode 100644 index fa49542..0000000 --- a/0024-refactor-devmapper_parse_options-function.patch +++ /dev/null @@ -1,289 +0,0 @@ -From 4c945810da8c645eb048e5fbb3a195da855bdcf7 Mon Sep 17 00:00:00 2001 -From: wujing -Date: Sat, 14 May 2022 17:13:26 +0800 -Subject: [PATCH 24/30] refactor devmapper_parse_options function - -Signed-off-by: wujing ---- - .../graphdriver/devmapper/deviceset.c | 242 ++++++++++++------ - 1 file changed, 157 insertions(+), 85 deletions(-) - -diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c -index d90dde50..868e3086 100644 ---- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c -+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c -@@ -65,9 +65,147 @@ static char *util_trim_prefice_string(char *str, const char *prefix) - return str; - } - -+typedef int (*devmapper_option_handle)(char *val, struct device_set *devset); -+ -+struct devmapper_option_handler { -+ char *name; -+ devmapper_option_handle handle; -+}; -+ -+static int handle_dm_fs(char *val, struct device_set *devset) -+{ -+ if (strcmp(val, "ext4") == 0) { -+ free(devset->filesystem); -+ devset->filesystem = util_strdup_s(val); -+ } else { -+ ERROR("Invalid filesystem: '%s': not supported", val); -+ isulad_set_error_message("Invalid filesystem: '%s': not supported", val); -+ return -1; -+ } -+ -+ return 0; -+} -+ -+static int handle_dm_thinpooldev(char *val, struct device_set *devset) -+{ -+ char *tmp_val = NULL; -+ -+ if (!util_valid_str(val)) { -+ ERROR("Invalid thinpool device, it must not be empty"); -+ isulad_set_error_message("Invalid thinpool device, it must not be empty"); -+ return -1; -+ } -+ tmp_val = util_trim_prefice_string(val, "/dev/mapper/"); -+ devset->thin_pool_device = util_strdup_s(tmp_val); -+ -+ return 0; -+} -+ -+static int handle_dm_min_free_space(char *val, struct device_set *devset) -+{ -+ long converted = 0; -+ int ret = util_parse_percent_string(val, &converted); -+ -+ if (ret != 0 || converted >= 100) { -+ ERROR("Invalid min free space: '%s': %s", val, strerror(-ret)); -+ isulad_set_error_message("Invalid min free space: '%s': %s", val, strerror(-ret)); -+ return -1; -+ } -+ devset->min_free_space_percent = (uint32_t)converted; -+ -+ return 0; -+} -+ -+static int handle_dm_basesize(char *val, struct device_set *devset) -+{ -+ int64_t converted = 0; -+ int ret = util_parse_byte_size_string(val, &converted); -+ -+ if (ret != 0) { -+ ERROR("Invalid size: '%s': %s", val, strerror(-ret)); -+ isulad_set_error_message("Invalid size: '%s': %s", val, strerror(-ret)); -+ return -1; -+ } -+ if (converted <= 0) { -+ ERROR("dm.basesize is lower than zero"); -+ isulad_set_error_message("dm.basesize is lower than zero"); -+ return -1; -+ } -+ devset->user_base_size = true; -+ devset->base_fs_size = (uint64_t)converted; -+ -+ return 0; -+} -+ -+static int handle_dm_mkfsarg(char *val, struct device_set *devset) -+{ -+ if (!util_valid_str(val)) { -+ ERROR("Invalid dm.mkfsarg value"); -+ isulad_set_error_message("Invalid dm.mkfsarg value"); -+ return -1; -+ } -+ if (util_array_append(&devset->mkfs_args, val) != 0) { -+ ERROR("Out of memory"); -+ return -1; -+ } -+ devset->mkfs_args_len++; -+ -+ return 0; -+} -+ -+static int handle_dm_mountopt(char *val, struct device_set *devset) -+{ -+ if (!util_valid_str(val)) { -+ ERROR("Invalid dm.mountopt or devicemapper.mountopt value"); -+ isulad_set_error_message("Invalid dm.mountopt or devicemapper.mountopt value"); -+ return -1; -+ } -+ devset->mount_options = util_strdup_s(val); -+ -+ return 0; -+} -+ -+static int devmapper_option_exact(const char *name, char *val, struct device_set *devset) -+{ -+ size_t i = 0; -+ bool found = false; -+ -+ struct devmapper_option_handler handler_jump_table[] = { -+ { "dm.fs", handle_dm_fs }, -+ { "dm.thinpooldev", handle_dm_thinpooldev }, -+ { "dm.min_free_space", handle_dm_min_free_space }, -+ { "dm.basesize", handle_dm_basesize }, -+ { "dm.mkfsarg", handle_dm_mkfsarg }, -+ { "dm.mountopt", handle_dm_mountopt }, -+ { "devicemapper.mountopt", handle_dm_mountopt }, -+ }; -+ -+ for (i = 0; i < sizeof(handler_jump_table)/sizeof(handler_jump_table[0]); i++) { -+ if (strcmp(handler_jump_table[i].name, name) != 0) { -+ continue; -+ } -+ found = true; -+ if (handler_jump_table[i].handle(val, devset) != 0) { -+ ERROR("Failed to handle %s option with %s", name, val); -+ return -1; -+ } -+ break; -+ } -+ -+ if (!found) { -+ ERROR("devicemapper: unknown option: '%s'", name); -+ isulad_set_error_message("devicemapper: unknown option: '%s'", name); -+ return -1; -+ } -+ -+ return 0; -+} -+ - static int devmapper_parse_options(struct device_set *devset, const char **options, size_t options_len) - { -+ int ret = 0; - size_t i = 0; -+ char *dup_option = NULL; - - if (devset == NULL) { - ERROR("Invalid input params"); -@@ -75,104 +213,38 @@ static int devmapper_parse_options(struct device_set *devset, const char **optio - } - - for (i = 0; options != NULL && i < options_len; i++) { -- char *dup = NULL; - char *val = NULL; -- char *tmp_val = NULL; -- int ret = 0; -- int nret = 0; - -- dup = util_strdup_s(options[i]); -- if (dup == NULL) { -+ dup_option = util_strdup_s(options[i]); -+ if (dup_option == NULL) { - ERROR("Out of memory"); - return -1; - } - -- val = strchr(dup, '='); -+ val = strchr(dup_option, '='); - if (val == NULL) { -- ERROR("Unable to parse key/value option: '%s'", dup); -- isulad_set_error_message("Unable to parse key/value option: '%s'", dup); -- free(dup); -- return -1; -+ ERROR("Unable to parse key/value option: '%s'", dup_option); -+ isulad_set_error_message("Unable to parse key/value option: '%s'", dup_option); -+ ret = -1; -+ goto out; - } -+ - *val = '\0'; - val++; -- if (strcasecmp(dup, "dm.fs") == 0) { -- if (strcmp(val, "ext4") == 0) { -- free(devset->filesystem); -- devset->filesystem = util_strdup_s(val); -- } else { -- ERROR("Invalid filesystem: '%s': not supported", val); -- isulad_set_error_message("Invalid filesystem: '%s': not supported", val); -- ret = -1; -- } -- } else if (strcasecmp(dup, "dm.thinpooldev") == 0) { -- if (!util_valid_str(val)) { -- ERROR("Invalid thinpool device, it must not be empty"); -- isulad_set_error_message("Invalid thinpool device, it must not be empty"); -- ret = -1; -- goto out; -- } -- tmp_val = util_trim_prefice_string(val, "/dev/mapper/"); -- devset->thin_pool_device = util_strdup_s(tmp_val); -- } else if (strcasecmp(dup, "dm.min_free_space") == 0) { -- long converted = 0; -- ret = util_parse_percent_string(val, &converted); -- if (ret != 0 || converted >= 100) { -- ERROR("Invalid min free space: '%s': %s", val, strerror(-ret)); -- isulad_set_error_message("Invalid min free space: '%s': %s", val, strerror(-ret)); -- ret = -1; -- goto out; -- } -- devset->min_free_space_percent = (uint32_t)converted; -- } else if (strcasecmp(dup, "dm.basesize") == 0) { -- int64_t converted = 0; -- ret = util_parse_byte_size_string(val, &converted); -- if (ret != 0) { -- ERROR("Invalid size: '%s': %s", val, strerror(-ret)); -- isulad_set_error_message("Invalid size: '%s': %s", val, strerror(-ret)); -- ret = -1; -- goto out; -- } -- if (converted <= 0) { -- ERROR("dm.basesize is lower than zero"); -- isulad_set_error_message("dm.basesize is lower than zero"); -- ret = -1; -- goto out; -- } -- devset->user_base_size = true; -- devset->base_fs_size = (uint64_t)converted; -- } else if (strcasecmp(dup, "dm.mkfsarg") == 0) { -- if (!util_valid_str(val)) { -- ERROR("Invalid dm.mkfsarg value"); -- isulad_set_error_message("Invalid dm.mkfsarg value"); -- ret = -1; -- goto out; -- } -- nret = util_array_append(&devset->mkfs_args, val); -- if (nret != 0) { -- ERROR("Out of memory"); -- ret = -1; -- goto out; -- } -- devset->mkfs_args_len++; -- } else if (strcasecmp(dup, "dm.mountopt") == 0 || strcasecmp(dup, "devicemapper.mountopt") == 0) { -- if (!util_valid_str(val)) { -- ERROR("Invalid dm.mountopt or devicemapper.mountopt value"); -- isulad_set_error_message("Invalid dm.mountopt or devicemapper.mountopt value"); -- ret = -1; -- goto out; -- } -- devset->mount_options = util_strdup_s(val); -- } else { -- ERROR("devicemapper: unknown option: '%s'", dup); -- isulad_set_error_message("devicemapper: unknown option: '%s'", dup); -+ -+ if (devmapper_option_exact(dup_option, val, devset) != 0) { -+ ERROR("Failed to exact devmapper option: %s", dup_option); - ret = -1; -+ goto out; - } -+ -+ free(dup_option); -+ } -+ - out: -- free(dup); -- if (ret != 0) { -- return ret; -- } -+ free(dup_option); -+ if (ret != 0) { -+ return ret; - } - - return 0; --- -2.32.1 (Apple Git-133) - diff --git a/0025-refactor-parse_volume-function.patch b/0025-refactor-parse_volume-function.patch deleted file mode 100644 index 02ae3db..0000000 --- a/0025-refactor-parse_volume-function.patch +++ /dev/null @@ -1,153 +0,0 @@ -From 4df32783e4a665bd639f8b3ccd1b8860614eefb3 Mon Sep 17 00:00:00 2001 -From: wujing -Date: Sat, 14 May 2022 15:33:33 +0800 -Subject: [PATCH 25/30] refactor parse_volume function - -Signed-off-by: wujing ---- - src/daemon/modules/spec/parse_volume.c | 91 ++++++++++++++------------ - 1 file changed, 50 insertions(+), 41 deletions(-) - -diff --git a/src/daemon/modules/spec/parse_volume.c b/src/daemon/modules/spec/parse_volume.c -index ef2d58e4..3afa0962 100644 ---- a/src/daemon/modules/spec/parse_volume.c -+++ b/src/daemon/modules/spec/parse_volume.c -@@ -341,22 +341,60 @@ static int check_volume_element(const char *volume) - return ret; - } - -+static int set_volume_element_options(defs_mount *mount_element, const char **modes) -+{ -+ const size_t max_options_len = 4; -+ size_t options_len = 0; -+ size_t i = 0; -+ bool with_rw = false; -+ bool with_pro = false; -+ bool with_label = false; -+ -+ mount_element->options = util_common_calloc_s(max_options_len * sizeof(char *)); -+ if (mount_element->options == NULL) { -+ ERROR("Out of memory"); -+ return -1; -+ } -+ -+ options_len = util_array_len((const char **)modes); -+ if (options_len > max_options_len) { -+ ERROR("Invalid volume element options"); -+ return -1; -+ } -+ -+ for (i = 0; i < options_len; i++) { -+ if (util_valid_rw_mode(modes[i])) { -+ with_rw = true; -+ mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]); -+ } else if (util_valid_propagation_mode(modes[i])) { -+ with_pro = true; -+ mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]); -+ } else if (util_valid_label_mode(modes[i])) { -+ with_label = true; -+ mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]); -+ } else if (util_valid_copy_mode(modes[i])) { -+ mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]); -+ } -+ } -+ -+ if (append_default_mount_options(mount_element, with_rw, with_pro, with_label) != 0) { -+ ERROR("Failed to append default mount options"); -+ return -1; -+ } -+ -+ return 0; -+} -+ - defs_mount *parse_volume(const char *volume) - { - int ret = 0; -- size_t i = 0; -- size_t mlen = 0; - defs_mount *mount_element = NULL; - char **modes = NULL; - char path[PATH_MAX] = { 0x00 }; -- char *rw = NULL; -- char *pro = NULL; -- char *label = NULL; -- size_t max_options_len = 4; -- char *nocopy = NULL; - - ret = check_volume_element(volume); - if (ret != 0) { -+ ERROR("Invalid volume element"); - goto free_out; - } - -@@ -368,22 +406,10 @@ defs_mount *parse_volume(const char *volume) - - ret = get_src_dst_mode_by_volume(volume, mount_element, &modes); - if (ret != 0) { -+ ERROR("Failed to parse volume"); - goto free_out; - } - -- mlen = util_array_len((const char **)modes); -- for (i = 0; i < mlen; i++) { -- if (util_valid_rw_mode(modes[i])) { -- rw = modes[i]; -- } else if (util_valid_propagation_mode(modes[i])) { -- pro = modes[i]; -- } else if (util_valid_label_mode(modes[i])) { -- label = modes[i]; -- } else if (util_valid_copy_mode(modes[i])) { -- nocopy = modes[i]; -- } -- } -- - if (!util_clean_path(mount_element->destination, path, sizeof(path))) { - ERROR("Failed to get clean path"); - ret = -1; -@@ -402,25 +428,6 @@ defs_mount *parse_volume(const char *volume) - mount_element->source = util_strdup_s(path); - } - -- mount_element->options = util_common_calloc_s(max_options_len * sizeof(char *)); -- if (mount_element->options == NULL) { -- ERROR("Out of memory"); -- mount_element->options_len = 0; -- ret = -1; -- goto free_out; -- } -- if (rw != NULL) { -- mount_element->options[mount_element->options_len++] = util_strdup_s(rw); -- } -- if (pro != NULL) { -- mount_element->options[mount_element->options_len++] = util_strdup_s(pro); -- } -- if (label != NULL) { -- mount_element->options[mount_element->options_len++] = util_strdup_s(label); -- } -- if (nocopy != NULL) { -- mount_element->options[mount_element->options_len++] = util_strdup_s(nocopy); -- } - if (mount_element->source != NULL && mount_element->source[0] == '/') { - mount_element->type = util_strdup_s(MOUNT_TYPE_BIND); - } else { -@@ -430,13 +437,15 @@ defs_mount *parse_volume(const char *volume) - } - } - -- ret = check_mount_element(volume, mount_element); -+ ret = set_volume_element_options(mount_element, (const char **)modes); - if (ret != 0) { -+ ERROR("Failed to set volume element options"); - goto free_out; - } - -- ret = append_default_mount_options(mount_element, rw != NULL, pro != NULL, label != NULL); -+ ret = check_mount_element(volume, mount_element); - if (ret != 0) { -+ ERROR("Invalid mount element"); - goto free_out; - } - --- -2.32.1 (Apple Git-133) - diff --git a/0026-fix-parse-volume-failed.patch b/0026-fix-parse-volume-failed.patch deleted file mode 100644 index 8f40e34..0000000 --- a/0026-fix-parse-volume-failed.patch +++ /dev/null @@ -1,93 +0,0 @@ -From fdb731d7a272eb1574ef31b058beffbefffa1eb2 Mon Sep 17 00:00:00 2001 -From: zhangxiaoyu -Date: Wed, 18 May 2022 10:30:35 +0800 -Subject: [PATCH 26/30] fix parse volume failed - -Signed-off-by: zhangxiaoyu ---- - src/daemon/modules/spec/parse_volume.c | 28 ++++++++++++++------------ - 1 file changed, 15 insertions(+), 13 deletions(-) - -diff --git a/src/daemon/modules/spec/parse_volume.c b/src/daemon/modules/spec/parse_volume.c -index 3afa0962..7b02f6ca 100644 ---- a/src/daemon/modules/spec/parse_volume.c -+++ b/src/daemon/modules/spec/parse_volume.c -@@ -341,14 +341,12 @@ static int check_volume_element(const char *volume) - return ret; - } - --static int set_volume_element_options(defs_mount *mount_element, const char **modes) -+static int set_volume_element_options(defs_mount *mount_element, const char **modes, bool *with_rw, -+ bool *with_pro, bool *with_label) - { - const size_t max_options_len = 4; - size_t options_len = 0; - size_t i = 0; -- bool with_rw = false; -- bool with_pro = false; -- bool with_label = false; - - mount_element->options = util_common_calloc_s(max_options_len * sizeof(char *)); - if (mount_element->options == NULL) { -@@ -364,30 +362,28 @@ static int set_volume_element_options(defs_mount *mount_element, const char **mo - - for (i = 0; i < options_len; i++) { - if (util_valid_rw_mode(modes[i])) { -- with_rw = true; -+ *with_rw = true; - mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]); - } else if (util_valid_propagation_mode(modes[i])) { -- with_pro = true; -+ *with_pro = true; - mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]); - } else if (util_valid_label_mode(modes[i])) { -- with_label = true; -+ *with_label = true; - mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]); - } else if (util_valid_copy_mode(modes[i])) { - mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]); - } - } - -- if (append_default_mount_options(mount_element, with_rw, with_pro, with_label) != 0) { -- ERROR("Failed to append default mount options"); -- return -1; -- } -- - return 0; - } - - defs_mount *parse_volume(const char *volume) - { - int ret = 0; -+ bool with_rw = false; -+ bool with_pro = false; -+ bool with_label = false; - defs_mount *mount_element = NULL; - char **modes = NULL; - char path[PATH_MAX] = { 0x00 }; -@@ -437,7 +433,7 @@ defs_mount *parse_volume(const char *volume) - } - } - -- ret = set_volume_element_options(mount_element, (const char **)modes); -+ ret = set_volume_element_options(mount_element, (const char **)modes, &with_rw, &with_pro, &with_label); - if (ret != 0) { - ERROR("Failed to set volume element options"); - goto free_out; -@@ -449,6 +445,12 @@ defs_mount *parse_volume(const char *volume) - goto free_out; - } - -+ ret = append_default_mount_options(mount_element, with_rw, with_pro, with_label); -+ if (ret != 0) { -+ ERROR("Failed to append default mount options"); -+ goto free_out; -+ } -+ - free_out: - util_free_array(modes); - if (ret != 0) { --- -2.32.1 (Apple Git-133) - diff --git a/0027-use-util_smart_calloc_t-to-prevent-overflow.patch b/0027-use-util_smart_calloc_t-to-prevent-overflow.patch deleted file mode 100644 index fcceed6..0000000 --- a/0027-use-util_smart_calloc_t-to-prevent-overflow.patch +++ /dev/null @@ -1,2106 +0,0 @@ -From 7eda716c55d2247a79519a9f0a0950878eca6bf2 Mon Sep 17 00:00:00 2001 -From: wujing -Date: Thu, 16 Jun 2022 19:53:11 +0800 -Subject: [PATCH 27/30] use util_smart_calloc_t to prevent overflow - -Signed-off-by: wujing ---- - .../connect/grpc/grpc_containers_client.cc | 6 +- - src/client/connect/grpc/grpc_images_client.cc | 2 +- - .../connect/grpc/grpc_volumes_client.cc | 2 +- - src/client/connect/protocol_type.c | 4 +- - .../connect/rest/rest_containers_client.c | 39 ++++-------- - src/client/connect/rest/rest_images_client.c | 19 +++--- - src/cmd/isula/base/create.c | 9 +-- - src/cmd/isula/information/inspect.c | 6 +- - src/cmd/isula/isula_container_spec.c | 15 +---- - src/cmd/isula/isula_host_spec.c | 30 ++-------- - src/cmd/isula/stream/exec.c | 2 +- - src/cmd/isulad/isulad_commands.c | 5 +- - src/daemon/common/events_format.c | 2 +- - src/daemon/config/daemon_arguments.c | 8 +-- - src/daemon/config/isulad_config.c | 11 ++-- - .../grpc/grpc_containers_service_private.cc | 31 ++-------- - .../entry/connect/grpc/grpc_images_service.cc | 9 +-- - src/daemon/entry/cri/checkpoint_handler.cc | 6 +- - src/daemon/entry/cri/cri_helpers.cc | 32 +++------- - src/daemon/entry/cri/cri_security_context.cc | 12 +--- - .../entry/cri/websocket/service/exec_serve.cc | 8 +-- - .../executor/container_cb/execution_create.c | 12 +--- - .../executor/container_cb/execution_extend.c | 6 +- - .../container_cb/execution_information.c | 23 ++------ - src/daemon/executor/container_cb/list.c | 9 +-- - src/daemon/executor/image_cb/image_cb.c | 12 +--- - .../modules/container/container_state.c | 7 +-- - src/daemon/modules/container/container_unix.c | 7 +-- - .../modules/container/containers_store.c | 6 +- - .../container/health_check/health_check.c | 17 +++--- - .../modules/image/embedded/embedded_image.c | 8 +-- - .../modules/image/oci/oci_config_merge.c | 15 +---- - src/daemon/modules/image/oci/oci_load.c | 10 ++-- - src/daemon/modules/image/oci/registry/auths.c | 2 +- - .../modules/image/oci/registry/registry.c | 37 ++++++------ - .../oci/storage/image_store/image_store.c | 6 +- - src/daemon/modules/image/oci/utils_images.c | 4 +- - src/daemon/modules/plugin/plugin.c | 7 +-- - .../modules/runtime/engines/lcr/lcr_rt_ops.c | 2 +- - .../modules/service/inspect_container.c | 20 +------ - src/daemon/modules/service/io_handler.c | 35 ++++++----- - .../modules/service/service_container.c | 2 +- - src/daemon/modules/spec/parse_volume.c | 6 +- - src/daemon/modules/spec/specs.c | 6 +- - src/daemon/modules/spec/specs_mount.c | 15 ++--- - src/daemon/modules/spec/specs_security.c | 59 ++++++------------- - src/daemon/modules/spec/verify.c | 10 +--- - src/daemon/modules/volume/local.c | 17 +++--- - src/daemon/modules/volume/volume.c | 4 +- - src/utils/console/console.c | 7 +-- - src/utils/cutils/utils_array.c | 16 ++--- - src/utils/cutils/utils_string.c | 14 +---- - .../oci_config_merge/oci_config_merge_ut.cc | 2 - - 53 files changed, 198 insertions(+), 463 deletions(-) - -diff --git a/src/client/connect/grpc/grpc_containers_client.cc b/src/client/connect/grpc/grpc_containers_client.cc -index ebe71df9..85cafe9b 100644 ---- a/src/client/connect/grpc/grpc_containers_client.cc -+++ b/src/client/connect/grpc/grpc_containers_client.cc -@@ -495,7 +495,7 @@ public: - ERROR("Too many summary info!"); - return -1; - } -- response->processes = static_cast(util_common_calloc_s(num * sizeof(char *))); -+ response->processes = static_cast(util_smart_calloc_s(sizeof(char *), num)); - if (response->processes == nullptr) { - ERROR("out of memory"); - response->cc = ISULAD_ERR_MEMOUT; -@@ -1666,8 +1666,8 @@ public: - { - int size = gresponse->containers_size(); - if (size > 0) { -- response->container_stats = static_cast( -- util_common_calloc_s(size * sizeof(struct isula_container_info))); -+ response->container_stats = -+ static_cast(util_smart_calloc_s(sizeof(struct isula_container_info), size)); - if (response->container_stats == nullptr) { - ERROR("Out of memory"); - return -1; -diff --git a/src/client/connect/grpc/grpc_images_client.cc b/src/client/connect/grpc/grpc_images_client.cc -index 50265e04..9424a90a 100644 ---- a/src/client/connect/grpc/grpc_images_client.cc -+++ b/src/client/connect/grpc/grpc_images_client.cc -@@ -71,7 +71,7 @@ public: - response->cc = ISULAD_ERR_MEMOUT; - return -1; - } -- images_list = (struct isula_image_info *)util_common_calloc_s(sizeof(struct isula_image_info) * (size_t)num); -+ images_list = (struct isula_image_info *)util_smart_calloc_s(sizeof(struct isula_image_info), (size_t)num); - if (images_list == nullptr) { - ERROR("out of memory"); - response->cc = ISULAD_ERR_MEMOUT; -diff --git a/src/client/connect/grpc/grpc_volumes_client.cc b/src/client/connect/grpc/grpc_volumes_client.cc -index 902e8a13..32b83a9e 100644 ---- a/src/client/connect/grpc/grpc_volumes_client.cc -+++ b/src/client/connect/grpc/grpc_volumes_client.cc -@@ -156,7 +156,7 @@ public: - { - auto size = gresponse->volumes_size(); - if (size != 0) { -- response->volumes = static_cast(util_common_calloc_s(sizeof(char *) * size)); -+ response->volumes = static_cast(util_smart_calloc_s(sizeof(char *), size)); - if (response->volumes == nullptr) { - return -1; - } -diff --git a/src/client/connect/protocol_type.c b/src/client/connect/protocol_type.c -index af582abf..713c69cb 100644 ---- a/src/client/connect/protocol_type.c -+++ b/src/client/connect/protocol_type.c -@@ -63,12 +63,12 @@ struct isula_filters *isula_filters_parse_args(const char **array, size_t len) - return NULL; - } - -- filters->keys = util_common_calloc_s(sizeof(char *) * len); -+ filters->keys = util_smart_calloc_s(sizeof(char *), len); - if (filters->keys == NULL) { - ERROR("Out of memory"); - goto cleanup; - } -- filters->values = util_common_calloc_s(sizeof(char *) * len); -+ filters->values = util_smart_calloc_s(sizeof(char *), len); - if (filters->values == NULL) { - free(filters->keys); - filters->keys = NULL; -diff --git a/src/client/connect/rest/rest_containers_client.c b/src/client/connect/rest/rest_containers_client.c -index 04fb414d..61dcd54c 100644 ---- a/src/client/connect/rest/rest_containers_client.c -+++ b/src/client/connect/rest/rest_containers_client.c -@@ -142,18 +142,13 @@ static int list_request_to_rest(const struct isula_list_request *ll_request, cha - } - - len = ll_request->filters->len; -- if (len > SIZE_MAX / sizeof(char *)) { -- ERROR("Too many filters"); -- ret = -1; -- goto out; -- } -- crequest->filters->keys = (char **)util_common_calloc_s(len * sizeof(char *)); -+ crequest->filters->keys = (char **)util_smart_calloc_s(sizeof(char *), len); - if (crequest->filters->keys == NULL) { - ERROR("Out of memory"); - ret = -1; - goto out; - } -- crequest->filters->values = (json_map_string_bool **)util_common_calloc_s(len * sizeof(json_map_string_bool *)); -+ crequest->filters->values = (json_map_string_bool **)util_smart_calloc_s(sizeof(json_map_string_bool *), len); - if (crequest->filters->values == NULL) { - ERROR("Out of memory"); - free(crequest->filters->keys); -@@ -385,12 +380,8 @@ static int unpack_container_info_for_list_response(container_list_response *cres - if (num == 0) { - return 0; - } -- if (num > SIZE_MAX / sizeof(struct isula_container_summary_info *)) { -- ERROR("Too many container summaries"); -- return -1; -- } -- summary_info = (struct isula_container_summary_info **)util_common_calloc_s( -- sizeof(struct isula_container_summary_info *) * num); -+ summary_info = (struct isula_container_summary_info **)util_smart_calloc_s( -+ sizeof(struct isula_container_summary_info *), num); - if (summary_info == NULL) { - ERROR("out of memory"); - return -1; -@@ -428,8 +419,8 @@ static int unpack_container_info_for_list_response(container_list_response *cres - summary_info[i]->exit_code = cresponse->containers[i]->exit_code; - summary_info[i]->restart_count = (unsigned int)cresponse->containers[i]->restartcount; - summary_info[i]->created = cresponse->containers[i]->created; -- summary_info[i]->health_state = cresponse->containers[i]->health_state ? -- util_strdup_s(cresponse->containers[i]->health_state) : NULL; -+ summary_info[i]->health_state = -+ cresponse->containers[i]->health_state ? util_strdup_s(cresponse->containers[i]->health_state) : NULL; - } - - return 0; -@@ -1632,12 +1623,7 @@ static int exec_request_to_rest(const struct isula_exec_request *le_request, cha - - int i = 0; - if (le_request->argc > 0) { -- if ((size_t)le_request->argc > SIZE_MAX / sizeof(char *)) { -- ERROR("Too many arguments!"); -- ret = -1; -- goto out; -- } -- crequest->argv = (char **)util_common_calloc_s(sizeof(char *) * (size_t)le_request->argc); -+ crequest->argv = (char **)util_smart_calloc_s(sizeof(char *), (size_t)le_request->argc); - if (crequest->argv == NULL) { - ERROR("Out of memory"); - ret = -1; -@@ -1649,12 +1635,7 @@ static int exec_request_to_rest(const struct isula_exec_request *le_request, cha - crequest->argv_len = (size_t)le_request->argc; - } - if (le_request->env_len > 0) { -- if ((size_t)le_request->env_len > SIZE_MAX / sizeof(char *)) { -- ERROR("Too many environmental variables!"); -- ret = -1; -- goto out; -- } -- crequest->env = (char **)util_common_calloc_s(sizeof(char *) * (size_t)le_request->env_len); -+ crequest->env = (char **)util_smart_calloc_s(sizeof(char *), (size_t)le_request->env_len); - if (crequest->env == NULL) { - ERROR("Out of memory"); - ret = -1; -@@ -1865,8 +1846,8 @@ out: - } - - /* rest container info */ --static int rest_container_info(const struct isula_info_request *li_request, -- struct isula_info_response *li_response, void *arg) -+static int rest_container_info(const struct isula_info_request *li_request, struct isula_info_response *li_response, -+ void *arg) - { - char *body = NULL; - int ret = 0; -diff --git a/src/client/connect/rest/rest_images_client.c b/src/client/connect/rest/rest_images_client.c -index c2fc17f1..c7ab78cc 100644 ---- a/src/client/connect/rest/rest_images_client.c -+++ b/src/client/connect/rest/rest_images_client.c -@@ -122,9 +122,9 @@ static int unpack_image_info_to_list_response(image_list_images_response *crespo - } - - num = cresponse->images_len; -- if (num > 0 && (num < (SIZE_MAX / sizeof(struct isula_image_info)))) { -+ if (num > 0) { - size_t i; -- image_info = (struct isula_image_info *)util_common_calloc_s(sizeof(struct isula_image_info) * num); -+ image_info = (struct isula_image_info *)util_smart_calloc_s(sizeof(struct isula_image_info), num); - if (image_info == NULL) { - ERROR("out of memory"); - return -1; -@@ -134,17 +134,19 @@ static int unpack_image_info_to_list_response(image_list_images_response *crespo - for (i = 0; i < num; i++) { - if (cresponse->images[i]->target != NULL) { - image_info[i].type = cresponse->images[i]->target->media_type ? -- util_strdup_s(cresponse->images[i]->target->media_type) : util_strdup_s("-"); -+ util_strdup_s(cresponse->images[i]->target->media_type) : -+ util_strdup_s("-"); - image_info[i].digest = cresponse->images[i]->target->digest ? -- util_strdup_s(cresponse->images[i]->target->digest) : util_strdup_s("-"); -+ util_strdup_s(cresponse->images[i]->target->digest) : -+ util_strdup_s("-"); - image_info[i].size = cresponse->images[i]->target->size; - } - if (cresponse->images[i]->created_at != NULL) { - image_info[i].created = cresponse->images[i]->created_at->seconds; - image_info[i].created_nanos = cresponse->images[i]->created_at->nanos; - } -- image_info[i].imageref = cresponse->images[i]->name ? -- util_strdup_s(cresponse->images[i]->name) : util_strdup_s("-"); -+ image_info[i].imageref = cresponse->images[i]->name ? util_strdup_s(cresponse->images[i]->name) : -+ util_strdup_s("-"); - } - } - -@@ -524,7 +526,6 @@ out: - return ret; - } - -- - /* rest image pull */ - static int rest_image_pull(const struct isula_pull_request *request, struct isula_pull_response *response, void *arg) - { -@@ -824,7 +825,6 @@ out: - return ret; - } - -- - /* rest image tag */ - static int rest_image_tag(const struct isula_tag_request *request, struct isula_tag_response *response, void *arg) - { -@@ -929,7 +929,6 @@ out: - static int rest_image_import(const struct isula_import_request *request, struct isula_import_response *response, - void *arg) - { -- - client_connect_config_t *connect_config = (client_connect_config_t *)arg; - const char *socketname = (const char *)(connect_config->socket); - char *body = NULL; -@@ -963,7 +962,6 @@ out: - return ret; - } - -- - /* rest images client ops init */ - int rest_images_client_ops_init(isula_connect_ops *ops) - { -@@ -983,4 +981,3 @@ int rest_images_client_ops_init(isula_connect_ops *ops) - - return 0; - } -- -diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c -index 2db2fd21..97da80ac 100644 ---- a/src/cmd/isula/base/create.c -+++ b/src/cmd/isula/base/create.c -@@ -51,8 +51,7 @@ - const char g_cmd_create_desc[] = "Create a new container"; - const char g_cmd_create_usage[] = "create [OPTIONS] --external-rootfs=PATH|IMAGE [COMMAND] [ARG...]"; - --struct client_arguments g_cmd_create_args = { -- .runtime = "", -+struct client_arguments g_cmd_create_args = { .runtime = "", - .restart = "no", - .cr.oom_score_adj = 0, - .custom_conf.health_interval = 0, -@@ -717,11 +716,7 @@ static int request_pack_host_ns_change_files(const struct client_arguments *args - files = net_ipc_files; - files_len = sizeof(net_ipc_files) / sizeof(net_ipc_files[0]); - } -- if (files_len > (SIZE_MAX / sizeof(char *)) - 1) { -- ERROR("Too many files"); -- return -1; -- } -- hostconfig->ns_change_files = util_common_calloc_s((files_len + 1) * sizeof(char *)); -+ hostconfig->ns_change_files = util_smart_calloc_s(sizeof(char *), (files_len + 1)); - if (hostconfig->ns_change_files == NULL) { - ERROR("Out of memory"); - return -1; -diff --git a/src/cmd/isula/information/inspect.c b/src/cmd/isula/information/inspect.c -index 55366551..bb52b42a 100644 ---- a/src/cmd/isula/information/inspect.c -+++ b/src/cmd/isula/information/inspect.c -@@ -775,7 +775,7 @@ static char **inspect_split_filter(const char *format, size_t *filter_len) - return res_array; - } - -- res_array = (char **)util_common_calloc_s(sizeof(char *) * (*filter_len)); -+ res_array = (char **)util_smart_calloc_s(sizeof(char *), (*filter_len)); - if (res_array == NULL) { - ERROR("out of memory"); - return NULL; -@@ -847,14 +847,14 @@ static int generate_filter_string(char ***filter_string, bool **json_format, siz - } - - *filter_string_len = format_size; -- *filter_string = (char **)util_common_calloc_s(sizeof(char *) * format_size); -+ *filter_string = (char **)util_smart_calloc_s(sizeof(char *), format_size); - if (*filter_string == NULL) { - ERROR("out of memory"); - ret = ECOMMON; - goto error_out; - } - -- *json_format = (bool *)util_common_calloc_s(sizeof(bool) * format_size * g_cmd_inspect_args.argc); -+ *json_format = (bool *)util_smart_calloc_s(sizeof(bool), format_size * g_cmd_inspect_args.argc); - if (*json_format == NULL) { - ERROR("out of memory"); - ret = ECOMMON; -diff --git a/src/cmd/isula/isula_container_spec.c b/src/cmd/isula/isula_container_spec.c -index 9340708f..09406d09 100644 ---- a/src/cmd/isula/isula_container_spec.c -+++ b/src/cmd/isula/isula_container_spec.c -@@ -48,12 +48,7 @@ static int pack_container_custom_config_args(container_config *container_spec, - - /* commands */ - if ((custom_conf->cmd_len != 0 && custom_conf->cmd)) { -- if (custom_conf->cmd_len > SIZE_MAX / sizeof(char *)) { -- COMMAND_ERROR("The length of cmd is too long!"); -- ret = -1; -- goto out; -- } -- container_spec->cmd = util_common_calloc_s(custom_conf->cmd_len * sizeof(char *)); -+ container_spec->cmd = util_smart_calloc_s(sizeof(char *), custom_conf->cmd_len); - if (container_spec->cmd == NULL) { - ret = -1; - goto out; -@@ -76,11 +71,7 @@ static int pack_container_custom_config_array(container_config *container_spec, - - /* environment variables */ - if (custom_conf->env_len != 0 && custom_conf->env) { -- if (custom_conf->env_len > SIZE_MAX / sizeof(char *)) { -- COMMAND_ERROR("Too many environment variables"); -- return -1; -- } -- container_spec->env = util_common_calloc_s(custom_conf->env_len * sizeof(char *)); -+ container_spec->env = util_smart_calloc_s(sizeof(char *), custom_conf->env_len); - if (container_spec->env == NULL) { - ret = -1; - goto out; -@@ -202,7 +193,7 @@ static int pack_custom_with_health_check(container_config *container_spec, const - int ret = 0; - - if (custom_conf->health_cmd != NULL && strlen(custom_conf->health_cmd) != 0) { -- health_config->test = util_common_calloc_s(2 * sizeof(char *)); -+ health_config->test = util_smart_calloc_s(sizeof(char *), 2); - if (health_config->test == NULL) { - ret = -1; - goto out; -diff --git a/src/cmd/isula/isula_host_spec.c b/src/cmd/isula/isula_host_spec.c -index 297f9299..11e3eed3 100644 ---- a/src/cmd/isula/isula_host_spec.c -+++ b/src/cmd/isula/isula_host_spec.c -@@ -401,12 +401,7 @@ static int pack_hostconfig_ulimits(host_config *dstconfig, const isula_host_conf - goto out; - } - -- if (srcconfig->ulimits_len > SIZE_MAX / sizeof(host_config_ulimits_element *)) { -- COMMAND_ERROR("Too many ulimit elements in host config"); -- ret = -1; -- goto out; -- } -- dstconfig->ulimits = util_common_calloc_s(srcconfig->ulimits_len * sizeof(host_config_ulimits_element *)); -+ dstconfig->ulimits = util_smart_calloc_s(sizeof(host_config_ulimits_element *), srcconfig->ulimits_len); - if (dstconfig->ulimits == NULL) { - COMMAND_ERROR("Out of memory"); - ret = -1; -@@ -1127,12 +1122,7 @@ int generate_devices(host_config *dstconfig, const isula_host_config_t *srcconfi - goto out; - } - -- if (srcconfig->devices_len > SIZE_MAX / sizeof(host_config_devices_element *)) { -- ERROR("Too many devices to be populated into container"); -- ret = -1; -- goto out; -- } -- dstconfig->devices = util_common_calloc_s(sizeof(host_config_devices_element *) * srcconfig->devices_len); -+ dstconfig->devices = util_smart_calloc_s(sizeof(host_config_devices_element *), srcconfig->devices_len); - if (dstconfig->devices == NULL) { - ret = -1; - goto out; -@@ -1472,13 +1462,7 @@ static int generate_mounts(host_config *dstconfig, const isula_host_config_t *sr - goto out; - } - -- if (srcconfig->mounts_len > SIZE_MAX / sizeof(char *)) { -- COMMAND_ERROR("Too many mounts to mount!"); -- ret = -1; -- goto out; -- } -- -- dstconfig->mounts = util_common_calloc_s(srcconfig->mounts_len * sizeof(mount_spec*)); -+ dstconfig->mounts = util_smart_calloc_s(sizeof(mount_spec *), srcconfig->mounts_len); - if (dstconfig->mounts == NULL) { - ret = -1; - goto out; -@@ -1540,13 +1524,7 @@ int generate_security(host_config *dstconfig, const isula_host_config_t *srcconf - goto out; - } - -- if (srcconfig->security_len > SIZE_MAX / sizeof(char *)) { -- COMMAND_ERROR("Too many security opts!"); -- ret = -1; -- goto out; -- } -- -- dstconfig->security_opt = util_common_calloc_s(srcconfig->security_len * sizeof(char *)); -+ dstconfig->security_opt = util_smart_calloc_s(sizeof(char *), srcconfig->security_len); - if (dstconfig->security_opt == NULL) { - ret = -1; - goto out; -diff --git a/src/cmd/isula/stream/exec.c b/src/cmd/isula/stream/exec.c -index df911d0b..2d0d37da 100644 ---- a/src/cmd/isula/stream/exec.c -+++ b/src/cmd/isula/stream/exec.c -@@ -394,7 +394,7 @@ static char *generate_exec_suffix() - { - char *exec_suffix = NULL; - -- exec_suffix = util_common_calloc_s(sizeof(char) * (CONTAINER_ID_MAX_LEN + 1)); -+ exec_suffix = util_smart_calloc_s(sizeof(char), (CONTAINER_ID_MAX_LEN + 1)); - if (exec_suffix == NULL) { - ERROR("Out of memory"); - goto out; -diff --git a/src/cmd/isulad/isulad_commands.c b/src/cmd/isulad/isulad_commands.c -index 89d91c1b..798416a3 100644 ---- a/src/cmd/isulad/isulad_commands.c -+++ b/src/cmd/isulad/isulad_commands.c -@@ -468,7 +468,7 @@ static int do_merge_conf_hosts_into_global(struct service_arguments *args) - - if (args->hosts_len == 0) { - /* set default host */ -- args->hosts = (char **)util_common_calloc_s(sizeof(char *) * DEFAULT_HOSTS_LEN); -+ args->hosts = (char **)util_smart_calloc_s(sizeof(char *), DEFAULT_HOSTS_LEN); - if (args->hosts == NULL) { - ERROR("Out of memory"); - return -1; -@@ -544,8 +544,7 @@ static int do_merge_conf_default_ulimit_into_global(struct service_arguments *ar - telem.name = ptr->name; - telem.hard = ptr->hard; - telem.soft = ptr->soft; -- if (ulimit_array_append(&args->default_ulimit, &telem, args->default_ulimit_len) != -- 0) { -+ if (ulimit_array_append(&args->default_ulimit, &telem, args->default_ulimit_len) != 0) { - ERROR("merge json confs default ulimit config failed"); - return -1; - } -diff --git a/src/daemon/common/events_format.c b/src/daemon/common/events_format.c -index 96dec401..e5ceab92 100644 ---- a/src/daemon/common/events_format.c -+++ b/src/daemon/common/events_format.c -@@ -46,7 +46,7 @@ int event_copy(const struct isulad_events_format *src, struct isulad_events_form - - if (src->annotations_len != 0) { - util_free_array_by_len(dest->annotations, dest->annotations_len); -- dest->annotations = (char **)util_common_calloc_s(src->annotations_len * sizeof(char *)); -+ dest->annotations = (char **)util_smart_calloc_s(sizeof(char *), src->annotations_len); - if (dest->annotations == NULL) { - ERROR("Out of memory"); - return -1; -diff --git a/src/daemon/config/daemon_arguments.c b/src/daemon/config/daemon_arguments.c -index c107fd74..719efef0 100644 ---- a/src/daemon/config/daemon_arguments.c -+++ b/src/daemon/config/daemon_arguments.c -@@ -118,11 +118,11 @@ int service_arguments_init(struct service_arguments *args) - if (args->json_confs->log_opts == NULL) { - goto free_out; - } -- args->json_confs->log_opts->keys = (char **)util_common_calloc_s(sizeof(char *) * DEFAULT_LOG_OPTS_LEN); -+ args->json_confs->log_opts->keys = (char **)util_smart_calloc_s(sizeof(char *), DEFAULT_LOG_OPTS_LEN); - if (args->json_confs->log_opts->keys == NULL) { - goto free_out; - } -- args->json_confs->log_opts->values = (char **)util_common_calloc_s(sizeof(char *) * DEFAULT_LOG_OPTS_LEN); -+ args->json_confs->log_opts->values = (char **)util_smart_calloc_s(sizeof(char *), DEFAULT_LOG_OPTS_LEN); - if (args->json_confs->log_opts->values == NULL) { - goto free_out; - } -@@ -138,8 +138,8 @@ int service_arguments_init(struct service_arguments *args) - args->max_size = 1024 * 1024; - - // init container log configs -- args->json_confs->container_log = (isulad_daemon_configs_container_log *)util_common_calloc_s(sizeof( -- isulad_daemon_configs_container_log)); -+ args->json_confs->container_log = -+ (isulad_daemon_configs_container_log *)util_common_calloc_s(sizeof(isulad_daemon_configs_container_log)); - if (args->json_confs->container_log == NULL) { - ERROR("Out of memory"); - goto free_out; -diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c -index 38d2a0bf..1270d0c6 100644 ---- a/src/daemon/config/isulad_config.c -+++ b/src/daemon/config/isulad_config.c -@@ -323,7 +323,7 @@ char *conf_get_routine_rootdir(const char *runtime) - ERROR("The size of path exceeds the limit"); - goto out; - } -- path = util_common_calloc_s(sizeof(char) * len); -+ path = util_smart_calloc_s(sizeof(char), len); - if (path == NULL) { - ERROR("Out of memory"); - goto out; -@@ -660,7 +660,7 @@ char *get_log_file_helper(const struct service_arguments *conf, const char *suff - ERROR("The size of path exceeds the limit"); - return NULL; - } -- logfile = util_common_calloc_s(len * sizeof(char)); -+ logfile = util_smart_calloc_s(sizeof(char), len); - if (logfile == NULL) { - ERROR("Out of memory"); - goto out; -@@ -760,7 +760,7 @@ char *conf_get_engine_log_file() - ERROR("The size of path exceeds the limit"); - goto out; - } -- full_path = util_common_calloc_s(len * sizeof(char)); -+ full_path = util_smart_calloc_s(sizeof(char), len); - if (full_path == NULL) { - FATAL("Out of Memory"); - goto out; -@@ -990,10 +990,7 @@ HOOKS_ELEM_DUP_DEF(poststop) - int hooks_##item##_dup(oci_runtime_spec_hooks *dest, const oci_runtime_spec_hooks *src) \ - { \ - int i = 0; \ -- if (src->item##_len > SIZE_MAX / sizeof(defs_hook *) - 1) { \ -- return -1; \ -- } \ -- dest->item = util_common_calloc_s(sizeof(defs_hook *) * (src->item##_len + 1)); \ -+ dest->item = util_smart_calloc_s(sizeof(defs_hook *), (src->item##_len + 1)); \ - if (dest->item == NULL) \ - return -1; \ - dest->item##_len = src->item##_len; \ -diff --git a/src/daemon/entry/connect/grpc/grpc_containers_service_private.cc b/src/daemon/entry/connect/grpc/grpc_containers_service_private.cc -index 56283c8d..e8a48d58 100644 ---- a/src/daemon/entry/connect/grpc/grpc_containers_service_private.cc -+++ b/src/daemon/entry/connect/grpc/grpc_containers_service_private.cc -@@ -206,12 +206,7 @@ int ContainerServiceImpl::top_request_from_grpc(const TopRequest *grequest, cont - } - - if (grequest->args_size() > 0) { -- if ((size_t)grequest->args_size() > SIZE_MAX / sizeof(char *)) { -- ERROR("Too many arguments!"); -- free_container_top_request(tmpreq); -- return -1; -- } -- tmpreq->args = (char **)util_common_calloc_s(sizeof(char *) * grequest->args_size()); -+ tmpreq->args = (char **)util_smart_calloc_s(sizeof(char *), grequest->args_size()); - if (tmpreq->args == nullptr) { - ERROR("Out of memory"); - free_container_top_request(tmpreq); -@@ -373,12 +368,7 @@ int ContainerServiceImpl::exec_request_from_grpc(const ExecRequest *grequest, co - } - - if (grequest->argv_size() > 0) { -- if ((size_t)grequest->argv_size() > SIZE_MAX / sizeof(char *)) { -- ERROR("Too many arguments!"); -- free_container_exec_request(tmpreq); -- return -1; -- } -- tmpreq->argv = (char **)util_common_calloc_s(sizeof(char *) * grequest->argv_size()); -+ tmpreq->argv = (char **)util_smart_calloc_s(sizeof(char *), grequest->argv_size()); - if (tmpreq->argv == nullptr) { - ERROR("Out of memory"); - free_container_exec_request(tmpreq); -@@ -391,12 +381,7 @@ int ContainerServiceImpl::exec_request_from_grpc(const ExecRequest *grequest, co - } - - if (grequest->env_size() > 0) { -- if ((size_t)grequest->argv_size() > SIZE_MAX / sizeof(char *)) { -- ERROR("Too many environmental variables!"); -- free_container_exec_request(tmpreq); -- return -1; -- } -- tmpreq->env = (char **)util_common_calloc_s(sizeof(char *) * grequest->env_size()); -+ tmpreq->env = (char **)util_smart_calloc_s(sizeof(char *), grequest->env_size()); - if (tmpreq->env == nullptr) { - ERROR("Out of memory"); - free_container_exec_request(tmpreq); -@@ -490,15 +475,11 @@ int ContainerServiceImpl::list_request_from_grpc(const ListRequest *grequest, co - *request = tmpreq; - return 0; - } -- if (len > SIZE_MAX / sizeof(char *)) { -- ERROR("invalid filters size"); -- goto cleanup; -- } -- tmpreq->filters->keys = (char **)util_common_calloc_s(len * sizeof(char *)); -+ tmpreq->filters->keys = (char **)util_smart_calloc_s(sizeof(char *), len); - if (tmpreq->filters->keys == nullptr) { - goto cleanup; - } -- tmpreq->filters->values = (json_map_string_bool **)util_common_calloc_s(len * sizeof(json_map_string_bool *)); -+ tmpreq->filters->values = (json_map_string_bool **)util_smart_calloc_s(sizeof(json_map_string_bool *), len); - if (tmpreq->filters->values == nullptr) { - free(tmpreq->filters->keys); - tmpreq->filters->keys = nullptr; -@@ -744,7 +725,7 @@ int ContainerServiceImpl::stats_request_from_grpc(const StatsRequest *grequest, - } - - if (grequest->containers_size() > 0) { -- tmpreq->containers = (char **)util_common_calloc_s(grequest->containers_size() * sizeof(char *)); -+ tmpreq->containers = (char **)util_smart_calloc_s(sizeof(char *), grequest->containers_size()); - if (tmpreq->containers == nullptr) { - ERROR("Out of memory"); - free_container_stats_request(tmpreq); -diff --git a/src/daemon/entry/connect/grpc/grpc_images_service.cc b/src/daemon/entry/connect/grpc/grpc_images_service.cc -index 79c4fb7c..b1ca98b8 100644 ---- a/src/daemon/entry/connect/grpc/grpc_images_service.cc -+++ b/src/daemon/entry/connect/grpc/grpc_images_service.cc -@@ -40,22 +40,17 @@ int ImagesServiceImpl::image_list_request_from_grpc(const ListImagesRequest *gre - *request = tmpreq; - return 0; - } -- if (len > SIZE_MAX / sizeof(char *)) { -- ERROR("invalid filters size"); -- goto cleanup; -- } -- - tmpreq->filters = (defs_filters *)util_common_calloc_s(sizeof(defs_filters)); - if (tmpreq->filters == nullptr) { - ERROR("Out of memory"); - goto cleanup; - } - -- tmpreq->filters->keys = (char **)util_common_calloc_s(len * sizeof(char *)); -+ tmpreq->filters->keys = (char **)util_smart_calloc_s(sizeof(char *), len); - if (tmpreq->filters->keys == nullptr) { - goto cleanup; - } -- tmpreq->filters->values = (json_map_string_bool **)util_common_calloc_s(len * sizeof(json_map_string_bool *)); -+ tmpreq->filters->values = (json_map_string_bool **)util_smart_calloc_s(sizeof(json_map_string_bool *), len); - if (tmpreq->filters->values == nullptr) { - free(tmpreq->filters->keys); - tmpreq->filters->keys = nullptr; -diff --git a/src/daemon/entry/cri/checkpoint_handler.cc b/src/daemon/entry/cri/checkpoint_handler.cc -index 858c830c..d5eab7a7 100644 ---- a/src/daemon/entry/cri/checkpoint_handler.cc -+++ b/src/daemon/entry/cri/checkpoint_handler.cc -@@ -202,11 +202,7 @@ void CheckpointData::CheckpointDataToCStruct(cri_checkpoint_data **data, Errors - } - (*data)->host_network = m_hostNetwork; - if (len > 0) { -- if (len > SIZE_MAX / sizeof(cri_port_mapping *)) { -- error.SetError("Invalid port mapping size"); -- goto out; -- } -- (*data)->port_mappings = (cri_port_mapping **)util_common_calloc_s(sizeof(cri_port_mapping *) * len); -+ (*data)->port_mappings = (cri_port_mapping **)util_smart_calloc_s(sizeof(cri_port_mapping *), len); - if ((*data)->port_mappings == nullptr) { - error.SetError("Out of memory"); - goto out; -diff --git a/src/daemon/entry/cri/cri_helpers.cc b/src/daemon/entry/cri/cri_helpers.cc -index 525d65a0..e5db52f6 100644 ---- a/src/daemon/entry/cri/cri_helpers.cc -+++ b/src/daemon/entry/cri/cri_helpers.cc -@@ -77,8 +77,7 @@ auto GetDefaultSandboxImage(Errors &err) -> std::string - const std::string defaultPodSandboxImageName { "pause" }; - const std::string defaultPodSandboxImageVersion { "3.0" }; - std::string machine; -- struct utsname uts { -- }; -+ struct utsname uts {}; - - if (uname(&uts) < 0) { - err.SetError("Failed to read host arch."); -@@ -230,16 +229,12 @@ auto FiltersAdd(defs_filters *filters, const std::string &key, const std::string - } - - size_t len = filters->len + 1; -- if (len > SIZE_MAX / sizeof(char *)) { -- ERROR("Invalid filter size"); -- return -1; -- } -- char **keys = (char **)util_common_calloc_s(len * sizeof(char *)); -+ char **keys = (char **)util_smart_calloc_s(sizeof(char *), len); - if (keys == nullptr) { - ERROR("Out of memory"); - return -1; - } -- json_map_string_bool **vals = (json_map_string_bool **)util_common_calloc_s(len * sizeof(json_map_string_bool *)); -+ json_map_string_bool **vals = (json_map_string_bool **)util_smart_calloc_s(sizeof(json_map_string_bool *), len); - if (vals == nullptr) { - free(keys); - ERROR("Out of memory"); -@@ -299,10 +294,7 @@ auto ContainerStatusToRuntime(Container_Status status) -> runtime::v1alpha2::Con - auto StringVectorToCharArray(std::vector &path) -> char ** - { - size_t len = path.size(); -- if (len == 0 || len > (SIZE_MAX / sizeof(char *)) - 1) { -- return nullptr; -- } -- char **result = (char **)util_common_calloc_s((len + 1) * sizeof(char *)); -+ char **result = (char **)util_smart_calloc_s(sizeof(char *), (len + 1)); - if (result == nullptr) { - return nullptr; - } -@@ -487,12 +479,8 @@ void GenerateMountBindings(const google::protobuf::RepeatedPtrField INT_MAX / sizeof(char *)) { -- err.SetError("Too many mounts"); -- return; -- } - -- hostconfig->binds = (char **)util_common_calloc_s(mounts.size() * sizeof(char *)); -+ hostconfig->binds = (char **)util_smart_calloc_s(sizeof(char *), mounts.size()); - if (hostconfig->binds == nullptr) { - err.SetError("Out of memory"); - return; -@@ -737,7 +725,6 @@ out: - free_cri_checkpoint(criCheckpoint); - } - -- - auto InspectContainer(const std::string &Id, Errors &err, bool with_host_config) -> container_inspect * - { - container_inspect *inspect_data { nullptr }; -@@ -761,8 +748,7 @@ int32_t ToInt32Timeout(int64_t timeout) - return (int32_t)timeout; - } - --void GetContainerLogPath(const std::string &containerID, char **path, char **realPath, -- Errors &error) -+void GetContainerLogPath(const std::string &containerID, char **path, char **realPath, Errors &error) - { - container_inspect *info = InspectContainer(containerID, error, false); - if (info == nullptr || error.NotEmpty()) { -@@ -812,8 +798,8 @@ cleanup: - free(realPath); - } - --void GetContainerTimeStamps(const container_inspect *inspect, int64_t *createdAt, -- int64_t *startedAt, int64_t *finishedAt, Errors &err) -+void GetContainerTimeStamps(const container_inspect *inspect, int64_t *createdAt, int64_t *startedAt, -+ int64_t *finishedAt, Errors &err) - { - if (inspect == nullptr) { - err.SetError("Invalid arguments"); -@@ -979,7 +965,7 @@ cleanup: - - char *GenerateExecSuffix() - { -- char *exec_suffix = (char *)util_common_calloc_s(sizeof(char) * (CONTAINER_ID_MAX_LEN + 1)); -+ char *exec_suffix = (char *)util_smart_calloc_s(sizeof(char), (CONTAINER_ID_MAX_LEN + 1)); - if (exec_suffix == nullptr) { - ERROR("Out of memory"); - return nullptr; -diff --git a/src/daemon/entry/cri/cri_security_context.cc b/src/daemon/entry/cri/cri_security_context.cc -index 466e0e1c..8484108c 100644 ---- a/src/daemon/entry/cri/cri_security_context.cc -+++ b/src/daemon/entry/cri/cri_security_context.cc -@@ -41,11 +41,7 @@ static void ModifyHostConfigCapabilities(const runtime::v1alpha2::LinuxContainer - - const google::protobuf::RepeatedPtrField &capAdd = sc.capabilities().add_capabilities(); - if (!capAdd.empty()) { -- if (static_cast(capAdd.size()) > SIZE_MAX / sizeof(char *)) { -- error.SetError("Invalid capability add size"); -- return; -- } -- hostConfig->cap_add = (char **)util_common_calloc_s(sizeof(char *) * capAdd.size()); -+ hostConfig->cap_add = (char **)util_smart_calloc_s(sizeof(char *), capAdd.size()); - if (hostConfig->cap_add == nullptr) { - error.SetError("Out of memory"); - return; -@@ -57,11 +53,7 @@ static void ModifyHostConfigCapabilities(const runtime::v1alpha2::LinuxContainer - } - const google::protobuf::RepeatedPtrField &capDrop = sc.capabilities().drop_capabilities(); - if (!capDrop.empty()) { -- if (static_cast(capDrop.size()) > SIZE_MAX / sizeof(char *)) { -- error.SetError("Invalid capability drop size"); -- return; -- } -- hostConfig->cap_drop = (char **)util_common_calloc_s(sizeof(char *) * capDrop.size()); -+ hostConfig->cap_drop = (char **)util_smart_calloc_s(sizeof(char *), capDrop.size()); - if (hostConfig->cap_drop == nullptr) { - error.SetError("Out of memory"); - return; -diff --git a/src/daemon/entry/cri/websocket/service/exec_serve.cc b/src/daemon/entry/cri/websocket/service/exec_serve.cc -index 7b7d36b5..b779f25f 100644 ---- a/src/daemon/entry/cri/websocket/service/exec_serve.cc -+++ b/src/daemon/entry/cri/websocket/service/exec_serve.cc -@@ -45,11 +45,7 @@ void *ExecServe::SetContainerStreamRequest(::google::protobuf::Message *request, - } - - if (grequest->cmd_size() > 0) { -- if (static_cast(grequest->cmd_size()) > SIZE_MAX / sizeof(char *)) { -- ERROR("Too many arguments!"); -- return nullptr; -- } -- m_request->argv = (char **)util_common_calloc_s(sizeof(char *) * grequest->cmd_size()); -+ m_request->argv = (char **)util_smart_calloc_s(sizeof(char *), grequest->cmd_size()); - if (m_request->argv == nullptr) { - ERROR("Out of memory!"); - return nullptr; -@@ -109,7 +105,7 @@ int ExecServe::ExecuteStreamCommand(SessionData *lwsCtx, void *request) - - void ExecServe::CloseConnect(SessionData *lwsCtx) - { -- closeWsConnect((void*)lwsCtx, nullptr); -+ closeWsConnect((void *)lwsCtx, nullptr); - } - - void ExecServe::FreeRequest(void *m_request) -diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c -index 850e0a0f..626cfbc6 100644 ---- a/src/daemon/executor/container_cb/execution_create.c -+++ b/src/daemon/executor/container_cb/execution_create.c -@@ -589,7 +589,7 @@ static char *try_generate_id() - char *id = NULL; - char *value = NULL; - -- id = util_common_calloc_s(sizeof(char) * (CONTAINER_ID_MAX_LEN + 1)); -+ id = util_smart_calloc_s(sizeof(char), (CONTAINER_ID_MAX_LEN + 1)); - if (id == NULL) { - ERROR("Out of memory"); - return NULL; -@@ -675,14 +675,8 @@ static int conf_get_image_id(const char *image, char **id) - goto out; - } - -- if (strlen(ir->id) > SIZE_MAX / sizeof(char) - strlen("sha256:")) { -- ERROR("Invalid image id"); -- ret = -1; -- goto out; -- } -- - len = strlen("sha256:") + strlen(ir->id) + 1; -- image_id = (char *)util_common_calloc_s(len * sizeof(char)); -+ image_id = (char *)util_smart_calloc_s(sizeof(char), len); - if (image_id == NULL) { - ERROR("Out of memory"); - ret = -1; -@@ -835,7 +829,7 @@ static int prepare_host_channel(const host_config_host_channel *host_channel, co - #ifdef ENABLE_USERNS_REMAP - char *daemon_userns_remap = conf_get_isulad_userns_remap(); - if (daemon_userns_remap != NULL) { -- userns_remap = (const char *) daemon_userns_remap; -+ userns_remap = (const char *)daemon_userns_remap; - } - #endif - -diff --git a/src/daemon/executor/container_cb/execution_extend.c b/src/daemon/executor/container_cb/execution_extend.c -index 91ce5dbb..5b131a80 100644 ---- a/src/daemon/executor/container_cb/execution_extend.c -+++ b/src/daemon/executor/container_cb/execution_extend.c -@@ -341,11 +341,7 @@ error_out: - - static int service_stats_make_memory(container_info ***stats_arr, size_t num) - { -- if (num > SIZE_MAX / sizeof(container_info *)) { -- return -1; -- } -- -- *stats_arr = util_common_calloc_s(num * sizeof(container_info *)); -+ *stats_arr = util_smart_calloc_s(sizeof(container_info *), num); - if (*stats_arr == NULL) { - ERROR("Out of memory"); - return -1; -diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c -index 297f96b9..144daebf 100644 ---- a/src/daemon/executor/container_cb/execution_information.c -+++ b/src/daemon/executor/container_cb/execution_information.c -@@ -483,12 +483,8 @@ int parse_output(char **title, char ***process, size_t *process_len, const char - - pid_num = get_pid_num(*title); - stime = get_stime(*title); -- if (util_array_len((const char **)tmp) > SIZE_MAX / sizeof(char *)) { -- ERROR("Invalid array length"); -- ret = -1; -- goto out; -- } -- *process = util_common_calloc_s(util_array_len((const char **)tmp) * sizeof(char *)); -+ -+ *process = util_smart_calloc_s(sizeof(char *), util_array_len((const char **)tmp)); - if (*process == NULL) { - ERROR("Out of memory"); - ret = -1; -@@ -604,15 +600,9 @@ static int get_pids(const char *name, const char *runtime, const char *rootpath, - goto out; - } - -- if (out->pids_len > SIZE_MAX / sizeof(pid_t)) { -- ERROR("list too many pids"); -- ret = -1; -- goto out; -- } -- - if (out->pids_len != 0) { - pid_t *tmp = NULL; -- tmp = util_common_calloc_s(sizeof(pid_t) * out->pids_len); -+ tmp = util_smart_calloc_s(sizeof(pid_t), out->pids_len); - if (tmp == NULL) { - ERROR("Memory out"); - ret = -1; -@@ -814,12 +804,7 @@ static int container_top_cb(container_top_request *request, container_top_respon - cc = ISULAD_ERR_EXEC; - goto pack_response; - } -- if (process_len > SIZE_MAX / sizeof(char *)) { -- ERROR("invalid processe size"); -- cc = ISULAD_ERR_EXEC; -- goto pack_response; -- } -- (*response)->processes = util_common_calloc_s(process_len * sizeof(char *)); -+ (*response)->processes = util_smart_calloc_s(sizeof(char *), process_len); - if ((*response)->processes == NULL) { - ERROR("Out of memory"); - cc = ISULAD_ERR_EXEC; -diff --git a/src/daemon/executor/container_cb/list.c b/src/daemon/executor/container_cb/list.c -index 90f4a548..026f1efb 100644 ---- a/src/daemon/executor/container_cb/list.c -+++ b/src/daemon/executor/container_cb/list.c -@@ -609,14 +609,7 @@ static int pack_list_containers(char **idsarray, const struct list_context *ctx, - if (container_nums == 0) { - goto out; - } -- -- if (container_nums > (SIZE_MAX / sizeof(container_container *))) { -- ERROR("Get too many containers:%zu", container_nums); -- ret = -1; -- goto out; -- } -- -- response->containers = util_common_calloc_s(container_nums * sizeof(container_container *)); -+ response->containers = util_smart_calloc_s(sizeof(container_container *), container_nums); - if (response->containers == NULL) { - ERROR("Out of memory"); - ret = -1; -diff --git a/src/daemon/executor/image_cb/image_cb.c b/src/daemon/executor/image_cb/image_cb.c -index e75cf65c..10a9661a 100644 ---- a/src/daemon/executor/image_cb/image_cb.c -+++ b/src/daemon/executor/image_cb/image_cb.c -@@ -659,14 +659,7 @@ static int trans_im_list_images(const im_list_response *im_list, image_list_imag - // If one image have several repo tags, display them all. Image with no - // repo will also be displayed - images_display_num = calc_images_display_num(im_list->images); -- if (images_display_num >= (SIZE_MAX / sizeof(image_image *))) { -- INFO("Too many images, out of memory"); -- ret = -1; -- isulad_try_set_error_message("Get too many images info, out of memory"); -- goto out; -- } -- -- response->images = util_common_calloc_s(sizeof(image_image *) * images_display_num); -+ response->images = util_smart_calloc_s(sizeof(image_image *), images_display_num); - if (response->images == NULL) { - ERROR("Out of memory"); - ret = -1; -@@ -1074,7 +1067,7 @@ static int image_pull_cb(const image_pull_image_request *request, image_pull_ima - } - - EVENT("Image Event: {Object: %s, Type: Pulling}", image_ref); -- ret = pull_request_from_rest(request, &im_req); -+ ret = pull_request_from_rest(request, &im_req); - if (ret != 0) { - goto out; - } -@@ -1101,7 +1094,6 @@ out: - return (ret < 0) ? ECOMMON : ret; - } - -- - /* image callback init */ - void image_callback_init(service_image_callback_t *cb) - { -diff --git a/src/daemon/modules/container/container_state.c b/src/daemon/modules/container/container_state.c -index efcbe852..d342df25 100644 ---- a/src/daemon/modules/container/container_state.c -+++ b/src/daemon/modules/container/container_state.c -@@ -479,12 +479,7 @@ static int container_dup_health_check_status(defs_health **dst, const defs_healt - result->status = src->status ? util_strdup_s(src->status) : NULL; - result->failing_streak = src->failing_streak; - if (src->log_len != 0) { -- if (src->log_len > SIZE_MAX / sizeof(defs_health_log_element *)) { -- ERROR("Invalid log size"); -- ret = -1; -- goto error; -- } -- result->log = util_common_calloc_s(sizeof(defs_health_log_element *) * src->log_len); -+ result->log = util_smart_calloc_s(sizeof(defs_health_log_element *), src->log_len); - if (result->log == NULL) { - ERROR("Out of memory"); - ret = -1; -diff --git a/src/daemon/modules/container/container_unix.c b/src/daemon/modules/container/container_unix.c -index 98f91ea9..9910b3c8 100644 ---- a/src/daemon/modules/container/container_unix.c -+++ b/src/daemon/modules/container/container_unix.c -@@ -387,16 +387,11 @@ static int pack_path_and_args_from_container_spec(const container_config *contai - v2_spec->path = util_strdup_s(container_spec->entrypoint[0]); - total = container_spec->entrypoint_len + container_spec->cmd_len - 1; - -- if (total > SIZE_MAX / sizeof(char *)) { -- ERROR("Container oci spec process args elements is too much!"); -- ret = -1; -- goto out; -- } - if (total == 0) { - goto out; - } - -- v2_spec->args = util_common_calloc_s(total * sizeof(char *)); -+ v2_spec->args = util_smart_calloc_s(sizeof(char *), total); - if (v2_spec->args == NULL) { - ERROR("Out of memory"); - ret = -1; -diff --git a/src/daemon/modules/container/containers_store.c b/src/daemon/modules/container/containers_store.c -index e0700296..e5c5b2ef 100644 ---- a/src/daemon/modules/container/containers_store.c -+++ b/src/daemon/modules/container/containers_store.c -@@ -262,11 +262,7 @@ int containers_store_list(container_t ***out, size_t *size) - ret = 0; - goto unlock; - } -- if (*size > SIZE_MAX / sizeof(container_t *)) { -- ERROR("Containers store list is too long!"); -- goto unlock; -- } -- conts = util_common_calloc_s(sizeof(container_t *) * (*size)); -+ conts = util_smart_calloc_s(sizeof(container_t *), (*size)); - if (conts == NULL) { - ERROR("Out of memory"); - goto unlock; -diff --git a/src/daemon/modules/container/health_check/health_check.c b/src/daemon/modules/container/health_check/health_check.c -index dc00ae33..59ec01aa 100644 ---- a/src/daemon/modules/container/health_check/health_check.c -+++ b/src/daemon/modules/container/health_check/health_check.c -@@ -289,13 +289,15 @@ static char **health_check_cmds(const container_config *config) - } - - shell_len = util_array_len((const char **)shell); -- if (shell_len > (SIZE_MAX / sizeof(char *)) - config->healthcheck->test_len) { -- ERROR("Invalid shell length"); -+ -+ if (config->healthcheck->test_len > SIZE_MAX - shell_len) { -+ ERROR("Invalid test comand length"); - goto out; - } -- cmd_slice = util_common_calloc_s((shell_len + config->healthcheck->test_len) * sizeof(char *)); -+ -+ cmd_slice = util_smart_calloc_s(sizeof(char *), (shell_len + config->healthcheck->test_len)); - if (cmd_slice == NULL) { -- ERROR("out of memory"); -+ ERROR("Out of memory"); - goto out; - } - for (i = 0; i < shell_len; i++) { -@@ -423,8 +425,7 @@ static int handle_increment_streak(container_t *cont, int retries) - if (cont->common_config->config->healthcheck->exit_on_unhealthy) { - pthread_t stop_container_tid = { 0 }; - char *container_id = util_strdup_s(cont->common_config->id); -- if (pthread_create(&stop_container_tid, NULL, stop_container_on_unhealthy, -- (void *)container_id)) { -+ if (pthread_create(&stop_container_tid, NULL, stop_container_on_unhealthy, (void *)container_id)) { - free(container_id); - ERROR("Failed to create thread to exec health check"); - ret = -1; -@@ -845,8 +846,8 @@ static void *health_check_monitor(void *arg) - case MONITOR_IDLE: - /* fall-through */ - default: -- if (do_monitor_default(container_id, probe_interval, cont->health_check, -- &start_timestamp, &last_timestamp) != 0) { -+ if (do_monitor_default(container_id, probe_interval, cont->health_check, &start_timestamp, -+ &last_timestamp) != 0) { - goto out; - } - break; -diff --git a/src/daemon/modules/image/embedded/embedded_image.c b/src/daemon/modules/image/embedded/embedded_image.c -index e6c136e0..910ba24a 100644 ---- a/src/daemon/modules/image/embedded/embedded_image.c -+++ b/src/daemon/modules/image/embedded/embedded_image.c -@@ -169,13 +169,7 @@ static int embedded_images_to_imagetool_images(struct db_all_images *all_images, - goto out; - } - -- if (images_num >= (SIZE_MAX / sizeof(imagetool_image_summary *))) { -- ERROR("Too many images, out of memory"); -- ret = -1; -- isulad_try_set_error_message("Get too many images info, out of memory"); -- goto out; -- } -- list->images = util_common_calloc_s(sizeof(imagetool_image_summary *) * images_num); -+ list->images = util_smart_calloc_s(sizeof(imagetool_image_summary *), images_num); - if (list->images == NULL) { - ERROR("Out of memory"); - ret = -1; -diff --git a/src/daemon/modules/image/oci/oci_config_merge.c b/src/daemon/modules/image/oci/oci_config_merge.c -index 41529a11..dc9cbb74 100644 ---- a/src/daemon/modules/image/oci/oci_config_merge.c -+++ b/src/daemon/modules/image/oci/oci_config_merge.c -@@ -73,12 +73,7 @@ static int do_duplicate_commands(const oci_image_spec_config *config, container_ - return 0; - } - -- if (config->cmd_len > SIZE_MAX / sizeof(char *)) { -- ERROR("too many commands!"); -- return -1; -- } -- -- container_spec->cmd = (char **)util_common_calloc_s(sizeof(char *) * config->cmd_len); -+ container_spec->cmd = (char **)util_smart_calloc_s(sizeof(char *), config->cmd_len); - if (container_spec->cmd == NULL) { - ERROR("Out of memory"); - return -1; -@@ -239,13 +234,7 @@ static int dup_health_check_from_image(const defs_health_check *image_health_che - return -1; - } - -- if (image_health_check->test_len > SIZE_MAX / sizeof(char *)) { -- ERROR("invalid health check commands!"); -- ret = -1; -- goto out; -- } -- -- health_check->test = util_common_calloc_s(sizeof(char *) * image_health_check->test_len); -+ health_check->test = util_smart_calloc_s(sizeof(char *), image_health_check->test_len); - if (health_check->test == NULL) { - ERROR("Out of memory"); - ret = -1; -diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c -index a8eecfe9..64ef2a1a 100644 ---- a/src/daemon/modules/image/oci/oci_load.c -+++ b/src/daemon/modules/image/oci/oci_load.c -@@ -224,7 +224,7 @@ static char **str_array_copy(char **arr, size_t len) - char **str_arr = NULL; - size_t i = 0; - -- str_arr = util_common_calloc_s(sizeof(char *) * len); -+ str_arr = util_smart_calloc_s(sizeof(char *), len); - if (str_arr == NULL) { - ERROR("Out of memory"); - return NULL; -@@ -705,7 +705,8 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items - } - - if (conf->rootfs->diff_ids_len != im->layers_len) { -- ERROR("Invalid manifest, layers length mismatch: expected %zu, got %zu", im->layers_len, conf->rootfs->diff_ids_len); -+ ERROR("Invalid manifest, layers length mismatch: expected %zu, got %zu", im->layers_len, -+ conf->rootfs->diff_ids_len); - ret = -1; - goto out; - } -@@ -727,7 +728,8 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items - // The format is sha256:xxx - im->layers[i]->chain_id = oci_load_calc_chain_id(parent_chain_id_sha256, conf->rootfs->diff_ids[i]); - if (im->layers[i]->chain_id == NULL) { -- ERROR("calc chain id failed, diff id %s, parent chain id %s", conf->rootfs->diff_ids[i], parent_chain_id_sha256); -+ ERROR("calc chain id failed, diff id %s, parent chain id %s", conf->rootfs->diff_ids[i], -+ parent_chain_id_sha256); - ret = -1; - goto out; - } -@@ -881,7 +883,7 @@ static int oci_load_set_manifest_info(load_image_t *im) - } - - im->manifest->schema_version = OCI_SCHEMA_VERSION; -- im->manifest->layers = util_common_calloc_s(sizeof(oci_image_content_descriptor *) * im->layers_len); -+ im->manifest->layers = util_smart_calloc_s(sizeof(oci_image_content_descriptor *), im->layers_len); - if (im->manifest->layers == NULL) { - ERROR("Out of memory"); - ret = -1; -diff --git a/src/daemon/modules/image/oci/registry/auths.c b/src/daemon/modules/image/oci/registry/auths.c -index f8cd7977..02b9753c 100644 ---- a/src/daemon/modules/image/oci/registry/auths.c -+++ b/src/daemon/modules/image/oci/registry/auths.c -@@ -236,7 +236,7 @@ static int add_allocated_auth(registry_auths *auths, char *host, char *auth) - - result_len = auths->auths->len + 1; - element = util_common_calloc_s(sizeof(defs_map_string_object_auths_element)); -- values = util_common_calloc_s(sizeof(defs_map_string_object_auths_element *) * result_len); -+ values = util_smart_calloc_s(sizeof(defs_map_string_object_auths_element *), result_len); - if (element == NULL || values == NULL) { - ERROR("out of memory"); - ret = -1; -diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c -index 25973c71..e6369f90 100644 ---- a/src/daemon/modules/image/oci/registry/registry.c -+++ b/src/daemon/modules/image/oci/registry/registry.c -@@ -132,7 +132,7 @@ static int parse_manifest_schema1(pull_descriptor *desc) - goto out; - } - -- desc->layers = util_common_calloc_s(sizeof(layer_blob) * manifest->fs_layers_len); -+ desc->layers = util_smart_calloc_s(sizeof(layer_blob), manifest->fs_layers_len); - if (desc->layers == NULL) { - ERROR("out of memory"); - ret = -1; -@@ -197,7 +197,7 @@ static int parse_manifest_schema2(pull_descriptor *desc) - goto out; - } - -- desc->layers = util_common_calloc_s(sizeof(layer_blob) * manifest->layers_len); -+ desc->layers = util_smart_calloc_s(sizeof(layer_blob), manifest->layers_len); - if (desc->layers == NULL) { - ERROR("out of memory"); - ret = -1; -@@ -250,7 +250,7 @@ static int parse_manifest_ociv1(pull_descriptor *desc) - goto out; - } - -- desc->layers = util_common_calloc_s(sizeof(layer_blob) * manifest->layers_len); -+ desc->layers = util_smart_calloc_s(sizeof(layer_blob), manifest->layers_len); - if (desc->layers == NULL) { - ERROR("out of memory"); - ret = -1; -@@ -390,7 +390,7 @@ static int add_cached_layer(char *blob_digest, char *file, thread_fetch_info *in - struct linked_list *node = NULL; - char *src_file = NULL; - thread_fetch_info *src_info = NULL; -- file_elem *elem = {NULL}; -+ file_elem *elem = { NULL }; - pull_descriptor *desc = info->desc; - - cache = (cached_layer *)map_search(g_shared->cached_layers, blob_digest); -@@ -430,8 +430,8 @@ static int add_cached_layer(char *blob_digest, char *file, thread_fetch_info *in - ret = -1; - goto out; - } -- src_file = ((file_elem*)elem)->file; -- src_info = ((file_elem*)elem)->info; -+ src_file = ((file_elem *)elem)->file; -+ src_info = ((file_elem *)elem)->info; - if (src_info == NULL) { - ERROR("source info is NULL, this should never happen"); - ret = -1; -@@ -561,16 +561,16 @@ static int set_cached_info_to_desc(thread_fetch_info *info) - } - - if (desc->layers[i].diff_id == NULL) { -- ERROR("layer %zu of image %s have invalid NULL diffid, info->use=%d, info->diffid=%s", -- i, desc->image_name, info->use, info->diffid); -+ ERROR("layer %zu of image %s have invalid NULL diffid, info->use=%d, info->diffid=%s", i, desc->image_name, -+ info->use, info->diffid); - return -1; - } - - if (desc->layers[i].chain_id == NULL) { - desc->layers[i].chain_id = calc_chain_id(desc->parent_chain_id, desc->layers[i].diff_id); - if (desc->layers[i].chain_id == NULL) { -- ERROR("calc chain id failed, diff id %s, parent chain id %s", -- desc->layers[i].diff_id, desc->parent_chain_id); -+ ERROR("calc chain id failed, diff id %s, parent chain id %s", desc->layers[i].diff_id, -+ desc->parent_chain_id); - return -1; - } - } -@@ -1177,7 +1177,7 @@ static void notify_cached_descs(char *blob_digest) - - // notify all related register threads to do register - linked_list_for_each_safe(item, &cache->file_list, next) { -- info = ((file_elem*)item->elem)->info; -+ info = ((file_elem *)item->elem)->info; - info->notified = true; - register_layer_notify(info->desc); - } -@@ -1249,7 +1249,7 @@ static int add_fetch_task(thread_fetch_info *info) - pthread_t tid = 0; - bool cached_layers_added = true; - cached_layer *cache = NULL; -- struct timespec ts = {0}; -+ struct timespec ts = { 0 }; - - mutex_lock(&g_shared->mutex); - cache = get_cached_layer(info->blob_digest); -@@ -1406,7 +1406,7 @@ static void *register_layers_in_thread(void *arg) - int ret = 0; - int cond_ret = 0; - size_t i = 0; -- struct timespec ts = {0}; -+ struct timespec ts = { 0 }; - - ret = pthread_detach(pthread_self()); - if (ret != 0) { -@@ -1425,8 +1425,8 @@ static void *register_layers_in_thread(void *arg) - // here we can't just break and cleanup resources because threads are running. - // desc is freed if we break and then isulad crash. sleep some time - // instead to avoid cpu full running and then retry. -- ERROR("condition wait for layer %zu to complete failed, ret %d, error: %s", -- i, cond_ret, strerror(errno)); -+ ERROR("condition wait for layer %zu to complete failed, ret %d, error: %s", i, cond_ret, -+ strerror(errno)); - sleep(10); - continue; - } -@@ -1504,14 +1504,14 @@ static int fetch_all(pull_descriptor *desc) - char *parent_chain_id = NULL; - struct layer_list *list = NULL; - pthread_t tid = 0; -- struct timespec ts = {0}; -+ struct timespec ts = { 0 }; - - if (desc == NULL) { - ERROR("Invalid NULL param"); - return -1; - } - -- infos = util_common_calloc_s(sizeof(thread_fetch_info) * desc->layers_len); -+ infos = util_smart_calloc_s(sizeof(thread_fetch_info), desc->layers_len); - if (infos == NULL) { - ERROR("out of memory"); - return -1; -@@ -1611,8 +1611,7 @@ static int fetch_all(pull_descriptor *desc) - // here we can't just break and cleanup resources because threads are running. - // desc is freed if we break and then isulad crash. sleep some time - // instead to avoid cpu full running and then retry. -- ERROR("condition wait for all layers to complete failed, ret %d, error: %s", -- cond_ret, strerror(errno)); -+ ERROR("condition wait for all layers to complete failed, ret %d, error: %s", cond_ret, strerror(errno)); - sleep(10); - continue; - } -diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c -index edb28b78..3ee69ee7 100644 ---- a/src/daemon/modules/image/oci/storage/image_store/image_store.c -+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c -@@ -2256,7 +2256,7 @@ static int pack_health_check_from_image(const oci_image_spec *spec, imagetool_im - goto out; - } - -- healthcheck->test = util_common_calloc_s(sizeof(char *) * spec->config->healthcheck->test_len); -+ healthcheck->test = util_smart_calloc_s(sizeof(char *), spec->config->healthcheck->test_len); - if (healthcheck->test == NULL) { - ERROR("Out of memory"); - ret = -1; -@@ -2662,7 +2662,7 @@ int image_store_get_all_images(imagetool_images_list *images_list) - goto unlock; - } - -- images_list->images = util_common_calloc_s(g_image_store->images_list_len * sizeof(imagetool_image *)); -+ images_list->images = util_smart_calloc_s(g_image_store->images_list_len, sizeof(imagetool_image *)); - if (images_list->images == NULL) { - ERROR("Out of memory"); - ret = -1; -@@ -3175,7 +3175,7 @@ static int get_layers_from_manifest(const registry_manifest_schema1 *manifest, l - goto out; - } - -- layers = util_common_calloc_s(sizeof(layer_blob) * manifest->fs_layers_len); -+ layers = util_smart_calloc_s(sizeof(layer_blob), manifest->fs_layers_len); - if (layers == NULL) { - ERROR("out of memory"); - ret = -1; -diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c -index 415f2004..80a25502 100644 ---- a/src/daemon/modules/image/oci/utils_images.c -+++ b/src/daemon/modules/image/oci/utils_images.c -@@ -305,7 +305,7 @@ char *make_big_data_base_name(const char *key) - } - name_size = 1 + strlen(b64_encode_name) + 1; // '=' + encode string + '\0' - -- base_name = (char *)util_common_calloc_s(name_size * sizeof(char)); -+ base_name = (char *)util_smart_calloc_s(sizeof(char), name_size); - if (base_name == NULL) { - ERROR("Out of memory"); - ret = -1; -@@ -436,7 +436,7 @@ int add_rootfs_and_history(const layer_blob *layers, size_t layers_len, const re - } - - config->rootfs = util_common_calloc_s(sizeof(docker_image_rootfs)); -- config->history = util_common_calloc_s(sizeof(docker_image_history *) * layers_len); -+ config->history = util_smart_calloc_s(sizeof(docker_image_history *), layers_len); - if (config->rootfs == NULL || config->history == NULL) { - ERROR("out of memory"); - return -1; -diff --git a/src/daemon/modules/plugin/plugin.c b/src/daemon/modules/plugin/plugin.c -index 4e343a20..bd45f8a3 100644 ---- a/src/daemon/modules/plugin/plugin.c -+++ b/src/daemon/modules/plugin/plugin.c -@@ -1123,12 +1123,7 @@ static int pm_init_plugin(const plugin_t *plugin) - * prepare or delete dirty resource. - */ - if (container_num) { -- if (container_num > SIZE_MAX / sizeof(plugin_init_plugin_request_containers_element *)) { -- ERROR("Invalid container nums"); -- ret = -1; -- goto out; -- } -- reqs.containers = util_common_calloc_s(container_num * sizeof(plugin_init_plugin_request_containers_element *)); -+ reqs.containers = util_smart_calloc_s(sizeof(plugin_init_plugin_request_containers_element *), container_num); - if (reqs.containers == NULL) { - ERROR("Out of memory"); - ret = -1; -diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c -index f5313fa8..724def25 100644 ---- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c -+++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c -@@ -335,7 +335,7 @@ static int generate_user_string_by_uid_gid(const defs_process_user *puser, char - } - - len = strlen(uid_str) + 1 + strlen(gid_str) + 1; -- *user = (char *)util_common_calloc_s(len * sizeof(char)); -+ *user = (char *)util_smart_calloc_s(sizeof(char), len); - if (*user == NULL) { - ERROR("Out of memory"); - return -1; -diff --git a/src/daemon/modules/service/inspect_container.c b/src/daemon/modules/service/inspect_container.c -index b060fe12..3136433f 100644 ---- a/src/daemon/modules/service/inspect_container.c -+++ b/src/daemon/modules/service/inspect_container.c -@@ -42,12 +42,7 @@ static int dup_path_and_args(const container_t *cont, char **path, char ***args, - *path = util_strdup_s(cont->common_config->path); - } - if (cont->common_config->args_len > 0) { -- if ((cont->common_config->args_len) > SIZE_MAX / sizeof(char *)) { -- ERROR("Containers config args len is too many!"); -- ret = -1; -- goto out; -- } -- *args = util_common_calloc_s(cont->common_config->args_len * sizeof(char *)); -+ *args = util_smart_calloc_s(sizeof(char *), cont->common_config->args_len); - if ((*args) == NULL) { - ERROR("Out of memory"); - ret = -1; -@@ -111,12 +106,7 @@ static int dup_health_check_config(const container_config *src, container_inspec - goto out; - } - if (src->healthcheck->test != NULL && src->healthcheck->test_len != 0) { -- if (src->healthcheck->test_len > SIZE_MAX / sizeof(char *)) { -- ERROR("health check test is too much!"); -- ret = -1; -- goto out; -- } -- dest->health_check->test = util_common_calloc_s(src->healthcheck->test_len * sizeof(char *)); -+ dest->health_check->test = util_smart_calloc_s(sizeof(char *), src->healthcheck->test_len); - if (dest->health_check->test == NULL) { - ERROR("Out of memory"); - ret = -1; -@@ -313,11 +303,7 @@ static int mount_point_to_inspect(const container_t *cont, container_inspect *in - } - - len = cont->common_config->mount_points->len; -- if (len > SIZE_MAX / sizeof(docker_types_mount_point *)) { -- ERROR("Invalid mount point size"); -- return -1; -- } -- inspect->mounts = util_common_calloc_s(sizeof(docker_types_mount_point *) * len); -+ inspect->mounts = util_smart_calloc_s(sizeof(docker_types_mount_point *), len); - if (inspect->mounts == NULL) { - ERROR("Out of memory"); - return -1; -diff --git a/src/daemon/modules/service/io_handler.c b/src/daemon/modules/service/io_handler.c -index d57894f2..893733bc 100644 ---- a/src/daemon/modules/service/io_handler.c -+++ b/src/daemon/modules/service/io_handler.c -@@ -218,22 +218,18 @@ static void io_copy_thread_cleanup(struct io_write_wrapper *writers, struct io_c - free(channels); - } - --static int io_copy_init_fds(size_t len, int **infds, int **outfds, int **srcfds, -- struct io_write_wrapper **writers, transfer_channel_type **channels) -+static int io_copy_init_fds(size_t len, int **infds, int **outfds, int **srcfds, struct io_write_wrapper **writers, -+ transfer_channel_type **channels) - { - size_t i; - -- if (len > SIZE_MAX / sizeof(struct io_write_wrapper)) { -- ERROR("Invalid arguments"); -- return -1; -- } -- *srcfds = util_common_calloc_s(sizeof(int) * len); -+ *srcfds = util_smart_calloc_s(sizeof(int), len); - if (*srcfds == NULL) { - ERROR("Out of memory"); - return -1; - } - -- *infds = util_common_calloc_s(sizeof(int) * len); -+ *infds = util_smart_calloc_s(sizeof(int), len); - if (*infds == NULL) { - ERROR("Out of memory"); - return -1; -@@ -241,7 +237,7 @@ static int io_copy_init_fds(size_t len, int **infds, int **outfds, int **srcfds, - for (i = 0; i < len; i++) { - (*infds)[i] = -1; - } -- *outfds = util_common_calloc_s(sizeof(int) * len); -+ *outfds = util_smart_calloc_s(sizeof(int), len); - if (*outfds == NULL) { - ERROR("Out of memory"); - return -1; -@@ -250,13 +246,13 @@ static int io_copy_init_fds(size_t len, int **infds, int **outfds, int **srcfds, - (*outfds)[i] = -1; - } - -- *writers = util_common_calloc_s(sizeof(struct io_write_wrapper) * len); -+ *writers = util_smart_calloc_s(sizeof(struct io_write_wrapper), len); - if (*writers == NULL) { - ERROR("Out of memory"); - return -1; - } - -- *channels = util_common_calloc_s(sizeof(transfer_channel_type) * len); -+ *channels = util_smart_calloc_s(sizeof(transfer_channel_type), len); - if (*channels == NULL) { - ERROR("Out of memory"); - return -1; -@@ -266,7 +262,6 @@ static int io_copy_init_fds(size_t len, int **infds, int **outfds, int **srcfds, - (*channels)[i] = MAX_CHANNEL; - } - return 0; -- - } - typedef int (*src_io_type_handle)(int index, struct io_copy_arg *copy_arg, int *infds, int *srcfds); - -@@ -305,8 +300,8 @@ static int handle_src_io_max(int index, struct io_copy_arg *copy_arg, int *infds - return -1; - } - --static int io_copy_make_srcfds(size_t len, struct io_copy_arg *copy_arg, int *infds, -- int *srcfds, transfer_channel_type *channels) -+static int io_copy_make_srcfds(size_t len, struct io_copy_arg *copy_arg, int *infds, int *srcfds, -+ transfer_channel_type *channels) - { - size_t i; - -@@ -536,11 +531,13 @@ int ready_copy_io_data(int sync_fd, bool detach, const char *fifoin, const char - if (fifoout != NULL) { - // fifos[1] : lxc -> iSulad read - // fifoout : iSulad -> iSula write -- add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[1], IO_FIFO, (void *)fifoout, O_WRONLY, STDOUT_CHANNEL); -+ add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[1], IO_FIFO, (void *)fifoout, O_WRONLY, -+ STDOUT_CHANNEL); - } - - if (fifoerr != NULL) { -- add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[2], IO_FIFO, (void *)fifoerr, O_WRONLY, STDERR_CHANNEL); -+ add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[2], IO_FIFO, (void *)fifoerr, O_WRONLY, -+ STDERR_CHANNEL); - } - - if (stdin_fd > 0) { -@@ -548,11 +545,13 @@ int ready_copy_io_data(int sync_fd, bool detach, const char *fifoin, const char - } - - if (stdout_handler != NULL) { -- add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[1], IO_FUNC, stdout_handler, O_WRONLY, STDOUT_CHANNEL); -+ add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[1], IO_FUNC, stdout_handler, O_WRONLY, -+ STDOUT_CHANNEL); - } - - if (stderr_handler != NULL) { -- add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[2], IO_FUNC, stderr_handler, O_WRONLY, STDERR_CHANNEL); -+ add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[2], IO_FUNC, stderr_handler, O_WRONLY, -+ STDERR_CHANNEL); - } - - if (start_io_copy_thread(sync_fd, detach, io_copy, len, tid) != 0) { -diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c -index 43a4a0c9..f90ffd7d 100644 ---- a/src/daemon/modules/service/service_container.c -+++ b/src/daemon/modules/service/service_container.c -@@ -1690,7 +1690,7 @@ static int dup_defs_process_user(defs_process_user *src, defs_process_user **dst - (*dst)->gid = src->gid; - - if (src->additional_gids_len != 0) { -- (*dst)->additional_gids = util_common_calloc_s(sizeof(gid_t) * src->additional_gids_len); -+ (*dst)->additional_gids = util_smart_calloc_s(sizeof(gid_t), src->additional_gids_len); - if ((*dst)->additional_gids == NULL) { - ERROR("Out of memory"); - ret = -1; -diff --git a/src/daemon/modules/spec/parse_volume.c b/src/daemon/modules/spec/parse_volume.c -index 7b02f6ca..40c4cecb 100644 ---- a/src/daemon/modules/spec/parse_volume.c -+++ b/src/daemon/modules/spec/parse_volume.c -@@ -341,14 +341,14 @@ static int check_volume_element(const char *volume) - return ret; - } - --static int set_volume_element_options(defs_mount *mount_element, const char **modes, bool *with_rw, -- bool *with_pro, bool *with_label) -+static int set_volume_element_options(defs_mount *mount_element, const char **modes, bool *with_rw, bool *with_pro, -+ bool *with_label) - { - const size_t max_options_len = 4; - size_t options_len = 0; - size_t i = 0; - -- mount_element->options = util_common_calloc_s(max_options_len * sizeof(char *)); -+ mount_element->options = util_smart_calloc_s(sizeof(char *), max_options_len); - if (mount_element->options == NULL) { - ERROR("Out of memory"); - return -1; -diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c -index 7023fa41..cf4aa111 100644 ---- a/src/daemon/modules/spec/specs.c -+++ b/src/daemon/modules/spec/specs.c -@@ -1305,11 +1305,7 @@ static int prepare_process_args(oci_runtime_spec *oci_spec, size_t args_len) - oci_spec->process->args_len = 0; - } - -- if (args_len > (SIZE_MAX / sizeof(char *))) { -- return -1; -- } -- -- oci_spec->process->args = util_common_calloc_s(args_len * sizeof(char *)); -+ oci_spec->process->args = util_smart_calloc_s(sizeof(char *), args_len); - if (oci_spec->process->args == NULL) { - return -1; - } -diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c -index e55832c5..62fd875c 100644 ---- a/src/daemon/modules/spec/specs_mount.c -+++ b/src/daemon/modules/spec/specs_mount.c -@@ -376,7 +376,7 @@ static defs_mount *mount_point_to_defs_mnt(container_config_v2_common_config_mou - return NULL; - } - mnt->options = -- util_common_calloc_s(sizeof(char *) * (options_len + 3)); // +2 for readonly/propagation/selinux_relabel -+ util_smart_calloc_s(sizeof(char *), (options_len + 3)); // +2 for readonly/propagation/selinux_relabel - if (mnt->options == NULL) { - ERROR("Out of memory"); - ret = -1; -@@ -1154,12 +1154,7 @@ static host_config_devices_element **parse_multi_devices(const char *dir_host, c - return NULL; - } - -- if (devices_len > SIZE_MAX / sizeof(host_config_devices_element *)) { -- ERROR("Too many devices"); -- return NULL; -- } -- -- dev_maps = util_common_calloc_s(devices_len * sizeof(host_config_devices_element *)); -+ dev_maps = util_smart_calloc_s(sizeof(host_config_devices_element *), devices_len); - if (dev_maps == NULL) { - ERROR("Memory out"); - return NULL; -@@ -2312,7 +2307,7 @@ static bool mount_file(defs_mount ***all_mounts, size_t *all_mounts_len, const c - bool ret = false; - defs_mount *tmp_mounts = NULL; - -- options = util_common_calloc_s(options_len * sizeof(char *)); -+ options = util_smart_calloc_s(sizeof(char *), options_len); - if (options == NULL) { - ERROR("Out of memory"); - goto out_free; -@@ -2359,7 +2354,7 @@ static bool add_host_channel_mount(defs_mount ***all_mounts, size_t *all_mounts_ - bool ret = false; - defs_mount *tmp_mounts = NULL; - -- options = util_common_calloc_s(options_len * sizeof(char *)); -+ options = util_smart_calloc_s(sizeof(char *), options_len); - if (options == NULL) { - ERROR("Out of memory"); - goto out_free; -@@ -3262,7 +3257,7 @@ static int merge_all_fs_mounts(host_config *host_spec, container_config *contain - return 0; - } - -- merged_mounts = util_common_calloc_s(sizeof(defs_mount *) * len); -+ merged_mounts = util_smart_calloc_s(sizeof(defs_mount *), len); - if (merged_mounts == NULL) { - ERROR("out of memory"); - ret = -1; -diff --git a/src/daemon/modules/spec/specs_security.c b/src/daemon/modules/spec/specs_security.c -index 8a8b2d86..643c2745 100644 ---- a/src/daemon/modules/spec/specs_security.c -+++ b/src/daemon/modules/spec/specs_security.c -@@ -42,11 +42,11 @@ - - static const char * const g_system_caps[] = { "SYS_BOOT", "SETPCAP", "NET_RAW", "NET_BIND_SERVICE", - #ifdef CAP_AUDIT_WRITE -- "AUDIT_WRITE", -+ "AUDIT_WRITE", - #endif -- "DAC_OVERRIDE", "SETFCAP", "SETGID", "SETUID", "MKNOD", "CHOWN", -- "FOWNER", "FSETID", "KILL", "SYS_CHROOT" -- }; -+ "DAC_OVERRIDE", "SETFCAP", "SETGID", "SETUID", "MKNOD", "CHOWN", -+ "FOWNER", "FSETID", "KILL", "SYS_CHROOT" -+ }; - - static int append_capability(char ***dstcaps, size_t *dstcaps_len, const char *cap) - { -@@ -83,12 +83,7 @@ static int copy_capabilities(char ***dstcaps, size_t *dstcaps_len, const char ** - *dstcaps_len = 0; - return ret; - } -- if (srccaps_len > SIZE_MAX / sizeof(char *)) { -- ERROR("Too many capabilities to copy!"); -- return -1; -- } -- -- *dstcaps = util_common_calloc_s(srccaps_len * sizeof(char *)); -+ *dstcaps = util_smart_calloc_s(sizeof(char *), srccaps_len); - if (*dstcaps == NULL) { - ret = -1; - goto out; -@@ -457,7 +452,7 @@ static bool meet_filtering_rules(const docker_seccomp *seccomp, const docker_sec - return meet_include_arch && meet_include_cap && meet_exclude_arch && meet_exclude_cap; - } - --static size_t docker_seccomp_arches_count(const char* seccomp_architecture, const docker_seccomp *docker_seccomp_spec) -+static size_t docker_seccomp_arches_count(const char *seccomp_architecture, const docker_seccomp *docker_seccomp_spec) - { - size_t count = 0; - size_t i = 0; -@@ -468,7 +463,7 @@ static size_t docker_seccomp_arches_count(const char* seccomp_architecture, cons - } - - for (i = 0; i < docker_seccomp_spec->arch_map_len; ++i) { -- if (docker_seccomp_spec->arch_map[i] == NULL || docker_seccomp_spec->arch_map[i]->architecture == NULL) { -+ if (docker_seccomp_spec->arch_map[i] == NULL || docker_seccomp_spec->arch_map[i]->architecture == NULL) { - continue; - } - if (strcmp(seccomp_architecture, docker_seccomp_spec->arch_map[i]->architecture) == 0) { -@@ -485,7 +480,7 @@ static size_t docker_seccomp_arches_count(const char* seccomp_architecture, cons - return count; - } - --static int dup_architectures_to_oci_spec(const char* seccomp_architecture, const docker_seccomp *docker_seccomp_spec, -+static int dup_architectures_to_oci_spec(const char *seccomp_architecture, const docker_seccomp *docker_seccomp_spec, - oci_runtime_config_linux_seccomp *oci_seccomp_spec) - { - size_t i = 0; -@@ -503,7 +498,7 @@ static int dup_architectures_to_oci_spec(const char* seccomp_architecture, const - return -1; - } - -- oci_seccomp_spec->architectures = util_common_calloc_s(arch_size * sizeof(char *)); -+ oci_seccomp_spec->architectures = util_smart_calloc_s(sizeof(char *), arch_size); - if (oci_seccomp_spec->architectures == NULL) { - ERROR("Failed to calloc memory for architectures in seccomp spec"); - return -1; -@@ -582,12 +577,7 @@ static int dup_syscall_args_to_oci_spec(const docker_seccomp_syscalls_element *d - if (docker_syscall->args_len == 0) { - return 0; - } -- -- if (docker_syscall->args_len > (SIZE_MAX / sizeof(defs_syscall_arg *))) { -- return -1; -- } -- -- oci_syscall->args = util_common_calloc_s(docker_syscall->args_len * sizeof(defs_syscall_arg *)); -+ oci_syscall->args = util_smart_calloc_s(sizeof(defs_syscall_arg *), docker_syscall->args_len); - if (oci_syscall->args == NULL) { - return -1; - } -@@ -620,11 +610,7 @@ static int dup_syscall_to_oci_spec(const docker_seccomp *docker_seccomp_spec, - return 0; - } - -- if (docker_seccomp_spec->syscalls_len > (SIZE_MAX / sizeof(defs_syscall *))) { -- return -1; -- } -- -- oci_seccomp_spec->syscalls = util_common_calloc_s(docker_seccomp_spec->syscalls_len * sizeof(defs_syscall *)); -+ oci_seccomp_spec->syscalls = util_smart_calloc_s(sizeof(defs_syscall *), docker_seccomp_spec->syscalls_len); - if (oci_seccomp_spec->syscalls == NULL) { - return -1; - } -@@ -639,12 +625,8 @@ static int dup_syscall_to_oci_spec(const docker_seccomp *docker_seccomp_spec, - } - oci_seccomp_spec->syscalls_len++; - -- if (docker_seccomp_spec->syscalls[i]->names_len > (SIZE_MAX / sizeof(char *))) { -- return -1; -- } -- - oci_seccomp_spec->syscalls[k]->names = -- util_common_calloc_s(docker_seccomp_spec->syscalls[i]->names_len * sizeof(char *)); -+ util_smart_calloc_s(sizeof(char *), docker_seccomp_spec->syscalls[i]->names_len); - if (oci_seccomp_spec->syscalls[k]->names == NULL) { - return -1; - } -@@ -670,8 +652,9 @@ static int dup_syscall_to_oci_spec(const docker_seccomp *docker_seccomp_spec, - return 0; - } - --static oci_runtime_config_linux_seccomp *trans_docker_seccomp_to_oci_format(const docker_seccomp *docker_seccomp_spec, -- const defs_process_capabilities *capabilities) -+static oci_runtime_config_linux_seccomp * -+trans_docker_seccomp_to_oci_format(const docker_seccomp *docker_seccomp_spec, -+ const defs_process_capabilities *capabilities) - { - oci_runtime_config_linux_seccomp *oci_seccomp_spec = NULL; - -@@ -771,11 +754,7 @@ static defs_syscall *make_seccomp_syscalls_element(const char **names, size_t na - ret->action = util_strdup_s(action ? action : ""); - ret->args_len = args_len; - if (args_len) { -- if (args_len > SIZE_MAX / sizeof(defs_syscall_arg *)) { -- CRIT("Too many seccomp syscalls!"); -- goto out; -- } -- ret->args = util_common_calloc_s(args_len * sizeof(defs_syscall_arg *)); -+ ret->args = util_smart_calloc_s(sizeof(defs_syscall_arg *), args_len); - if (ret->args == NULL) { - CRIT("Memory allocation error."); - goto out; -@@ -794,11 +773,7 @@ static defs_syscall *make_seccomp_syscalls_element(const char **names, size_t na - } - - ret->names_len = names_len; -- if (names_len > SIZE_MAX / sizeof(char *)) { -- CRIT("Too many syscalls!"); -- goto out; -- } -- ret->names = util_common_calloc_s(names_len * sizeof(char *)); -+ ret->names = util_smart_calloc_s(sizeof(char *), names_len); - if (ret->names == NULL) { - CRIT("Memory allocation error."); - goto out; -diff --git a/src/daemon/modules/spec/verify.c b/src/daemon/modules/spec/verify.c -index 4bd11558..fe53bb0f 100644 ---- a/src/daemon/modules/spec/verify.c -+++ b/src/daemon/modules/spec/verify.c -@@ -627,16 +627,12 @@ static bool is_cpuset_list_available(const char *provided, const char *available - } - - cpu_num = sysinfo->ncpus; -- if ((size_t)cpu_num > SIZE_MAX / sizeof(bool)) { -- ERROR("invalid cpu num"); -- goto out; -- } -- parsed_provided = util_common_calloc_s(sizeof(bool) * (unsigned int)cpu_num); -+ parsed_provided = util_smart_calloc_s(sizeof(bool), (unsigned int)cpu_num); - if (parsed_provided == NULL) { - ERROR("memory alloc failed!"); - goto out; - } -- parsed_available = util_common_calloc_s(sizeof(bool) * (unsigned int)cpu_num); -+ parsed_available = util_smart_calloc_s(sizeof(bool), (unsigned int)cpu_num); - if (parsed_available == NULL) { - ERROR("memory alloc failed!"); - goto out; -@@ -1093,7 +1089,7 @@ static int verify_resources_device(defs_resources *resources) - - for (i = 0; i < resources->devices_len; i++) { - if (!util_valid_device_mode(resources->devices[i]->access)) { -- ERROR("Invalid device mode \"%s\" for device \"%" PRId64" %" PRId64 "\"", resources->devices[i]->access, -+ ERROR("Invalid device mode \"%s\" for device \"%" PRId64 " %" PRId64 "\"", resources->devices[i]->access, - resources->devices[i]->major, resources->devices[i]->minor); - isulad_set_error_message("Invalid device mode \"%s\" for device \"%ld %ld\"", resources->devices[i]->access, - resources->devices[i]->major, resources->devices[i]->minor); -diff --git a/src/daemon/modules/volume/local.c b/src/daemon/modules/volume/local.c -index 18961eb1..87b90317 100644 ---- a/src/daemon/modules/volume/local.c -+++ b/src/daemon/modules/volume/local.c -@@ -87,7 +87,7 @@ void free_volumes_info(struct volumes_info *vols) - return; - } - --static struct volume * dup_volume(char *name, char *path) -+static struct volume *dup_volume(char *name, char *path) - { - struct volume *vol = NULL; - -@@ -105,7 +105,7 @@ static struct volume * dup_volume(char *name, char *path) - return vol; - } - --struct volume * local_volume_get(char *name) -+struct volume *local_volume_get(char *name) - { - struct volume *v = NULL; - -@@ -289,7 +289,7 @@ out: - - static int load_volumes(struct volumes_info *vols) - { -- return util_scan_subdirs((const char*)vols->root_dir, load_volume, vols); -+ return util_scan_subdirs((const char *)vols->root_dir, load_volume, vols); - } - - static int local_volume_init(char *scope) -@@ -339,7 +339,7 @@ static int create_volume_meminfo(char *name, struct volume **vol) - struct volume *v = NULL; - int ret = 0; - int sret = 0; -- char path[PATH_MAX] = {0}; -+ char path[PATH_MAX] = { 0 }; - - v = util_common_calloc_s(sizeof(struct volume)); - if (v == NULL) { -@@ -367,7 +367,7 @@ out: - return ret; - } - --static struct volume * volume_create_nolock(char *name) -+static struct volume *volume_create_nolock(char *name) - { - struct volume *v = NULL; - int ret = 0; -@@ -419,7 +419,7 @@ out: - return v; - } - --struct volume * local_volume_create(char *name) -+struct volume *local_volume_create(char *name) - { - struct volume *v_out = NULL; - struct volume *v = NULL; -@@ -473,7 +473,7 @@ static struct volumes *new_empty_volumes(size_t size) - return vols; - } - -- vols->vols = util_common_calloc_s(sizeof(struct volume*) * size); -+ vols->vols = util_smart_calloc_s(sizeof(struct volume *), size); - if (vols->vols == NULL) { - ERROR("out of memory"); - free_volumes(vols); -@@ -483,7 +483,7 @@ static struct volumes *new_empty_volumes(size_t size) - return vols; - } - --struct volumes * local_volume_list(void) -+struct volumes *local_volume_list(void) - { - int ret = 0; - map_itor *itor = NULL; -@@ -661,4 +661,3 @@ out: - - return ret; - } -- -diff --git a/src/daemon/modules/volume/volume.c b/src/daemon/modules/volume/volume.c -index 9d496594..8255aff9 100644 ---- a/src/daemon/modules/volume/volume.c -+++ b/src/daemon/modules/volume/volume.c -@@ -221,7 +221,7 @@ static struct volume_names * empty_volume_names(size_t size) - return NULL; - } - -- vns->names = util_common_calloc_s(sizeof(char *) * size); -+ vns->names = util_smart_calloc_s(sizeof(char *), size); - if (vns->names == NULL) { - ERROR("out of memory"); - ret = -1; -@@ -575,7 +575,7 @@ int volume_prune(struct volume_names **pruned) - } - - if (list->vols_len != 0) { -- (*pruned)->names = util_common_calloc_s(sizeof(char*) * list->vols_len); -+ (*pruned)->names = util_smart_calloc_s(sizeof(char *), list->vols_len); - if ((*pruned)->names == NULL) { - ret = -1; - goto out; -diff --git a/src/utils/console/console.c b/src/utils/console/console.c -index b0dc7ee5..3565eef3 100644 ---- a/src/utils/console/console.c -+++ b/src/utils/console/console.c -@@ -453,11 +453,8 @@ int console_loop_io_copy(int sync_fd, const int *srcfds, struct io_write_wrapper - size_t i = 0; - struct epoll_descr descr; - struct tty_state *ts = NULL; -- if (len > (SIZE_MAX / sizeof(struct tty_state)) - 1) { -- ERROR("Invalid io size"); -- return -1; -- } -- ts = util_common_calloc_s(sizeof(struct tty_state) * (len + 1)); -+ -+ ts = util_smart_calloc_s(sizeof(struct tty_state), (len + 1)); - if (ts == NULL) { - ERROR("Out of memory"); - return -1; -diff --git a/src/utils/cutils/utils_array.c b/src/utils/cutils/utils_array.c -index 448c9d9d..4e2ed6fd 100644 ---- a/src/utils/cutils/utils_array.c -+++ b/src/utils/cutils/utils_array.c -@@ -72,11 +72,7 @@ int util_array_append(char ***array, const char *element) - // let new len to len + 2 for element and null - len = util_array_len((const char **)(*array)); - -- if (len > SIZE_MAX / sizeof(char *) - 2) { -- ERROR("Too many array elements!"); -- return -1; -- } -- new_array = util_common_calloc_s((len + 2) * sizeof(char *)); -+ new_array = util_smart_calloc_s(sizeof(char *), (len + 2)); - if (new_array == NULL) { - ERROR("Out of memory"); - return -1; -@@ -92,8 +88,7 @@ int util_array_append(char ***array, const char *element) - return 0; - } - --int util_grow_array(char ***orig_array, size_t *orig_capacity, size_t size, -- size_t increment) -+int util_grow_array(char ***orig_array, size_t *orig_capacity, size_t size, size_t increment) - { - size_t add_capacity; - char **add_array = NULL; -@@ -102,7 +97,7 @@ int util_grow_array(char ***orig_array, size_t *orig_capacity, size_t size, - return -1; - } - -- if (((*orig_array) == NULL) || ((*orig_capacity) == 0)) { -+ if (((*orig_array) == NULL) || ((*orig_capacity) == 0)) { - UTIL_FREE_AND_SET_NULL(*orig_array); - *orig_capacity = 0; - } -@@ -112,10 +107,7 @@ int util_grow_array(char ***orig_array, size_t *orig_capacity, size_t size, - add_capacity += increment; - } - if (add_capacity != *orig_capacity) { -- if (add_capacity > SIZE_MAX / sizeof(void *)) { -- return -1; -- } -- add_array = util_common_calloc_s(add_capacity * sizeof(void *)); -+ add_array = util_smart_calloc_s(sizeof(void *), add_capacity); - if (add_array == NULL) { - return -1; - } -diff --git a/src/utils/cutils/utils_string.c b/src/utils/cutils/utils_string.c -index 8c9b2eea..de1cc60e 100644 ---- a/src/utils/cutils/utils_string.c -+++ b/src/utils/cutils/utils_string.c -@@ -303,11 +303,7 @@ static char **util_shrink_array(char **orig_array, size_t new_size) - if (new_size == 0) { - return orig_array; - } -- if (new_size > SIZE_MAX / sizeof(char *)) { -- ERROR("Invalid arguments"); -- return orig_array; -- } -- new_array = util_common_calloc_s(new_size * sizeof(char *)); -+ new_array = util_smart_calloc_s(sizeof(char *), new_size); - if (new_array == NULL) { - return orig_array; - } -@@ -724,11 +720,7 @@ int util_dup_array_of_strings(const char **src, size_t src_len, char ***dst, siz - - *dst = NULL; - *dst_len = 0; -- if (src_len > SIZE_MAX / sizeof(char *)) { -- ERROR("Src elements is too much!"); -- return -1; -- } -- *dst = (char **)util_common_calloc_s(src_len * sizeof(char *)); -+ *dst = (char **)util_smart_calloc_s(sizeof(char *), src_len); - if (*dst == NULL) { - ERROR("Out of memory"); - return -1; -@@ -853,7 +845,7 @@ int util_string_array_unique(const char **elements, size_t length, char ***uniqu - } - - tmp_elements_len = map_size(map); -- tmp_elements = (char **)util_common_calloc_s(tmp_elements_len * sizeof(char *)); -+ tmp_elements = (char **)util_smart_calloc_s(sizeof(char *), tmp_elements_len); - if (tmp_elements == NULL) { - ERROR("Out of memory"); - ret = -1; -diff --git a/test/image/oci/oci_config_merge/oci_config_merge_ut.cc b/test/image/oci/oci_config_merge/oci_config_merge_ut.cc -index 3c9d5004..d94229b2 100644 ---- a/test/image/oci/oci_config_merge/oci_config_merge_ut.cc -+++ b/test/image/oci/oci_config_merge/oci_config_merge_ut.cc -@@ -353,9 +353,7 @@ TEST(oci_config_merge_ut, test_oci_image_merge_config) - tool_image->spec->config->entrypoint_len = 1; - } - -- MOCK_SET_V(util_smart_calloc_s, util_smart_calloc_s_fail); - ASSERT_EQ(oci_image_merge_config(tool_image, custom_config), 0); -- MOCK_CLEAR(util_smart_calloc_s); - - free_imagetool_image(tool_image); - tool_image = nullptr; --- -2.32.1 (Apple Git-133) - diff --git a/0028-increase-websocket-lws_lookup-size.patch b/0028-increase-websocket-lws_lookup-size.patch deleted file mode 100644 index d7b6440..0000000 --- a/0028-increase-websocket-lws_lookup-size.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 2ca552a7faee850c6cfdccc4625b4459add56074 Mon Sep 17 00:00:00 2001 -From: zhangxiaoyu -Date: Tue, 21 Jun 2022 17:34:23 +0800 -Subject: [PATCH 28/30] increase websocket lws_lookup size - -Signed-off-by: zhangxiaoyu ---- - src/daemon/entry/cri/websocket/service/ws_server.cc | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/src/daemon/entry/cri/websocket/service/ws_server.cc b/src/daemon/entry/cri/websocket/service/ws_server.cc -index 0e462737..98c0fee0 100644 ---- a/src/daemon/entry/cri/websocket/service/ws_server.cc -+++ b/src/daemon/entry/cri/websocket/service/ws_server.cc -@@ -187,7 +187,13 @@ void WebsocketServer::EmitLog(int level, const char *line) - - int WebsocketServer::CreateContext() - { -- const size_t WS_ULIMIT_FDS { 1024 }; -+ /* -+ context->lws_lookup is allocated ( sizeof(struct lws *) * max_fds ) spaces, -+ In general, max_fds should be the process maximum number of open file descriptor. -+ If WS_ULIMIT_FDS set too large, context->lws_lookup will cost too much memory. -+ If WS_ULIMIT_FDS set too small, maybe fd > max_fds and context->lws_lookup[fd] will overflow. -+ */ -+ const size_t WS_ULIMIT_FDS { 10240 }; - - m_url.SetScheme("ws"); - m_url.SetHost("localhost:" + std::to_string(m_listenPort)); -@@ -208,7 +214,7 @@ int WebsocketServer::CreateContext() - - /* daemon set RLIMIT_NOFILE to a large value at main.c, - * belowing lws_create_context limit the fds of websocket to RLIMIT_NOFILE, -- * and malloced memory according to it. To reduce memory, we recover it to 1024 before create m_context. -+ * and malloced memory according to it. To reduce memory, we recover it to WS_ULIMIT_FDS before create m_context. - */ - rlimit oldLimit, newLimit; - newLimit.rlim_cur = WS_ULIMIT_FDS; --- -2.32.1 (Apple Git-133) - diff --git a/0029-fix-misuse-of-BUFSIZ.patch b/0029-fix-misuse-of-BUFSIZ.patch deleted file mode 100644 index 2a1ee18..0000000 --- a/0029-fix-misuse-of-BUFSIZ.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 3bc72738519d6f38674c7ce8b9d89a9a5e160ae6 Mon Sep 17 00:00:00 2001 -From: WangFengTu -Date: Tue, 21 Jun 2022 19:15:12 +0800 -Subject: [PATCH 29/30] fix misuse of BUFSIZ - -Signed-off-by: WangFengTu ---- - src/daemon/common/err_msg.c | 6 +++--- - src/daemon/entry/cri/errors.cc | 3 +-- - src/utils/cutils/error.h | 3 +-- - src/utils/cutils/utils.c | 2 +- - 4 files changed, 6 insertions(+), 8 deletions(-) - -diff --git a/src/daemon/common/err_msg.c b/src/daemon/common/err_msg.c -index 3e62fad6..531af82b 100644 ---- a/src/daemon/common/err_msg.c -+++ b/src/daemon/common/err_msg.c -@@ -38,7 +38,7 @@ void isulad_set_error_message(const char *format, ...) - - ret = vsnprintf(errbuf, BUFSIZ, format, argp); - va_end(argp); -- if (ret < 0 || ret >= BUFSIZ) { -+ if (ret < 0) { - return; - } - -@@ -61,7 +61,7 @@ void isulad_try_set_error_message(const char *format, ...) - - ret = vsnprintf(errbuf, BUFSIZ, format, argp); - va_end(argp); -- if (ret < 0 || ret >= BUFSIZ) { -+ if (ret < 0) { - return; - } - -@@ -80,7 +80,7 @@ void isulad_append_error_message(const char *format, ...) - - ret = vsnprintf(errbuf, BUFSIZ, format, argp); - va_end(argp); -- if (ret < 0 || ret >= BUFSIZ) { -+ if (ret < 0) { - return; - } - result = util_string_append(g_isulad_errmsg, errbuf); -diff --git a/src/daemon/entry/cri/errors.cc b/src/daemon/entry/cri/errors.cc -index a80ca433..3dc3bba6 100644 ---- a/src/daemon/entry/cri/errors.cc -+++ b/src/daemon/entry/cri/errors.cc -@@ -117,8 +117,7 @@ void Errors::Errorf(const char *fmt, ...) - - ret = vsnprintf(errbuf, BUFSIZ, fmt, argp); - va_end(argp); -- if (ret < 0 || ret >= BUFSIZ) { -- m_message = "Error message is too long"; -+ if (ret < 0) { - return; - } - -diff --git a/src/utils/cutils/error.h b/src/utils/cutils/error.h -index 28ad5dec..5a8dca99 100644 ---- a/src/utils/cutils/error.h -+++ b/src/utils/cutils/error.h -@@ -64,8 +64,7 @@ static inline void format_errorf(char **err, const char *format, ...) - - ret = vsnprintf(errbuf, BUFSIZ, format, argp); - va_end(argp); -- if (ret < 0 || ret >= BUFSIZ) { -- *err = util_strdup_s("Error is too long!!!"); -+ if (ret < 0) { - return; - } - -diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c -index a47c5644..010f48b9 100644 ---- a/src/utils/cutils/utils.c -+++ b/src/utils/cutils/utils.c -@@ -516,7 +516,7 @@ static void set_stderr_buf(char **stderr_buf, const char *format, ...) - int nret = vsnprintf(errbuf, BUFSIZ, format, argp); - va_end(argp); - -- if (nret < 0 || nret >= BUFSIZ) { -+ if (nret < 0) { - return; - } - --- -2.32.1 (Apple Git-133) - diff --git a/0030-gc-considers-stored-monitor-pid.patch b/0030-gc-considers-stored-monitor-pid.patch deleted file mode 100644 index 3ea5eec..0000000 --- a/0030-gc-considers-stored-monitor-pid.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 255208ba96242caed274a9659d6db2df51616d1b Mon Sep 17 00:00:00 2001 -From: vegbir -Date: Tue, 21 Jun 2022 22:06:53 +0800 -Subject: [PATCH 30/30] gc considers stored monitor pid - ---- - .../modules/container/restore/restore.c | 42 +++++++++++++++---- - 1 file changed, 34 insertions(+), 8 deletions(-) - -diff --git a/src/daemon/modules/container/restore/restore.c b/src/daemon/modules/container/restore/restore.c -index a7ee11a2..aca17a15 100644 ---- a/src/daemon/modules/container/restore/restore.c -+++ b/src/daemon/modules/container/restore/restore.c -@@ -98,12 +98,17 @@ out: - } - - /* post stopped container to gc */ --static int post_stopped_container_to_gc(const char *id, const char *runtime, const char *statepath, uint32_t pid) -+static int post_stopped_container_to_gc(const char *id, const char *runtime, const char *statepath, -+ const pid_ppid_info_t *old_pid_info) - { - int ret = 0; - pid_ppid_info_t pid_info = { 0 }; - -- (void)util_read_pid_ppid_info(pid, &pid_info); -+ (void)util_read_pid_ppid_info(old_pid_info->pid, &pid_info); -+ if (pid_info.ppid == 0) { -+ pid_info.ppid = old_pid_info->ppid; -+ pid_info.pstart_time = old_pid_info->pstart_time; -+ } - - if (gc_add_container(id, runtime, &pid_info)) { - ERROR("Failed to post container %s to garbage collector", id); -@@ -177,13 +182,17 @@ static void try_to_set_container_running(Container_Status status, container_t *c - static void restore_stopped_container(Container_Status status, const container_t *cont) - { - const char *id = cont->common_config->id; -- pid_t pid = 0; -+ pid_ppid_info_t pid_info = { 0 }; - - if (status != CONTAINER_STATUS_STOPPED && status != CONTAINER_STATUS_CREATED) { - if (util_process_alive(cont->state->state->pid, cont->state->state->start_time)) { -- pid = cont->state->state->pid; -+ pid_info.pid = cont->state->state->pid; -+ } -+ if (util_process_alive(cont->state->state->p_pid, cont->state->state->p_start_time)) { -+ pid_info.ppid = cont->state->state->p_pid; -+ pid_info.pstart_time = cont->state->state->p_start_time; - } -- int nret = post_stopped_container_to_gc(id, cont->runtime, cont->state_path, pid); -+ int nret = post_stopped_container_to_gc(id, cont->runtime, cont->state_path, &pid_info); - if (nret != 0) { - ERROR("Failed to post container %s to garbage" - "collector, that may lost some resources" -@@ -207,7 +216,13 @@ static void restore_running_container(Container_Status status, container_t *cont - container_state_reset_has_been_manual_stopped(cont->state); - } else { - ERROR("Failed to restore container:%s due to unable to read container pid information", id); -- nret = post_stopped_container_to_gc(id, cont->runtime, cont->state_path, 0); -+ pid_info.pid = 0; -+ pid_info.start_time = 0; -+ if (util_process_alive(cont->state->state->p_pid, cont->state->state->p_start_time)) { -+ pid_info.ppid = cont->state->state->p_pid; -+ pid_info.pstart_time = cont->state->state->p_start_time; -+ } -+ nret = post_stopped_container_to_gc(id, cont->runtime, cont->state_path, &pid_info); - if (nret != 0) { - ERROR("Failed to post container %s to garbage" - "collector, that may lost some resources" -@@ -233,7 +248,13 @@ static void restore_paused_container(Container_Status status, container_t *cont, - container_state_reset_has_been_manual_stopped(cont->state); - } else { - ERROR("Failed to restore container:%s due to unable to read container pid information", id); -- nret = post_stopped_container_to_gc(id, cont->runtime, cont->state_path, 0); -+ pid_info.pid = 0; -+ pid_info.start_time = 0; -+ if (util_process_alive(cont->state->state->p_pid, cont->state->state->p_start_time)) { -+ pid_info.ppid = cont->state->state->p_pid; -+ pid_info.pstart_time = cont->state->state->p_start_time; -+ } -+ nret = post_stopped_container_to_gc(id, cont->runtime, cont->state_path, &pid_info); - if (nret != 0) { - ERROR("Failed to post container %s to garbage" - "collector, that may lost some resources" -@@ -385,8 +406,13 @@ static void handle_restored_container() - if (container_is_running(cont->state)) { - if (restore_supervisor(cont) != 0) { - ERROR("Failed to restore %s supervisor, set state to stopped", id); -+ pid_ppid_info_t pid_info = { 0 }; -+ if (util_process_alive(cont->state->state->p_pid, cont->state->state->p_start_time)) { -+ pid_info.ppid = cont->state->state->p_pid; -+ pid_info.pstart_time = cont->state->state->p_start_time; -+ } - container_state_set_stopped(cont->state, 255); -- if (post_stopped_container_to_gc(id, cont->runtime, cont->state_path, 0) != 0) { -+ if (post_stopped_container_to_gc(id, cont->runtime, cont->state_path, &pid_info) != 0) { - ERROR("Failed to post container %s to garbage" - "collector, that may lost some resources" - "used with container!", --- -2.32.1 (Apple Git-133) - diff --git a/iSulad.spec b/iSulad.spec index 68ea047..d3a80f7 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ -%global _version 2.0.14 -%global _release 11 +%global _version 2.0.15 +%global _release 1 %global is_systemd 1 %global enable_shimv2 1 %global is_embedded 1 @@ -13,36 +13,6 @@ URL: https://gitee.com/openeuler/iSulad Source: https://gitee.com/openeuler/iSulad/repository/archive/v%{version}.tar.gz BuildRoot: {_tmppath}/iSulad-%{version} -Patch0001: 0001-do-not-mkdir-of-isulad-if-no-controller-found.patch -Patch0002: 0002-fix-install-error-when-android.patch -Patch0003: 0003-imp-fuzz-for-pw-gr-parser.patch -Patch0004: 0004-improve-fuzz-test.patch -Patch0005: 0005-Seccomp-optimization.patch -Patch0006: 0006-fix-different-type-convert.patch -Patch0007: 0007-add-pointer-parameters-NULL-check.patch -Patch0008: 0008-add-check-to-arguments.patch -Patch0009: 0009-remove-static-of-strlncat.patch -Patch0010: 0010-remove-check-parameter-label_opts-in-init_label.patch -Patch0011: 0011-update-seccomp-to-Linux-5.10-syscall-list.patch -Patch0012: 0012-fix-invalid-convert-and-format.patch -Patch0013: 0013-fix-get_network_namespace_path-check.patch -Patch0014: 0014-bugfix-for-double-free-and-use-after-free.patch -Patch0015: 0015-fix-isulad-shim-coredump-when-remove-ioc-fd-node.patch -Patch0016: 0016-do-not-fail-if-pw-is-not-NULL.patch -Patch0017: 0017-do-not-fail-if-gr-is-NULL.patch -Patch0018: 0018-fix-memory-leak-of-remove-layer.patch -Patch0019: 0019-add-null-terminal-at-end-of-gr-mem-list.patch -Patch0020: 0020-fix-shm-size-set-invalid-when-reboot.patch -Patch0021: 0021-set-the-name-of-each-container-and-image-operation-t.patch -Patch0022: 0022-set-the-name-of-each-container-and-image-operation-t.patch -Patch0023: 0023-fix-inspect-f-error-when-bionic.patch -Patch0024: 0024-refactor-devmapper_parse_options-function.patch -Patch0025: 0025-refactor-parse_volume-function.patch -Patch0026: 0026-fix-parse-volume-failed.patch -Patch0027: 0027-use-util_smart_calloc_t-to-prevent-overflow.patch -Patch0028: 0028-increase-websocket-lws_lookup-size.patch -Patch0029: 0029-fix-misuse-of-BUFSIZ.patch -Patch0030: 0030-gc-considers-stored-monitor-pid.patch %ifarch x86_64 aarch64 Provides: libhttpclient.so()(64bit) @@ -270,6 +240,12 @@ fi %endif %changelog +* Fri Jul 8 2022 haozi007 - 2.0.15-1 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: update version to v2.0.15 + * Fri Jul 8 2022 haozi007 - 2.0.14-11 - Type: enhancement - ID: NA diff --git a/v2.0.14.tar.gz b/v2.0.15.tar.gz similarity index 52% rename from v2.0.14.tar.gz rename to v2.0.15.tar.gz index 9878f47..6266bc6 100644 Binary files a/v2.0.14.tar.gz and b/v2.0.15.tar.gz differ