!3 同步代码

Merge pull request !3 from Grooooot/12.29.1

cmake/checker.cmake

@@ -47,12 +47,6 @@ find_library(ZLIB_LIBRARY z
   HINTS ${PC_ZLIB_LIBDIR} ${PC_ZLIB_LIBRARY_DIRS})
 _CHECK(ZLIB_LIBRARY "ZLIB_LIBRARY-NOTFOUND" "libz.so")
 
-# check securec
-find_path(LIBSECUREC_INCLUDE_DIR securec.h)
-_CHECK(LIBSECUREC_INCLUDE_DIR "LIBSECUREC_INCLUDE_DIR-NOTFOUND" "securec.h")
-find_library(LIBSECUREC_LIBRARY securec)
-_CHECK(LIBSECUREC_LIBRARY "LIBSECUREC_LIBRARY-NOTFOUND" "libsecurec.so")
-
 # check libyajl
 pkg_check_modules(PC_LIBYAJL REQUIRED "yajl>=2")
 find_path(LIBYAJL_INCLUDE_DIR yajl/yajl_tree.h
@@ -80,13 +74,7 @@ if (OPENSSL_VERIFY)
     _CHECK(OPENSSL_INCLUDE_DIR "OPENSSL_INCLUDE_DIR-NOTFOUND" "openssl/x509.h")
 endif()
 
-if (GRPC_CONNECTOR)
+if (GRPC_CONNECTOR OR ENABLE_OCI_IMAGE)
-    # check websocket
-    find_path(WEBSOCKET_INCLUDE_DIR libwebsockets.h)
-    _CHECK(WEBSOCKET_INCLUDE_DIR "WEBSOCKET_INCLUDE_DIR-NOTFOUND" libwebsockets.h)
-    find_library(WEBSOCKET_LIBRARY websockets)
-    _CHECK(WEBSOCKET_LIBRARY "WEBSOCKET_LIBRARY-NOTFOUND" "libwebsockets.so")
-
     # check protobuf
     pkg_check_modules(PC_PROTOBUF "protobuf>=3.1.0")
     find_library(PROTOBUF_LIBRARY protobuf
@@ -110,6 +98,15 @@ if (GRPC_CONNECTOR)
     find_library(GPR_LIBRARY gpr)
     _CHECK(GPR_LIBRARY "GPR_LIBRARY-NOTFOUND" "libgpr.so")
 
+endif()
+
+if (GRPC_CONNECTOR)
+    # check websocket
+    find_path(WEBSOCKET_INCLUDE_DIR libwebsockets.h)
+    _CHECK(WEBSOCKET_INCLUDE_DIR "WEBSOCKET_INCLUDE_DIR-NOTFOUND" libwebsockets.h)
+    find_library(WEBSOCKET_LIBRARY websockets)
+    _CHECK(WEBSOCKET_LIBRARY "WEBSOCKET_LIBRARY-NOTFOUND" "libwebsockets.so")
+
     # check clibcni
     pkg_check_modules(PC_CLIBCNI REQUIRED "clibcni")
     find_path(CLIBCNI_INCLUDE_DIR clibcni/api.h
@@ -136,7 +133,7 @@ else()
     _CHECK(EVHTP_LIBRARY "EVHTP_LIBRARY-NOTFOUND" "libevhtp.so")
 endif()
 
-if (ENABLE_EMBEDDED)
+if (ENABLE_EMBEDDED_IMAGE)
     pkg_check_modules(PC_SQLITE3 "sqlite3>=3.7.17")
     find_path(SQLIT3_INCLUDE_DIR sqlite3.h
         HINTS ${PC_SQLITE3_INCLUDEDIR} ${PC_SQLITE3_INCLUDE_DIRS})

cmake/options.cmake

@@ -33,7 +33,7 @@ endif()
 
 option(VERSION "set lcrd version" ON)
 if (VERSION STREQUAL "ON")
-    set(LCRD_VERSION "1.1.2")
+    set(LCRD_VERSION "1.1.4")
 endif()
 
 option(DEBUG "set lcrd gcc option" ON)
@@ -45,3 +45,18 @@ option(GCOV "set lcrd gcov option" OFF)
 if (GCOV STREQUAL "ON")
     set(ISULAD_GCOV "ON")
 endif()
+
+# set OCI image server type
+option(DISABLE_OCI "disable oci image" OFF)
+if (DISABLE_OCI STREQUAL "ON")
+    message("Disable OCI image")
+else()
+    add_definitions(-DENABLE_OCI_IMAGE=1)
+    set(ENABLE_OCI_IMAGE 2)
+endif()
+
+option(ENABLE_EMBEDDED "enable embedded image" OFF)
+if (ENABLE_EMBEDDED STREQUAL "ON")
+    add_definitions(-DENABLE_EMBEDDED_IMAGE=1)
+    set(ENABLE_EMBEDDED_IMAGE 1)
+endif()

cmake/protoc.cmake

@@ -6,11 +6,9 @@ set(TYPES_PROTOS_OUT_PATH ${GRPC_OUT_PRE_PATH}/src/api/types)
 set(CONTAINER_PROTOS_OUT_PATH ${GRPC_OUT_PRE_PATH}/src/api/services/containers)
 set(IMAGE_PROTOS_OUT_PATH ${GRPC_OUT_PRE_PATH}/src/api/services/images)
 set(CRI_PROTOS_OUT_PATH ${GRPC_OUT_PRE_PATH}/src/api/services/cri)
+set(IMAGE_SERVICE_PROTOS_OUT_PATH ${GRPC_OUT_PRE_PATH}/src/api/image_client)
 
 execute_process(COMMAND mkdir -p ${TYPES_PROTOS_OUT_PATH})
-execute_process(COMMAND mkdir -p ${CONTAINER_PROTOS_OUT_PATH})
-execute_process(COMMAND mkdir -p ${IMAGE_PROTOS_OUT_PATH})
-execute_process(COMMAND mkdir -p ${CRI_PROTOS_OUT_PATH})
 
 execute_process(COMMAND ${CMD_PROTOC} -I ${TYPES_PROTOS_PATH} --cpp_out=${TYPES_PROTOS_OUT_PATH} 
     ${TYPES_PROTOS_PATH}/descriptor.proto ERROR_VARIABLE types_err)
@@ -19,44 +17,71 @@ if (types_err)
     message(FATAL_ERROR ${types_err})
 endif()
 
-execute_process(COMMAND ${CMD_PROTOC} -I ${PROTOS_PATH}/containers --cpp_out=${CONTAINER_PROTOS_OUT_PATH} 
+if (GRPC_CONNECTOR)
-	${PROTOS_PATH}/containers/container.proto ERROR_VARIABLE containers_err)
+    message("---------------Generate GRPC proto-----------------------")
-if (containers_err)
+    execute_process(COMMAND mkdir -p ${CONTAINER_PROTOS_OUT_PATH})
-    message("Parse containers.proto failed: ")
+    execute_process(COMMAND mkdir -p ${IMAGE_PROTOS_OUT_PATH})
-    message(FATAL_ERROR ${containers_err})
+    execute_process(COMMAND mkdir -p ${CRI_PROTOS_OUT_PATH})
+    execute_process(COMMAND ${CMD_PROTOC} -I ${PROTOS_PATH}/containers --cpp_out=${CONTAINER_PROTOS_OUT_PATH} 
+        ${PROTOS_PATH}/containers/container.proto ERROR_VARIABLE containers_err)
+    if (containers_err)
+        message("Parse containers.proto failed: ")
+        message(FATAL_ERROR ${containers_err})
+    endif()
+
+    execute_process(COMMAND ${CMD_PROTOC} -I ${PROTOS_PATH}/containers --grpc_out=${CONTAINER_PROTOS_OUT_PATH} 
+        --plugin=protoc-gen-grpc=${CMD_GRPC_CPP_PLUGIN} ${PROTOS_PATH}/containers/container.proto ERROR_VARIABLE containers_err)
+    if (containers_err)
+        message("Parse containers.proto plugin failed: ")
+        message(FATAL_ERROR ${containers_err})
+    endif()
+
+    execute_process(COMMAND ${CMD_PROTOC} -I ${PROTOS_PATH}/images -I ${TYPES_PROTOS_PATH} 
+        --cpp_out=${IMAGE_PROTOS_OUT_PATH} ${PROTOS_PATH}/images/images.proto ERROR_VARIABLE images_err)
+    if (images_err)
+        message("Parse images.proto failed: ")
+        message(FATAL_ERROR ${images_err})
+    endif()
+
+    execute_process(COMMAND ${CMD_PROTOC} -I ${PROTOS_PATH}/images -I ${TYPES_PROTOS_PATH} --grpc_out=${IMAGE_PROTOS_OUT_PATH} 
+        --plugin=protoc-gen-grpc=${CMD_GRPC_CPP_PLUGIN} ${PROTOS_PATH}/images/images.proto ERROR_VARIABLE images_err)
+    if (images_err)
+        message("Parse images.proto plugin failed: ")
+        message(FATAL_ERROR ${images_err})
+    endif()
+
+    execute_process(COMMAND ${CMD_PROTOC} -I ${PROTOS_PATH}/cri --cpp_out=${CRI_PROTOS_OUT_PATH} ${PROTOS_PATH}/cri/api.proto 
+        ERROR_VARIABLE cri_err)
+    if (cri_err)
+        message("Parse cri.proto failed: ")
+        message(FATAL_ERROR ${cri_err})
+    endif()
+
+    execute_process(COMMAND ${CMD_PROTOC} -I ${PROTOS_PATH}/cri --grpc_out=${CRI_PROTOS_OUT_PATH} 
+        --plugin=protoc-gen-grpc=${CMD_GRPC_CPP_PLUGIN} ${PROTOS_PATH}/cri/api.proto ERROR_VARIABLE cri_err)
+    if (cri_err)
+        message("Parse cri.proto plugin failed: ")
+        message(FATAL_ERROR ${cri_err})
+    endif()
 endif()
 
-execute_process(COMMAND ${CMD_PROTOC} -I ${PROTOS_PATH}/containers --grpc_out=${CONTAINER_PROTOS_OUT_PATH} 
+
-	--plugin=protoc-gen-grpc=${CMD_GRPC_CPP_PLUGIN} ${PROTOS_PATH}/containers/container.proto ERROR_VARIABLE containers_err)
+if (ENABLE_OCI_IMAGE)
-if (containers_err)
+    message("---------------Generate OCI image proto-----------------------")
-    message("Parse containers.proto plugin failed: ")
+    execute_process(COMMAND mkdir -p ${IMAGE_SERVICE_PROTOS_OUT_PATH})
-    message(FATAL_ERROR ${containers_err})
+    execute_process(COMMAND ${CMD_PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR}/src/api/image_client --cpp_out=${IMAGE_SERVICE_PROTOS_OUT_PATH}
+        ${CMAKE_CURRENT_SOURCE_DIR}/src/api/image_client/isula_image.proto ERROR_VARIABLE image_client_err)
+    if (image_client_err)
+        message("Parse image client api.proto failed: ")
+        message(FATAL_ERROR ${image_client_err})
+    endif()
+
+    execute_process(COMMAND ${CMD_PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR}/src/api/image_client --grpc_out=${IMAGE_SERVICE_PROTOS_OUT_PATH}
+        --plugin=protoc-gen-grpc=${CMD_GRPC_CPP_PLUGIN} ${CMAKE_CURRENT_SOURCE_DIR}/src/api/image_client/isula_image.proto
+        ERROR_VARIABLE image_client_err)
 endif()
 
-execute_process(COMMAND ${CMD_PROTOC} -I ${PROTOS_PATH}/images -I ${TYPES_PROTOS_PATH} 
+if (image_client_err)
-	--cpp_out=${IMAGE_PROTOS_OUT_PATH} ${PROTOS_PATH}/images/images.proto ERROR_VARIABLE images_err)
+	message("Parse image client api.proto plugin failed: ")
-if (images_err)
+	message(FATAL_ERROR ${image_client_err})
-    message("Parse images.proto failed: ")
-    message(FATAL_ERROR ${images_err})
-endif()
-
-execute_process(COMMAND ${CMD_PROTOC} -I ${PROTOS_PATH}/images -I ${TYPES_PROTOS_PATH} --grpc_out=${IMAGE_PROTOS_OUT_PATH} 
-	--plugin=protoc-gen-grpc=${CMD_GRPC_CPP_PLUGIN} ${PROTOS_PATH}/images/images.proto ERROR_VARIABLE images_err)
-if (images_err)
-    message("Parse images.proto plugin failed: ")
-    message(FATAL_ERROR ${images_err})
-endif()
-
-execute_process(COMMAND ${CMD_PROTOC} -I ${PROTOS_PATH}/cri --cpp_out=${CRI_PROTOS_OUT_PATH} ${PROTOS_PATH}/cri/api.proto 
-	ERROR_VARIABLE cri_err)
-if (cri_err)
-    message("Parse cri.proto failed: ")
-    message(FATAL_ERROR ${cri_err})
-endif()
-
-execute_process(COMMAND ${CMD_PROTOC} -I ${PROTOS_PATH}/cri --grpc_out=${CRI_PROTOS_OUT_PATH} 
-	--plugin=protoc-gen-grpc=${CMD_GRPC_CPP_PLUGIN} ${PROTOS_PATH}/cri/api.proto ERROR_VARIABLE cri_err)
-if (cri_err)
-    message("Parse cri.proto plugin failed: ")
-    message(FATAL_ERROR ${cri_err})
 endif()

cmake/set_build_flags.cmake

@@ -1,6 +1,6 @@
 # set common FLAGS
 set(CMAKE_C_FLAGS "-fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wall -Werror -rdynamic")
-if (GRPC_CONNECTOR)
+if (GRPC_CONNECTOR OR ENABLE_OCI_IMAGE)
     set(CMAKE_CXX_FLAGS "-fPIC -std=c++11 -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wall -Werror")
 endif()
 set(CMAKE_SHARED_LINKER_FLAGS "-Wl,-E -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines -fPIE -pie -shared -pthread")

iSulad.spec

@@ -1,5 +1,5 @@
-%global _version 1.1.2
+%global _version 1.1.4
-%global _release 20191224.232827.git9001f2f6
+%global _release 20191226.061440.gitfa7769d5
 %global is_systemd 1
 %global debug_package %{nil}
 
@@ -31,14 +31,14 @@ Requires(preun): initscripts
 
 BuildRequires: cmake gcc-c++ lxc lxc-devel lcr yajl yajl-devel clibcni-devel
 BuildRequires: grpc grpc-devel protobuf-devel
-BuildRequires: libsecurec libsecurec-devel libcurl libcurl-devel sqlite-devel
+BuildRequires: libcurl libcurl-devel sqlite-devel
 BuildRequires: http-parser-devel libevhtp-devel libevent-devel
 BuildRequires: libseccomp-devel libcap-devel libwebsockets libwebsockets-devel
 BuildRequires: systemd-devel git
 
 Requires:      iSulad-kit lcr lxc clibcni
 Requires:      grpc protobuf yajl
-Requires:      libcurl libsecurec
+Requires:      libcurl
 Requires:      sqlite http-parser libseccomp
 Requires:      libcap libwebsockets
 Requires:      libevhtp libevent systemd

src/cmd/commander.c

@@ -21,7 +21,6 @@
 #include <assert.h>
 #include <regex.h>
 #include <limits.h>
-#include "securec.h"
 #include "liblcrd.h"
 
 #include "utils.h"
@@ -115,10 +114,7 @@ int command_valid_socket(command_option_t *option, const char *arg)
 void command_init(command_t *self, command_option_t *opts, int opts_len, int argc, const char **argv,
                   const char *description, const char *usage)
 {
-    if (memset_s(self, sizeof(command_t), 0, sizeof(command_t)) != EOK) {
+    (void)memset(self, 0, sizeof(command_t));
-        COMMAND_ERROR("Failed to set memory");
-        return;
-    }
     self->name = argv[0];
     self->argc = argc - 2;
     self->argv = argv + 2;

src/cmd/lcrc/arguments.c

@@ -23,7 +23,6 @@
 #include "error.h"
 #include "commander.h"
 #include "log.h"
-#include "securec.h"
 #include "utils.h"
 #include "constants.h"
 
@@ -129,15 +128,9 @@ int client_arguments_init(struct client_arguments *args)
         args->socket = util_strdup_s(DEFAULT_UNIX_SOCKET);
     }
 
-    if (memset_s(&args->custom_conf, sizeof(args->custom_conf), 0x00, sizeof(struct custom_configs)) != EOK) {
+    (void)memset(&args->custom_conf, 0, sizeof(struct custom_configs));
-        COMMAND_ERROR("Failed to set memory");
+    (void)memset(&args->cr, 0, sizeof(struct args_cgroup_resources));
-        return -1;
-    }
 
-    if (memset_s(&args->cr, sizeof(args->cr), 0x00, sizeof(struct args_cgroup_resources)) != EOK) {
-        COMMAND_ERROR("Failed to set memory");
-        return -1;
-    }
     if (set_default_tls_options(args) != 0) {
         return -1;
     }

src/cmd/lcrc/base/create.c

@@ -22,7 +22,6 @@
 
 #include "namespace.h"
 #include "error.h"
-#include "securec.h"
 #include "arguments.h"
 #include "log.h"
 #include "utils.h"
@@ -295,6 +294,7 @@ static int validate_env(const char *env, char **dst)
         *dst = util_strdup_s(env);
         goto out;
     } else {
+        int sret;
         size_t len = strlen(env) + 1 + strlen(value) + 1;
         *dst = (char *)util_common_calloc_s(len);
         if (*dst == NULL) {
@@ -302,7 +302,8 @@ static int validate_env(const char *env, char **dst)
             ret = -1;
             goto out;
         }
-        if (sprintf_s(*dst, len, "%s=%s", env, value) < 0) {
+        sret = snprintf(*dst, len, "%s=%s", env, value);
+        if (sret < 0 || (size_t)sret >= len) {
             ERROR("Failed to compose env string");
             ret = -1;
             goto out;

src/cmd/lcrc/base/kill.c

@@ -13,7 +13,6 @@
  * Description: provide container kill functions
  ******************************************************************************/
 #include "error.h"
-#include "securec.h"
 #include "arguments.h"
 #include "kill.h"
 #include "log.h"

src/cmd/lcrc/base/rename.c

@@ -13,7 +13,6 @@
  * Description: provide container stop functions
  ******************************************************************************/
 #include "rename.h"
-#include "securec.h"
 #include "arguments.h"
 #include "log.h"
 #include "utils.h"

src/cmd/lcrc/base/restart.c

@@ -13,7 +13,6 @@
  * Description: provide container restart functions
  ******************************************************************************/
 #include <unistd.h>
-#include <securec.h>
 
 #include "restart.h"
 #include "arguments.h"

src/cmd/lcrc/base/rm.c

@@ -20,7 +20,6 @@
 #include "commands.h"
 #include "console.h"
 #include "utils.h"
-#include "securec.h"
 
 const char g_cmd_delete_desc[] = "Remove one or more containers";
 const char g_cmd_delete_usage[] = "rm [OPTIONS] CONTAINER [CONTAINER...]";

src/cmd/lcrc/base/start.c

@@ -19,7 +19,6 @@
 #include <malloc.h>
 
 #include "error.h"
-#include "securec.h"
 #include "arguments.h"
 #include "commander.h"
 #include "start.h"

src/cmd/lcrc/base/stop.c

@@ -13,7 +13,6 @@
  * Description: provide container stop functions
  ******************************************************************************/
 #include "stop.h"
-#include "securec.h"
 #include "arguments.h"
 #include "log.h"
 #include "utils.h"

src/cmd/lcrc/commands.c

@@ -19,7 +19,6 @@
 #include <limits.h>
 #include <pthread.h>
 #include <syslog.h>
-#include "securec.h"
 
 #include "arguments.h"
 #include "config.h"
@@ -55,8 +54,8 @@ static void send_msg_to_syslog(int argc, const char **argv)
     }
     ppid = getppid();
     // get parent cmdline, "/proc/ppid/cmdline"
-    nret = sprintf_s(cmdline_path, PATH_MAX, "/proc/%d/cmdline", ppid);
+    nret = snprintf(cmdline_path, PATH_MAX, "/proc/%d/cmdline", ppid);
-    if (nret < 0) {
+    if (nret < 0 || nret >= PATH_MAX) {
         COMMAND_ERROR("Get parent '%d' cmdline path failed", ppid);
         return;
     }
@@ -304,9 +303,9 @@ int create_console_fifos(bool attach_stdin, bool attach_stdout, bool attach_stde
         return -1;
     }
 
-    ret = sprintf_s(subpath, sizeof(subpath), "%s/%s-%u-%u", name, type, (unsigned int)getpid(),
+    ret = snprintf(subpath, sizeof(subpath), "%s/%s-%u-%u", name, type, (unsigned int)getpid(),
-                    (unsigned int)pthread_self());
+                   (unsigned int)pthread_self());
-    if (ret < 0) {
+    if (ret < 0 || (size_t)ret >= sizeof(subpath)) {
         ERROR("Path is too long");
         goto cleanup;
     }

src/cmd/lcrc/extend/events.c

@@ -17,7 +17,6 @@
 #include "arguments.h"
 #include "log.h"
 #include "lcrc_connect.h"
-#include "securec.h"
 
 const char g_cmd_events_desc[] = "Get real time events from the server";
 const char g_cmd_events_usage[] = "events [command options]";

src/cmd/lcrc/extend/export.c

@@ -14,7 +14,6 @@
  ******************************************************************************/
 #include "export.h"
 #include <limits.h>
-#include "securec.h"
 #include "utils.h"
 #include "arguments.h"
 #include "log.h"
@@ -31,17 +30,12 @@ struct client_arguments g_cmd_export_args = {};
 static int client_export(const struct client_arguments *args)
 {
     int ret = 0;
-    errno_t mret;
     lcrc_connect_ops *ops = NULL;
     struct lcrc_export_request request;
     struct lcrc_export_response *response = NULL;
     client_connect_config_t config = { 0 };
 
-    mret = memset_s(&request, sizeof(request), 0x00, sizeof(request));
+    (void)memset(&request, 0, sizeof(request));
-    if (mret != EOK) {
-        ERROR("Failed to memset export request");
-        return -1;
-    }
     response = util_common_calloc_s(sizeof(struct lcrc_export_response));
     if (response == NULL) {
         ERROR("Resume: Out of memory");
@@ -110,13 +104,14 @@ int cmd_export_main(int argc, const char **argv)
 
     /* If it's not a absolute path, add cwd to be absolute path */
     if (g_cmd_export_args.file[0] != '/') {
+        int sret;
         char cwd[PATH_MAX] = { 0 };
         if (!getcwd(cwd, sizeof(cwd))) {
             COMMAND_ERROR("get cwd failed:%s", strerror(errno));
             exit(ECOMMON);
         }
-
+        sret = snprintf(file, sizeof(file), "%s/%s", cwd, g_cmd_export_args.file);
-        if (sprintf_s(file, sizeof(file), "%s/%s", cwd, g_cmd_export_args.file) < 0) {
+        if (sret < 0 || (size_t)sret >= sizeof(file)) {
             COMMAND_ERROR("filename too long");
             exit(EINVALIDARGS);
         }

src/cmd/lcrc/extend/pause.c

@@ -13,7 +13,6 @@
  * Description: provide container pause functions
  ******************************************************************************/
 #include "pause.h"
-#include "securec.h"
 #include "utils.h"
 #include "arguments.h"
 #include "log.h"

src/cmd/lcrc/extend/resume.c

@@ -13,7 +13,6 @@
  * Description: provide container resume functions
  ******************************************************************************/
 #include "resume.h"
-#include "securec.h"
 #include "utils.h"
 #include "arguments.h"
 #include "log.h"

src/cmd/lcrc/extend/stats.c

@@ -26,7 +26,6 @@
 #include <sys/ioctl.h>
 
 #include "error.h"
-#include "securec.h"
 #include "arguments.h"
 #include "stats.h"
 #include "utils.h"
@@ -54,20 +53,20 @@ static void lcrc_size_humanize(unsigned long long val, char *buf, size_t bufsz)
 {
     int ret = 0;
     if (val > 1024 * 1024 * 1024) {
-        ret = sprintf_s(buf, bufsz, "%u.%.2u GiB", (unsigned int)(val >> 30),
+        ret = snprintf(buf, bufsz, "%u.%.2u GiB", (unsigned int)(val >> 30),
-                        (unsigned int)(val & ((1 << 30) - 1)) / 10737419);
+                       (unsigned int)(val & ((1 << 30) - 1)) / 10737419);
     } else if (val > 1024 * 1024) {
         unsigned long long x = val + 5243; /* for rounding */
-        ret = sprintf_s(buf, bufsz, "%u.%.2u MiB", (unsigned int)(x >> 20),
+        ret = snprintf(buf, bufsz, "%u.%.2u MiB", (unsigned int)(x >> 20),
-                        (unsigned int)(((x & ((1 << 20) - 1)) * 100) >> 20));
+                       (unsigned int)(((x & ((1 << 20) - 1)) * 100) >> 20));
     } else if (val > 1024) {
         unsigned long long x = val + 5; /* for rounding */
-        ret = sprintf_s(buf, bufsz, "%u.%.2u KiB", (unsigned int)(x >> 10),
+        ret = snprintf(buf, bufsz, "%u.%.2u KiB", (unsigned int)(x >> 10),
-                        (unsigned int)(((x & ((1 << 10) - 1)) * 100) >> 10));
+                       (unsigned int)(((x & ((1 << 10) - 1)) * 100) >> 10));
     } else {
-        ret = sprintf_s(buf, bufsz, "%u.00 B", (unsigned int)val);
+        ret = snprintf(buf, bufsz, "%u.00 B", (unsigned int)val);
     }
-    if (ret < 0) {
+    if (ret < 0 || (size_t)ret >= bufsz) {
         ERROR("Humanize sprintf failed!");
     }
 }
@@ -100,13 +99,13 @@ static void stats_print(const struct lcrc_container_info *stats)
     lcrc_size_humanize(stats->mem_used, mem_used_str, sizeof(mem_used_str));
     lcrc_size_humanize(stats->mem_limit, mem_limit_str, sizeof(mem_limit_str));
 
-    len = sprintf_s(iosb_str, sizeof(iosb_str), "%s / %s", iosb_read_str, iosb_write_str);
+    len = snprintf(iosb_str, sizeof(iosb_str), "%s / %s", iosb_read_str, iosb_write_str);
-    if (len < 0) {
+    if (len < 0 || (size_t)len >= sizeof(iosb_str)) {
         ERROR("Sprintf iosb_str failed");
         return;
     }
-    len = sprintf_s(mem_str, sizeof(mem_str), "%s / %s", mem_used_str, mem_limit_str);
+    len = snprintf(mem_str, sizeof(mem_str), "%s / %s", mem_used_str, mem_limit_str);
-    if (len < 0) {
+    if (len < 0 || (size_t)len >= sizeof(mem_str)) {
         ERROR("Sprintf mem_str failed");
         return;
     }

src/cmd/lcrc/extend/update.c

@@ -14,7 +14,6 @@
  ******************************************************************************/
 #include <string.h>
 #include <errno.h>
-#include "securec.h"
 #include "arguments.h"
 #include "update.h"
 #include "utils.h"

src/cmd/lcrc/images/images.c

@@ -18,7 +18,6 @@
 #include <unistd.h>
 #include <limits.h>
 #include <string.h>
-#include "securec.h"
 
 #include "utils.h"
 #include "arguments.h"
@@ -60,9 +59,9 @@ static char *trans_time(int64_t created)
         return NULL;
     }
 
-    nret = sprintf_s(formated_time, sizeof(formated_time), "%04d-%02d-%02d %02d:%02d:%02d", t.tm_year + 1900,
+    nret = snprintf(formated_time, sizeof(formated_time), "%04d-%02d-%02d %02d:%02d:%02d", t.tm_year + 1900,
-                     t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec);
+                    t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec);
-    if (nret < 0) {
+    if (nret < 0 || nret >= sizeof(formated_time)) {
         ERROR("format created time failed");
         return NULL;
     }
@@ -187,8 +186,8 @@ static void list_field_width(const struct lcrc_image_info *images_list, const si
             }
         }
 
-        slen = sprintf_s(tmpbuffer, sizeof(tmpbuffer), "%.2f", (float)(in->size) / (1024 * 1024));
+        slen = snprintf(tmpbuffer, sizeof(tmpbuffer), "%.2f", (float)(in->size) / (1024 * 1024));
-        if (slen < 0) {
+        if (slen < 0 || (size_t)slen >= sizeof(tmpbuffer)) {
             ERROR("sprintf tmpbuffer failed");
             return;
         }

src/cmd/lcrc/images/load.c

@@ -18,7 +18,6 @@
 #include <limits.h>
 #include <string.h>
 #include <errno.h>
-#include "securec.h"
 
 #include "utils.h"
 #include "arguments.h"
@@ -150,13 +149,15 @@ int cmd_load_main(int argc, const char **argv)
     /* If it's not a absolute path, add cwd to be absolute path */
     if (g_cmd_load_args.file[0] != '/') {
         char cwd[PATH_MAX] = { 0 };
+        int len;
 
         if (!getcwd(cwd, sizeof(cwd))) {
             COMMAND_ERROR("get cwd failed:%s", strerror(errno));
             exit(exit_code);
         }
 
-        if (sprintf_s(file, sizeof(file), "%s/%s", cwd, g_cmd_load_args.file) < 0) {
+        len = snprintf(file, sizeof(file), "%s/%s", cwd, g_cmd_load_args.file);
+        if (len < 0 || (size_t)len >= sizeof(file)) {
             COMMAND_ERROR("filename too long");
             exit(exit_code);
         }

src/cmd/lcrc/images/login.c

@@ -19,7 +19,6 @@
 #include <limits.h>
 #include <string.h>
 #include <errno.h>
-#include "securec.h"
 
 #include "utils.h"
 #include "arguments.h"
@@ -104,9 +103,7 @@ static int get_password_from_notty(struct client_arguments *args)
             return -1;
         }
         args->password = util_strdup_s(password);
-        if (memset_s(password, sizeof(password), 0, sizeof(password)) != EOK) {
+        (void)memset(password, 0, sizeof(password));
-            ERROR("Failed to memset sensitive string memory");
-        }
     }
 
     return 0;
@@ -152,9 +149,7 @@ static int get_auth_from_terminal(struct client_arguments *args)
             return -1;
         }
         args->password = util_strdup_s(password);
-        if (memset_s(password, sizeof(password), 0, sizeof(password)) != EOK) {
+        (void)memset(password, 0, sizeof(password));
-            ERROR("Failed to memset sensitive string memory");
-        }
     }
 
     return 0;

src/cmd/lcrc/images/logout.c

@@ -18,7 +18,6 @@
 #include <unistd.h>
 #include <limits.h>
 #include <string.h>
-#include "securec.h"
 
 #include "utils.h"
 #include "arguments.h"

src/cmd/lcrc/images/pull.c

@@ -18,7 +18,6 @@
 #include <unistd.h>
 #include <limits.h>
 #include <string.h>
-#include "securec.h"
 
 #include "utils.h"
 #include "arguments.h"

src/cmd/lcrc/images/rmi.c

@@ -17,7 +17,6 @@
 #include <unistd.h>
 #include <limits.h>
 #include <string.h>
-#include "securec.h"
 
 #include "utils.h"
 #include "arguments.h"

src/cmd/lcrc/information/health.c

@@ -13,7 +13,6 @@
  * Description: provide container health functions
  ******************************************************************************/
 #include "health.h"
-#include "securec.h"
 #include "utils.h"
 #include "arguments.h"
 #include "log.h"

src/cmd/lcrc/information/info.c

@@ -14,7 +14,6 @@
  ******************************************************************************/
 #include "info.h"
 #include <stdio.h>
-#include "securec.h"
 
 #include "utils.h"
 #include "arguments.h"

src/cmd/lcrc/information/inspect.c

@@ -19,7 +19,6 @@
 #include "lcrc_connect.h"
 #include "console.h"
 #include "utils.h"
-#include "securec.h"
 #include "json_common.h"
 #include <regex.h>
 
@@ -85,7 +84,7 @@ static yajl_val json_object(yajl_val element, char *key)
     char *top_key = key;
     char *next_context = NULL;
 
-    top_key = strtok_s(top_key, ".", &next_context);
+    top_key = strtok_r(top_key, ".", &next_context);
     if (top_key == NULL) {
         return NULL;
     }
@@ -111,7 +110,7 @@ static yajl_val json_array(yajl_val element, char *key)
     if (YAJL_GET_ARRAY(element) != NULL) {
         size = YAJL_GET_ARRAY(element)->len;
     }
-    top_key = strtok_s(top_key, ".", &next_context);
+    top_key = strtok_r(top_key, ".", &next_context);
     if (top_key == NULL) {
         return NULL;
     }
@@ -616,7 +615,7 @@ static char *inspect_pause_filter(const char *arg)
 
     input_str = util_strdup_s(arg);
 
-    p = strtok_s(input_str, ".", &next_context);
+    p = strtok_r(input_str, ".", &next_context);
     if (p == NULL) {
         goto out;
     }
@@ -626,7 +625,7 @@ static char *inspect_pause_filter(const char *arg)
         goto out;
     }
 
-    p = strtok_s(p, " }", &next_context);
+    p = strtok_r(p, " }", &next_context);
     if (p == NULL) {
         goto out;
     }

src/cmd/lcrc/information/logs.c

@@ -24,7 +24,6 @@
 #include <errno.h>
 #include "error.h"
 
-#include "securec.h"
 #include "logs.h"
 #include "arguments.h"
 #include "log.h"

src/cmd/lcrc/information/ps.c

@@ -19,7 +19,6 @@
 #include <ctype.h>
 #include <regex.h>
 #include <errno.h>
-#include "securec.h"
 #include "arguments.h"
 #include "ps.h"
 #include "utils.h"
@@ -162,21 +161,11 @@ static int mix_container_state(const struct lcrc_container_summary_info *in, cha
 
     container_status = lcrc_lcrsta2str(in->status);
     if (container_status == NULL) {
-        ret = strcpy_s(state, len, "-");
+        (void)strcpy(state, "-");
-        if (ret < 0) {
-            ERROR("Failed to copy string");
-            ret = -1;
-            goto out;
-        }
     } else {
-        if (strcpy_s(state, len, container_status) != EOK) {
+        (void)strcpy(state, container_status);
-            ERROR("Failed to copy string");
-            ret = -1;
-            goto out;
-        }
     }
 
-out:
     return ret;
 }
 
@@ -184,15 +173,18 @@ static int handle_running_status(const char *start_at, const struct lcrc_contain
                                  char *status, size_t len)
 {
     int ret = 0;
+    int nret;
 
     if (in->health_state != NULL) {
-        if (sprintf_s(status, len, "Up %s %s", start_at, in->health_state) < 0) {
+        nret = snprintf(status, len, "Up %s %s", start_at, in->health_state);
+        if (nret < 0 || nret >= len) {
             ERROR("Failed to compose string");
             ret = -1;
             goto out;
         }
     } else {
-        if (sprintf_s(status, len, "Up %s",  start_at) < 0) {
+        nret = snprintf(status, len, "Up %s",  start_at);
+        if (nret < 0 || nret >= len) {
             ERROR("Failed to compose string");
             ret = -1;
             goto out;
@@ -206,6 +198,7 @@ out:
 static int mix_container_status(const struct lcrc_container_summary_info *in, char *status, size_t len)
 {
     int ret = -1;
+    int sret = 0;
     char startat_duration[TIME_DURATION_MAX_LEN] = { 0 };
     char finishat_duration[TIME_DURATION_MAX_LEN] = { 0 };
     char *start_at = NULL;
@@ -219,24 +212,19 @@ static int mix_container_status(const struct lcrc_container_summary_info *in, ch
         if (handle_running_status(start_at, in, status, len) != 0) {
             goto out;
         }
-    } else if (in->status == CONTAINER_STATUS_CREATED) {
-        if (sprintf_s(status, len, "Created") < 0) {
-            goto out;
-        }
-    } else if (in->status == CONTAINER_STATUS_RESTARTING) {
-        if (sprintf_s(status, len, "Restarting (%d) %s", (int)in->exit_code, finish_at) < 0) {
-            goto out;
-        }
-    } else if (in->status == CONTAINER_STATUS_PAUSED) {
-        if (sprintf_s(status, len, "Up %s (Paused)", start_at) < 0) {
-            goto out;
-        }
-    } else if (in->status == CONTAINER_STATUS_STARTING) {
-        if (sprintf_s(status, len, "Starting %s", start_at) < 0) {
-            goto out;
-        }
     } else {
-        if (sprintf_s(status, len, "Exited (%d) %s", (int)in->exit_code, finish_at) < 0) {
+        if (in->status == CONTAINER_STATUS_CREATED) {
+            sret = snprintf(status, len, "Created");
+        } else if (in->status == CONTAINER_STATUS_RESTARTING) {
+            sret = snprintf(status, len, "Restarting (%d) %s", (int)in->exit_code, finish_at);
+        } else if (in->status == CONTAINER_STATUS_PAUSED) {
+            sret = snprintf(status, len, "Up %s (Paused)", start_at);
+        } else if (in->status == CONTAINER_STATUS_STARTING) {
+            sret = snprintf(status, len, "Starting %s", start_at);
+        } else {
+            sret = snprintf(status, len, "Exited (%d) %s", (int)in->exit_code, finish_at);
+        }
+        if (sret < 0 || (size_t)sret >= len) {
             goto out;
         }
     }
@@ -523,8 +511,8 @@ static void calculate_uint_str_length(uint32_t data, unsigned int *length)
     int len = 0;
     char tmpbuffer[UINT_LEN + 1] = { 0 };
 
-    len = sprintf_s(tmpbuffer, sizeof(tmpbuffer), "%u", data);
+    len = snprintf(tmpbuffer, sizeof(tmpbuffer), "%u", data);
-    if (len < 0) {
+    if (len < 0 || (size_t)len >= sizeof(tmpbuffer)) {
         ERROR("sprintf buffer failed");
         return;
     }
@@ -808,7 +796,7 @@ static char *get_filter_string(const char *arg)
 
     input_str = util_strdup_s(arg);
 
-    p = strtok_s(input_str, ".", &next_context);
+    p = strtok_r(input_str, ".", &next_context);
     if (p == NULL) {
         goto out;
     }
@@ -818,7 +806,7 @@ static char *get_filter_string(const char *arg)
         goto out;
     }
 
-    p = strtok_s(p, " }", &next_context);
+    p = strtok_r(p, " }", &next_context);
     if (p == NULL) {
         goto out;
     }

src/cmd/lcrc/information/top.c

@@ -20,7 +20,6 @@
 #include "commands.h"
 #include "console.h"
 #include "utils.h"
-#include "securec.h"
 #include "container_inspect.h"
 #include "attach.h"
 #include "commander.h"

src/cmd/lcrc/information/version.c

@@ -14,7 +14,6 @@
  ******************************************************************************/
 #include "version.h"
 #include <stdio.h>
-#include "securec.h"
 
 #include "utils.h"
 #include "arguments.h"

src/cmd/lcrc/information/wait.c

@@ -13,7 +13,6 @@
  * Description: provide container wait functions
  ******************************************************************************/
 #include "error.h"
-#include "securec.h"
 #include "wait.h"
 #include "arguments.h"
 #include "log.h"

src/cmd/lcrc/stream/attach.c

@@ -19,7 +19,6 @@
 #include <limits.h>
 #include <pthread.h>
 
-#include "securec.h"
 #include "arguments.h"
 #include "exec.h"
 #include "log.h"

src/cmd/lcrc/stream/cp.c

@@ -23,7 +23,6 @@
 #include "log.h"
 #include "path.h"
 #include "lcrc_connect.h"
-#include "securec.h"
 #include "lcrdtar.h"
 
 #define FromContainer 0x01u
@@ -231,9 +230,7 @@ static void ignore_sigpipe()
     /*
      * Ignore SIGPIPE so the current process still exists after child process exited.
      */
-    if (memset_s(&sa, sizeof(struct sigaction), 0, sizeof(struct sigaction)) != EOK) {
+    (void)memset(&sa, 0, sizeof(struct sigaction));
-        WARN("Failed to set memory");
-    }
 
     sa.sa_handler = SIG_IGN;
     sigemptyset(&sa.sa_mask);

src/cmd/lcrc/stream/exec.c

@@ -19,7 +19,6 @@
 #include <limits.h>
 #include <pthread.h>
 
-#include "securec.h"
 #include "arguments.h"
 #include "exec.h"
 #include "log.h"

src/cmd/lcrd/commands.c

@@ -396,16 +396,18 @@ static int ulimit_flag_join(char* out_msg, const size_t msg_len, const size_t de
     size_t i;
     char *tmp = NULL;
 
-    if (sprintf_s(out_msg, msg_len, "[") < 0) {
+    int nret = snprintf(out_msg, msg_len, "[");
+    if (nret < 0 || nret >= msg_len) {
         ERROR("Failed to print string");
         goto out;
     }
 
     for (i = 0; i < default_ulimit_len; i++) {
         tmp = util_strdup_s(out_msg);
-        if (sprintf_s(out_msg, msg_len, "%s %s=%lld:%lld", tmp,
+        nret = snprintf(out_msg, msg_len, "%s %s=%lld:%lld", tmp,
-                      default_ulimit[i]->name, (long long int)default_ulimit[i]->soft,
+                        default_ulimit[i]->name, (long long int)default_ulimit[i]->soft,
-                      (long long int)default_ulimit[i]->hard) < 0) {
+                        (long long int)default_ulimit[i]->hard);
+        if (nret < 0 || nret >= msg_len) {
             ERROR("Failed to print string");
             goto out;
         }
@@ -414,7 +416,8 @@ static int ulimit_flag_join(char* out_msg, const size_t msg_len, const size_t de
     }
 
     tmp = util_strdup_s(out_msg);
-    if (sprintf_s(out_msg, msg_len, "%s ]", tmp) < 0) {
+    nret = snprintf(out_msg, msg_len, "%s ]", tmp);
+    if (nret < 0 || nret >= msg_len) {
         ERROR("Failed to print string");
         goto out;
     }
@@ -435,15 +438,17 @@ static int ulimit_file_join(char* out_msg, const size_t msg_len,
     char *tmp = NULL;
     isulad_daemon_configs_default_ulimits_element *ptr = NULL;
 
-    if (sprintf_s(out_msg, msg_len, "[") < 0) {
+    int nret = snprintf(out_msg, msg_len, "[");
+    if (nret < 0 || nret >= msg_len) {
         ERROR("Failed to print string");
         goto out;
     }
     for (i = 0; i < default_ulimits_len; i++) {
         ptr = default_ulimits[i];
         tmp = util_strdup_s(out_msg);
-        if (sprintf_s(out_msg, msg_len, "%s %s=%lld:%lld", tmp, ptr->name,
+        nret = snprintf(out_msg, msg_len, "%s %s=%lld:%lld", tmp, ptr->name,
-                      (long long int)(ptr->soft), (long long int)(ptr->hard)) < 0) {
+                        (long long int)(ptr->soft), (long long int)(ptr->hard));
+        if (nret < 0 || nret >= msg_len) {
             ERROR("Failed to print string");
             goto out;
         }
@@ -452,7 +457,8 @@ static int ulimit_file_join(char* out_msg, const size_t msg_len,
     }
 
     tmp = util_strdup_s(out_msg);
-    if (sprintf_s(out_msg, msg_len, "%s ]", tmp) < 0) {
+    nret = snprintf(out_msg, msg_len, "%s ]", tmp);
+    if (nret < 0 || nret >= msg_len) {
         ERROR("Failed to print string");
         goto out;
     }

src/cmd/lcrd/main.c

@@ -15,6 +15,7 @@
 
 #include <signal.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <sys/types.h>
 #include <time.h>
 #include <errno.h>
@@ -37,7 +38,6 @@
 
 #include "constants.h"
 #include "liblcrd.h"
-#include "securec.h"
 #include "collector.h"
 #include "commands.h"
 #include "log.h"
@@ -278,10 +278,7 @@ static int ignore_signals()
      * Ignore SIGHUP so lcrd process still exists after
      * terminal die.
      */
-    if (memset_s(&sa, sizeof(struct sigaction), 0, sizeof(struct sigaction)) != EOK) {
+    (void)memset(&sa, 0, sizeof(struct sigaction));
-        ERROR("Failed to set memory");
-        return -1;
-    }
 
     sa.sa_handler = SIG_IGN;
     sigemptyset(&sa.sa_mask);
@@ -307,10 +304,7 @@ static int add_shutdown_signal_handler()
 {
     struct sigaction sa;
 
-    if (memset_s(&sa, sizeof(struct sigaction), 0, sizeof(struct sigaction)) != EOK) {
+    (void)memset(&sa, 0, sizeof(struct sigaction));
-        ERROR("Failed to set memory");
-        return -1;
-    }
 
     if (sem_init(&g_daemon_shutdown_sem, 0, 0) == -1) {
         ERROR("Failed to init daemon shutdown sem");
@@ -325,10 +319,7 @@ static int add_shutdown_signal_handler()
         return -1;
     }
 
-    if (memset_s(&sa, sizeof(struct sigaction), 0, sizeof(struct sigaction)) != EOK) {
+    (void)memset(&sa, 0, sizeof(struct sigaction));
-        ERROR("Failed to set memory");
-        return -1;
-    }
 
     sa.sa_handler = sigterm_handler;
     sigemptyset(&sa.sa_mask);
@@ -441,8 +432,8 @@ int check_and_save_pid(const char *fn)
         goto out;
     }
 
-    len = sprintf_s(pidbuf, sizeof(pidbuf), "%lu\n", (unsigned long)getpid());
+    len = snprintf(pidbuf, sizeof(pidbuf), "%lu\n", (unsigned long)getpid());
-    if (len < 0) {
+    if (len < 0 || len >= sizeof(pidbuf)) {
         ERROR("failed sprint pidbuf");
         ret = -1;
         goto out;
@@ -504,8 +495,8 @@ static int set_parent_mount_dir(struct service_arguments *args)
         ERROR("Out of memory");
         goto out;
     }
-    nret = sprintf_s(rootfsdir, len, "%s/mnt/rootfs", args->json_confs->graph);
+    nret = snprintf(rootfsdir, len, "%s/mnt/rootfs", args->json_confs->graph);
-    if (nret < 0) {
+    if (nret < 0 || (size_t)nret >= len) {
         ERROR("Failed to print string");
         goto out;
     }
@@ -1134,7 +1125,7 @@ static int load_listener(const struct service_arguments *args)
         char *proto_addr = NULL;
 
         proto_addr = parse_host(args->json_confs->tls, args->hosts[i]);
-        proto = strtok_s(proto_addr, delim, &addr);
+        proto = strtok_r(proto_addr, delim, &addr);
         if (proto == NULL) {
             ERROR("Failed to get proto");
             ret = -1;

src/config/lcrd_config.c

@@ -25,7 +25,6 @@
 #include <libgen.h>
 
 #include "constants.h"
-#include "securec.h"
 #include "log.h"
 #include "utils.h"
 #include "lcrd_config.h"
@@ -95,8 +94,8 @@ int get_system_cpu_usage(uint64_t *val)
         ret = -1;
         goto out;
     }
-    nret = sscanf_s(buffer, "cpu  %16llu %16llu %16llu %16llu %16llu %16llu %16llu %16llu %16llu %16llu", &usertime,
+    nret = sscanf(buffer, "cpu  %16llu %16llu %16llu %16llu %16llu %16llu %16llu %16llu %16llu %16llu", &usertime,
-                    &nicetime, &systemtime, &idletime, &ioWait, &irq, &softIrq, &steal, &guest, &guestnice);
+                  &nicetime, &systemtime, &idletime, &ioWait, &irq, &softIrq, &steal, &guest, &guestnice);
     if (nret != BUFFER_ITEM_NUMS) {
         ERROR("sscanf buffer failed");
         ret = -1;
@@ -204,7 +203,8 @@ char *conf_get_engine_rootpath()
         goto free_out;
     }
 
-    if (sprintf_s(epath, len, "%s/%s", rootpath, ENGINE_ROOTPATH_NAME) < 0) {
+    int nret = snprintf(epath, len, "%s/%s", rootpath, ENGINE_ROOTPATH_NAME);
+    if (nret < 0 || (size_t)nret >= len) {
         ERROR("Sprintf engine path failed");
         free(epath);
         epath = NULL;
@@ -242,7 +242,8 @@ char *conf_get_graph_rootpath()
         goto free_out;
     }
 
-    if (sprintf_s(epath, len, "%s/%s", rootpath, GRAPH_ROOTPATH_NAME) < 0) {
+    int nret = snprintf(epath, len, "%s/%s", rootpath, GRAPH_ROOTPATH_NAME);
+    if (nret < 0 || (size_t)nret >= len) {
         ERROR("Sprintf graph path failed");
         free(epath);
         epath = NULL;
@@ -280,7 +281,8 @@ char *conf_get_graph_check_flag_file()
         goto free_out;
     }
 
-    if (sprintf_s(epath, len, "%s/%s/%s", rootpath, GRAPH_ROOTPATH_NAME, GRAPH_ROOTPATH_CHECKED_FLAG) < 0) {
+    int nret = snprintf(epath, len, "%s/%s/%s", rootpath, GRAPH_ROOTPATH_NAME, GRAPH_ROOTPATH_CHECKED_FLAG);
+    if (nret < 0 || (size_t)nret >= len) {
         ERROR("Sprintf graph checked flag failed");
         free(epath);
         epath = NULL;
@@ -318,7 +320,8 @@ char *conf_get_graph_run_path()
         goto free_out;
     }
 
-    if (sprintf_s(epath, len, "%s/%s", rootpath, GRAPH_ROOTPATH_NAME) < 0) {
+    int nret = snprintf(epath, len, "%s/%s", rootpath, GRAPH_ROOTPATH_NAME);
+    if (nret < 0 || (size_t)nret >= len) {
         ERROR("Sprintf graph run path failed");
         free(epath);
         epath = NULL;
@@ -367,7 +370,8 @@ char *conf_get_routine_rootdir(const char *runtime)
         goto out;
     }
 
-    if (sprintf_s(path, len, "%s/%s/%s", conf->json_confs->graph, ENGINE_ROOTPATH_NAME, runtime) < 0) {
+    int nret = snprintf(path, len, "%s/%s/%s", conf->json_confs->graph, ENGINE_ROOTPATH_NAME, runtime);
+    if (nret < 0 || (size_t)nret >= len) {
         ERROR("Failed to sprintf path");
         free(path);
         path = NULL;
@@ -412,7 +416,8 @@ char *conf_get_routine_statedir(const char *runtime)
         goto out;
     }
 
-    if (sprintf_s(path, len, "%s/%s", conf->json_confs->state, runtime) < 0) {
+    int nret = snprintf(path, len, "%s/%s", conf->json_confs->state, runtime);
+    if (nret < 0 || (size_t)nret >= len) {
         ERROR("sprintf path failed");
         free(path);
         path = NULL;
@@ -762,8 +767,8 @@ char *get_log_file_helper(const struct service_arguments *conf, const char *suff
         goto out;
     }
 
-    nret = sprintf_s(logfile, len, "%s/%s", conf->logpath, suffix);
+    nret = snprintf(logfile, len, "%s/%s", conf->logpath, suffix);
-    if (nret < 0) {
+    if (nret < 0 || (size_t)nret >= len) {
         free(logfile);
         logfile = NULL;
         ERROR("Failed to sprintf log path");
@@ -800,8 +805,8 @@ char *conf_get_lcrd_log_gather_fifo_path()
         ERROR("Out of memory");
         goto err_out;
     }
-    nret = sprintf_s(logfile, len, "%s%s", statedir, "/lcrd_log_gather_fifo");
+    nret = snprintf(logfile, len, "%s%s", statedir, "/lcrd_log_gather_fifo");
-    if (nret < 0) {
+    if (nret < 0 || (size_t)nret >= len) {
         ERROR("Sprintf log file failed");
         goto err_out;
     }
@@ -860,7 +865,8 @@ char *conf_get_engine_log_file()
         FATAL("Out of Memory");
         goto out;
     }
-    if (sprintf_s(full_path, len, "%s%s", prefix, logfile) < 0) {
+    int nret = snprintf(full_path, len, "%s%s", prefix, logfile);
+    if (nret < 0 || (size_t)nret >= len) {
         ERROR("Failed to sprintf engine log path");
         free(full_path);
         full_path = NULL;
@@ -1368,11 +1374,13 @@ static int maybe_create_cpu_realtime_file(bool present, int64_t value, const cha
         return -1;
     }
 
-    if (sprintf_s(fpath, sizeof(fpath), "%s/%s", path, file) < 0) {
+    int nret = snprintf(fpath, sizeof(fpath), "%s/%s", path, file);
+    if (nret < 0 || nret >= sizeof(fpath)) {
         ERROR("Failed to print string");
         return -1;
     }
-    if (sprintf_s(buf, sizeof(buf), "%lld", (long long int)value) < 0) {
+    nret = snprintf(buf, sizeof(buf), "%lld", (long long int)value);
+    if (nret < 0 || (size_t)nret >= sizeof(buf)) {
         ERROR("Failed to print string");
         return -1;
     }
@@ -1452,7 +1460,8 @@ static int recursively_create_cgroup(const char *path, int recursive_depth, int6
         root[1] = '\0';
     }
 
-    if (sprintf_s(fpath, sizeof(fpath), "%s/%s/%s", mnt, root, path) < 0) {
+    int nret = snprintf(fpath, sizeof(fpath), "%s/%s/%s", mnt, root, path);
+    if (nret < 0 || (size_t)nret >= sizeof(fpath)) {
         ERROR("Failed to print string");
         ret = -1;
         goto out;

src/connect/client/grpc/grpc_containers_client.cc

@@ -18,7 +18,6 @@
 #include <sstream>
 #include <fstream>
 #include <thread>
-#include "securec.h"
 #include "container_copy_to_request.h"
 #include "container_exec_request.h"
 #include "utils.h"
@@ -1541,10 +1540,7 @@ public:
         }
 
         lcrc_host_config_t hostconfig;
-        if (memset_s(&hostconfig, sizeof(hostconfig), 0, sizeof(hostconfig)) != EOK) {
+        (void)memset(&hostconfig, 0, sizeof(hostconfig));
-            ERROR("Failed to set memory");
-            return -1;
-        }
 
         if (request->updateconfig) {
             hostconfig.restart_policy = request->updateconfig->restart_policy;
@@ -1793,13 +1789,7 @@ private:
 
     void event_from_grpc(container_events_format_t *event, Event *gevent)
     {
-        errno_t mret = EOK;
+        (void)memset(event, 0, sizeof(*event));
-
-        mret = memset_s(event, sizeof(*event), 0, sizeof(*event));
-        if (mret != EOK) {
-            ERROR("Failed to set memory");
-            return;
-        }
         if (!gevent->id().empty()) {
             event->id = (char *)gevent->id().c_str();
         }
@@ -1855,9 +1845,7 @@ static ssize_t CopyFromContainerRead(void *context, void *buf, size_t len)
     }
     size_t data_len = res.data().length();
     if (data_len <= len) {
-        if (memcpy_s(buf, len, res.data().c_str(), data_len) != EOK) {
+        (void)memcpy(buf, res.data().c_str(), data_len);
-            return -1;
-        }
         return (ssize_t)data_len;
     }
 

src/connect/client/grpc/grpc_images_client.cc

@@ -14,7 +14,6 @@
  ******************************************************************************/
 #include "grpc_images_client.h"
 #include <string>
-#include "securec.h"
 #include "images.grpc.pb.h"
 #include "api.grpc.pb.h"
 #include "utils.h"

src/connect/client/grpc/grpc_isula_image_client.cc

@@ -84,6 +84,12 @@ int copy_image_metadata(const isula::Image &gimage, struct image_metadata **meta
         goto err_out;
     }
 
+    tmp_data->size = gimage.size();
+
+    if (gimage.has_uid()) {
+        tmp_data->uid = gimage.uid().value();
+    }
+
     if (!gimage.username().empty()) {
         tmp_data->username = util_strdup_s(gimage.username().c_str());
     }

src/connect/client/isula_image_connect.c

@@ -14,7 +14,6 @@
 *******************************************************************************/
 #include "isula_image_connect.h"
 
-#include "securec.h"
 #include "utils.h"
 #include "grpc_isula_image_client.h"
 
@@ -22,12 +21,7 @@ static isula_image_ops g_image_ops;
 
 int isula_image_ops_init(void)
 {
-    errno_t ret;
+    (void)memset(&g_image_ops, 0, sizeof(isula_image_ops));
-
-    ret = memset_s(&g_image_ops, sizeof(isula_image_ops), 0, sizeof(isula_image_ops));
-    if (ret != EOK) {
-        return -1;
-    }
 
     return grpc_isula_image_client_ops_init(&g_image_ops);
 }

src/connect/client/lcrc_connect.c

@@ -14,7 +14,6 @@
  ******************************************************************************/
 #include "lcrc_connect.h"
 
-#include "securec.h"
 
 #ifdef GRPC_CONNECTOR
 #include "grpc_client.h"
@@ -27,11 +26,7 @@ static lcrc_connect_ops g_connect_ops;
 /* connect client ops init */
 int connect_client_ops_init(void)
 {
-    errno_t ret;
+    (void)memset(&g_connect_ops, 0, sizeof(g_connect_ops));
-    ret = memset_s(&g_connect_ops, sizeof(g_connect_ops), 0, sizeof(g_connect_ops));
-    if (ret != EOK) {
-        return -1;
-    }
 #ifdef GRPC_CONNECTOR
     if (grpc_ops_init(&g_connect_ops)) {
         return -1;

src/connect/client/rest/rest_containers_client.c

@@ -16,7 +16,6 @@
 #include "error.h"
 
 #include "log.h"
-#include "securec.h"
 #include "lcrc_connect.h"
 #include "container.rest.h"
 #include "pack_config.h"
@@ -1087,10 +1086,7 @@ static int update_request_to_rest(const struct lcrc_update_request *lu_request,
     char *srcconfigjson = NULL;
     int ret = 0;
 
-    if (memset_s(&srcconfig, sizeof(srcconfig), 0, sizeof(srcconfig)) != EOK) {
+    (void)memset(&srcconfig, 0, sizeof(srcconfig));
-        ERROR("Failed to set memory");
-        return -1;
-    }
 
     crequest = util_common_calloc_s(sizeof(container_update_request));
     if (crequest == NULL) {

src/connect/client/rest/rest_images_client.c

@@ -17,7 +17,6 @@
 #include <limits.h>
 
 #include "log.h"
-#include "securec.h"
 #include "lcrc_connect.h"
 #include "image.rest.h"
 #include "rest_common.h"

src/connect/service/grpc/grpc_containers_service.cc

@@ -18,7 +18,6 @@
 #include <string>
 #include <thread>
 #include <unistd.h>
-#include "securec.h"
 #include "log.h"
 #include "utils.h"
 #include "error.h"
@@ -118,11 +117,7 @@ static bool copy_to_container_data_from_grpc(struct lcrd_copy_to_container_data
             ERROR("Out of memory");
             return false;
         }
-        if (memcpy_s(data, len, gcopy->data().c_str(), len) != EOK) {
+        (void)memcpy(data, gcopy->data().c_str(), len);
-            ERROR("Can not copy memory");
-            free(data);
-            return false;
-        }
         copy->data = data;
         copy->data_len = len;
         return true;

src/connect/service/grpc/grpc_images_service.cc

@@ -20,7 +20,6 @@
 #include <memory>
 #include <new>
 #include <string>
-#include <securec.h>
 
 #include "log.h"
 #include "utils.h"

src/connect/service/rest/rest_containers_service.c

@@ -18,7 +18,6 @@
 #include "log.h"
 #include "utils.h"
 #include "error.h"
-#include "securec.h"
 #include "callback.h"
 #include "container.rest.h"
 #include "rest_service_common.h"

src/connect/service/rest/rest_images_service.c

@@ -15,7 +15,6 @@
 #include <unistd.h>
 
 #include "log.h"
-#include "securec.h"
 #include "callback.h"
 #include "image.rest.h"
 #include "rest_service_common.h"

src/connect/service/rest/rest_service.c

@@ -16,10 +16,10 @@
 #include <unistd.h>
 #include <string.h>
 #include <errno.h>
+#include <stdlib.h>
 
 #include "log.h"
 #include "utils.h"
-#include "securec.h"
 #include "rest_containers_service.h"
 #include "rest_images_service.h"
 

src/connect/service/rest/rest_service_common.c

@@ -13,10 +13,11 @@
  * Description: provide container restful service common functions
  ******************************************************************************/
 #include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
 
 #include "log.h"
 #include "utils.h"
-#include "securec.h"
 #include "rest_service_common.h"
 
 #define UNIX_PATH_MAX 128

src/console/console.c

@@ -19,9 +19,10 @@
 #include <termios.h>
 #include <pthread.h>
 #include <sys/stat.h>
+#include <stdlib.h>
+#include <string.h>
 
 #include "console.h"
-#include "securec.h"
 #include "mainloop.h"
 #include "log.h"
 #include "utils.h"
@@ -185,8 +186,8 @@ int console_fifo_name(const char *rundir, const char *subpath,
     int ret = 0;
     int nret = 0;
 
-    nret = sprintf_s(fifo_path, fifo_path_sz, "%s/%s/", rundir, subpath);
+    nret = snprintf(fifo_path, fifo_path_sz, "%s/%s/", rundir, subpath);
-    if (nret < 0) {
+    if (nret < 0 || (size_t)nret >= fifo_path_sz) {
         ERROR("FIFO path:%s/%s/ is too long.", rundir, subpath);
         ret = -1;
         goto out;
@@ -200,8 +201,8 @@ int console_fifo_name(const char *rundir, const char *subpath,
         }
     }
 
-    nret = sprintf_s(fifo_name, fifo_name_sz, "%s/%s/%s-fifo", rundir, subpath, stdflag);
+    nret = snprintf(fifo_name, fifo_name_sz, "%s/%s/%s-fifo", rundir, subpath, stdflag);
-    if (nret < 0) {
+    if (nret < 0 || (size_t)nret >= fifo_name_sz) {
         ERROR("FIFO name %s/%s/%s-fifo is too long.", rundir, subpath, stdflag);
         ret = -1;
         goto out;

src/cutils/utils.c

@@ -19,7 +19,9 @@
 #include <execinfo.h>
 #include <stddef.h>
 #include <stdint.h>
+#include <stdlib.h>
 #include <string.h>
+#include <stdarg.h>
 #include <unistd.h>
 #include <sys/mman.h>
 #include <sys/param.h>
@@ -37,7 +39,6 @@
 #include <sys/prctl.h>
 #include <sys/types.h>
 #include <sys/wait.h>
-#include <securec.h>
 #include <termios.h>
 
 #include "utils.h"
@@ -47,7 +48,6 @@
 int mem_realloc(void **newptr, size_t newsize, void *oldptr, size_t oldsize)
 {
     void *tmp = NULL;
-    int nret = 0;
 
     if (newptr == NULL || newsize == 0) {
         goto err_out;
@@ -60,18 +60,8 @@ int mem_realloc(void **newptr, size_t newsize, void *oldptr, size_t oldsize)
     }
 
     if (oldptr != NULL) {
-        nret = memcpy_s(tmp, newsize, oldptr, (newsize < oldsize) ? newsize : oldsize);
+        (void)memcpy(tmp, oldptr, (newsize < oldsize) ? newsize : oldsize);
-        if (nret != EOK) {
+        (void)memset(oldptr, 0, oldsize);
-            ERROR("Failed to memcpy memory");
-            free(tmp);
-            goto err_out;
-        }
-
-        if (memset_s(oldptr, oldsize, 0, oldsize) != EOK) {
-            ERROR("Failed to memset memory");
-            free(tmp);
-            goto err_out;
-        }
 
         free(oldptr);
     }
@@ -385,10 +375,7 @@ char *util_short_digest(const char *digest)
         start_pos = strlen(SHA256_PREFIX);
     }
 
-    if (memcpy_s(short_digest, sizeof(short_digest), digest + start_pos, SHORT_DIGEST_LEN) != EOK) {
+    (void)memcpy(short_digest, digest + start_pos, SHORT_DIGEST_LEN);
-        ERROR("Failed to memcpy memory");
-        return NULL;
-    }
 
     short_digest[SHORT_DIGEST_LEN] = 0;
 
@@ -405,8 +392,8 @@ char *util_full_digest(const char *digest)
         return NULL;
     }
 
-    nret = sprintf_s(full_digest, sizeof(full_digest), "%s%s", SHA256_PREFIX, digest);
+    nret = snprintf(full_digest, sizeof(full_digest), "%s%s", SHA256_PREFIX, digest);
-    if (nret < 0) {
+    if (nret < 0 || (size_t)nret >= sizeof(full_digest)) {
         ERROR("digest too long failed");
         return NULL;
     }
@@ -445,22 +432,22 @@ proc_t *util_stat2proc(const char *s, size_t len)
 
     /* parse these two strings separately, skipping the leading "(". */
     /* comm[16] in kernel */
-    num = sscanf_s(s, "%d (%15c", &p->pid, p->cmd, 16);
+    num = sscanf(s, "%d (%15c", &p->pid, p->cmd);
     if (num != 2) {
         ERROR("Call sscanf error: %s", errno ? strerror(errno) : "");
         free(p);
         return NULL;
     }
-    num = sscanf_s(tmp + 2, /* skip space after ')' too */
+    num = sscanf(tmp + 2, /* skip space after ')' too */
-                   "%c "
+                 "%c "
-                   "%d %d %d %d %d "
+                 "%d %d %d %d %d "
-                   "%lu %lu %lu %lu %lu "
+                 "%lu %lu %lu %lu %lu "
-                   "%Lu %Lu %Lu %Lu " /* utime stime cutime cstime */
+                 "%Lu %Lu %Lu %Lu " /* utime stime cutime cstime */
-                   "%ld %ld %ld %ld "
+                 "%ld %ld %ld %ld "
-                   "%Lu ", /* start_time */
+                 "%Lu ", /* start_time */
-                   &p->state, 1, &p->ppid, &p->pgrp, &p->session, &p->tty, &p->tpgid, &p->flags, &p->min_flt,
+                 &p->state, &p->ppid, &p->pgrp, &p->session, &p->tty, &p->tpgid, &p->flags, &p->min_flt,
-                   &p->cmin_flt, &p->maj_flt, &p->cmaj_flt, &p->utime, &p->stime, &p->cutime, &p->cstime, &p->priority,
+                 &p->cmin_flt, &p->maj_flt, &p->cmaj_flt, &p->utime, &p->stime, &p->cutime, &p->cstime, &p->priority,
-                   &p->nice, &p->timeout, &p->it_real_value, &p->start_time);
+                 &p->nice, &p->timeout, &p->it_real_value, &p->start_time);
     if (num != 20) { // max arg to read
         ERROR("Call sscanf error: %s", errno ? strerror(errno) : "");
         free(p);
@@ -490,8 +477,8 @@ bool util_process_alive(pid_t pid, unsigned long long start_time)
         return false;
     }
 
-    sret = sprintf_s(filename, sizeof(filename), "/proc/%d/stat", pid);
+    sret = snprintf(filename, sizeof(filename), "/proc/%d/stat", pid);
-    if (sret < 0 || (unsigned int)sret >= sizeof(filename)) {
+    if (sret < 0 || (size_t)sret >= sizeof(filename)) {
         ERROR("Failed to sprintf filename");
         goto out;
     }
@@ -519,7 +506,6 @@ out:
 
 static void set_stderr_buf(char **stderr_buf, const char *format, ...)
 {
-    int ret = 0;
     char errbuf[BUFSIZ + 1] = { 0 };
     char *jerr = NULL;
 
@@ -528,11 +514,8 @@ static void set_stderr_buf(char **stderr_buf, const char *format, ...)
     va_list argp;
     va_start(argp, format);
 
-    ret = vsprintf_s(errbuf, BUFSIZ, format, argp);
+    (void)vsprintf(errbuf, format, argp);
     va_end(argp);
-    if (ret < 0) {
-        return;
-    }
 
     *stderr_buf = json_marshal_string(errbuf, strlen(errbuf), NULL, &jerr);
     if (*stderr_buf == NULL) {
@@ -968,8 +951,8 @@ proc_t *util_get_process_proc_info(pid_t pid)
     char filename[PATH_MAX] = { 0 };
     char sbuf[1024] = { 0 }; /* bufs for stat */
 
-    sret = sprintf_s(filename, sizeof(filename), "/proc/%d/stat", pid);
+    sret = snprintf(filename, sizeof(filename), "/proc/%d/stat", pid);
-    if (sret < 0 || (unsigned int)sret >= sizeof(filename)) {
+    if (sret < 0 || (size_t)sret >= sizeof(filename)) {
         ERROR("Failed to sprintf filename");
         goto out;
     }
@@ -1221,9 +1204,7 @@ void free_sensitive_string(char *str)
         goto out;
     }
 
-    if (memset_s(str, strlen(str), 0, strlen(str)) != EOK) {
+    (void)memset(str, 0, strlen(str));
-        ERROR("Failed to memset sensitive string memory");
-    }
 
 out:
     free(str);
@@ -1235,9 +1216,7 @@ void memset_sensitive_string(char *str)
         return;
     }
 
-    if (memset_s(str, strlen(str), 0, strlen(str)) != EOK) {
+    (void)memset(str, 0, strlen(str));
-        ERROR("Failed to memset sensitive string memory");
-    }
 }
 
 static char *get_mtpoint(const char *line)
@@ -1272,11 +1251,7 @@ static char *get_mtpoint(const char *line)
     if (sret == NULL) {
         goto err_out;
     }
-    if (memcpy_s(sret, len + 1, tmp, len) != EOK) {
+    (void)memcpy(sret, tmp, len);
-        free(sret);
-        sret = NULL;
-        goto err_out;
-    }
     sret[len] = '\0';
 
 err_out:

src/cutils/utils_array.c

@@ -15,9 +15,8 @@
 
 #define _GNU_SOURCE
 #include "utils_array.h"
-
+#include <stdlib.h>
-#include "securec.h"
+#include <string.h>
-
 #include "log.h"
 #include "utils.h"
 
@@ -80,12 +79,7 @@ int util_array_append(char ***array, const char *element)
         return -1;
     }
     if (*array != NULL) {
-        if (memcpy_s(new_array, (len + 2) * sizeof(char *),
+        (void)memcpy(new_array, *array, len * sizeof(char *));
-                     *array, len * sizeof(char *)) != EOK) {
-            ERROR("Failed to memcpy memory");
-            free(new_array);
-            return -1;
-        }
         UTIL_FREE_AND_SET_NULL(*array);
     }
     *array = new_array;
@@ -122,13 +116,8 @@ int util_grow_array(char ***orig_array, size_t *orig_capacity, size_t size,
         if (add_array == NULL) {
             return -1;
         }
-        if (*orig_array) {
+        if (*orig_array != NULL) {
-            if (memcpy_s(add_array, add_capacity * sizeof(void *),
+            (void)memcpy(add_array, *orig_array, *orig_capacity * sizeof(void *));
-                         *orig_array, *orig_capacity * sizeof(void *)) != EOK) {
-                ERROR("Failed to memcpy memory");
-                free(add_array);
-                return -1;
-            }
             UTIL_FREE_AND_SET_NULL(*orig_array);
         }
 

src/cutils/utils_file.c

@@ -18,13 +18,13 @@
 #include <string.h>
 #include <errno.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <unistd.h>
 #include <sys/mman.h>
 #include <sys/param.h>
 #include <sys/stat.h>
 #include <regex.h>
 #include <dirent.h>
-#include "securec.h"
 
 #include "constants.h"
 #include "log.h"
@@ -218,24 +218,16 @@ static int recursive_rmdir_helper(const char *dirpath, int recursive_depth, int
     pdirent = readdir(directory);
     for (; pdirent != NULL; pdirent = readdir(directory)) {
         struct stat fstat;
-        int pathname;
+        int pathname_len;
 
-        bool ret = !strcmp(pdirent->d_name, ".") || !strcmp(pdirent->d_name, "..");
+        if (!strcmp(pdirent->d_name, ".") || !strcmp(pdirent->d_name, "..")) {
-
-        if (ret) {
             continue;
         }
 
-        nret = memset_s(fname, sizeof(fname), 0, sizeof(fname));
+        (void)memset(fname, 0, sizeof(fname));
-        if (nret != EOK) {
-            ERROR("Failed to memset memory");
-            failure = 1;
-            continue;
-        }
-        pathname = sprintf_s(fname, MAXPATHLEN, "%s/%s", dirpath, pdirent->d_name);
 
-        ret = pathname < 0 || pathname >= MAXPATHLEN;
+        pathname_len = snprintf(fname, MAXPATHLEN, "%s/%s", dirpath, pdirent->d_name);
-        if (ret) {
+        if (pathname_len < 0 || pathname_len >= MAXPATHLEN) {
             ERROR("Pathname too long");
             failure = 1;
             continue;
@@ -299,8 +291,8 @@ char *util_path_join(const char *dir, const char *file)
         return NULL;
     }
 
-    nret = sprintf_s(path, sizeof(path), "%s/%s", dir, file);
+    nret = snprintf(path, PATH_MAX, "%s/%s", dir, file);
-    if (nret < 0) {
+    if (nret < 0 || nret >= PATH_MAX) {
         ERROR("dir or file too long failed");
         return NULL;
     }
@@ -420,8 +412,8 @@ char *util_human_size(uint64_t val)
         return NULL;
     }
 
-    ret = sprintf_s(out, len, "%llu%s", (unsigned long long)ui, uf[index]);
+    ret = snprintf(out, len, "%llu%s", (unsigned long long)ui, uf[index]);
-    if (ret < 0) {
+    if (ret < 0 || ret >= len) {
         ERROR("Failed to print string");
         free(out);
         return NULL;
@@ -439,15 +431,15 @@ char *util_human_size_decimal(int64_t val)
     char out[16] = { 0 }; /* 16 is enough, format like: 123.456 MB */
 
     if (val >= gb) {
-        nret = sprintf_s(out, sizeof(out), "%.3lf GB", ((double)val / gb));
+        nret = snprintf(out, sizeof(out), "%.3lf GB", ((double)val / gb));
     } else if (val >= mb) {
-        nret = sprintf_s(out, sizeof(out), "%.3lf MB", ((double)val / mb));
+        nret = snprintf(out, sizeof(out), "%.3lf MB", ((double)val / mb));
     } else if (val >= kb) {
-        nret = sprintf_s(out, sizeof(out), "%.3lf KB", ((double)val / kb));
+        nret = snprintf(out, sizeof(out), "%.3lf KB", ((double)val / kb));
     } else {
-        nret = sprintf_s(out, sizeof(out), "%lld B", (long long int)val);
+        nret = snprintf(out, sizeof(out), "%lld B", (long long int)val);
     }
-    if (nret < 0) {
+    if (nret < 0 || nret >= sizeof(out)) {
         ERROR("Failed to print string");
         return NULL;
     }
@@ -705,8 +697,8 @@ int util_list_all_subdir(const char *directory, char ***out)
             continue;
         }
 
-        nret = sprintf_s(tmpdir, PATH_MAX, "%s/%s", directory, direntp->d_name);
+        nret = snprintf(tmpdir, PATH_MAX, "%s/%s", directory, direntp->d_name);
-        if (nret < 0) {
+        if (nret < 0 || nret >= PATH_MAX) {
             ERROR("Sprintf: %s failed", direntp->d_name);
             goto error_out;
         }

src/cutils/utils_string.c

@@ -15,10 +15,9 @@
 
 #define _GNU_SOURCE
 #include "utils_string.h"
-
 #include <ctype.h>
-#include "securec.h"
+#include <stdlib.h>
-
+#include <string.h>
 #include "utils.h"
 #include "log.h"
 
@@ -576,19 +575,10 @@ static char *do_string_join(const char *sep, const char **parts, size_t parts_le
     }
 
     for (iter = 0; iter < parts_len - 1; iter++) {
-        if (strcat_s(res_string, result_len + 1, parts[iter]) != EOK) {
+        (void)strcat(res_string, parts[iter]);
-            free(res_string);
+        (void)strcat(res_string, sep);
-            return NULL;
-        }
-        if (strcat_s(res_string, result_len + 1, sep) != EOK) {
-            free(res_string);
-            return NULL;
-        }
-    }
-    if (strcat_s(res_string, result_len + 1, parts[parts_len - 1]) != EOK) {
-        free(res_string);
-        return NULL;
     }
+    (void)strcat(res_string, parts[parts_len - 1]);
     return res_string;
 }
 
@@ -641,14 +631,8 @@ char *util_string_append(const char *post, const char *pre)
     if (res_string == NULL) {
         return NULL;
     }
-    if (strcat_s(res_string, length, pre) != EOK) {
+    (void)strcat(res_string, pre);
-        free(res_string);
+    (void)strcat(res_string, post);
-        return NULL;
-    }
-    if (strcat_s(res_string, length, post) != EOK) {
-        free(res_string);
-        return NULL;
-    }
 
     return res_string;
 }
@@ -695,16 +679,12 @@ char *util_sub_string(const char *source, size_t offset, size_t length)
 
     total_len = strlen(source);
     substr_len = ((total_len - offset) >= length ? length : (total_len - offset)) + 1;
-    substring = (char *)malloc(substr_len * sizeof(char));
+    substring = (char *)util_common_calloc_s(substr_len * sizeof(char));
     if (substring == NULL) {
         ERROR("Out of memory\n");
         return NULL;
     }
-    if (strncpy_s(substring, substr_len, source + offset, substr_len - 1) != EOK) {
+    (void)strncpy(substring, source + offset, substr_len - 1);
-        ERROR("Out of memory\n");
-        free(substring);
-        return NULL;
-    }
     substring[substr_len - 1] = '\0';
 
     return substring;

src/cutils/utils_verify.c

@@ -15,14 +15,14 @@
 
 #define _GNU_SOURCE
 #include "utils_verify.h"
+#include <stdlib.h>
+#include <string.h>
 #include <regex.h>
 #include <sys/stat.h>
 #ifdef HAVE_LIBCAP_H
 #include <sys/capability.h>
 #endif
 
-#include "securec.h"
-
 #include "log.h"
 #include "utils.h"
 #include "utils_regex.h"
@@ -111,10 +111,7 @@ int util_validate_absolute_path(const char *path)
         return -1;
     }
 
-    if (memset_s(&regmatch, sizeof(regmatch_t), 0, sizeof(regmatch_t)) != EOK) {
+    (void)memset(&regmatch, 0, sizeof(regmatch_t));
-        WARN("Failed to set memory!");
-        return -1;
-    }
 
     if (regcomp(&preg, "^(/[^/ ]*)+/?$", REG_NOSUB | REG_EXTENDED)) {
         ERROR("Failed to compile the regex");
@@ -217,8 +214,8 @@ bool util_valid_cap(const char *cap)
         return false;
     }
 
-    nret = sprintf_s(tmpcap, sizeof(tmpcap), "CAP_%s", cap);
+    nret = snprintf(tmpcap, sizeof(tmpcap), "CAP_%s", cap);
-    if (nret < 0) {
+    if (nret < 0 || nret >= sizeof(tmpcap)) {
         ERROR("Failed to print string");
         cret = false;
         goto err_out;

src/engines/engine.c

@@ -23,7 +23,6 @@
 #include "constants.h"
 #include "linked_list.h"
 #include "lcrd_config.h"
-#include "securec.h"
 #include "log.h"
 #include "utils.h"
 #include "lcr_engine.h"
@@ -42,15 +41,8 @@ typedef int (*engine_init_func_t)(struct engine_operation *ops);
 int engines_global_init()
 {
     int ret = 0;
-    errno_t mret = EOK;
-    mret = memset_s(&g_lcrd_engines_lists, sizeof(struct lcrd_engine_operation_lists), 0x00,
-                    sizeof(struct lcrd_engine_operation_lists));
-    if (mret != EOK) {
-        ERROR("Failed to set memory");
-        ret = -1;
-        goto out;
-    }
 
+    (void)memset(&g_lcrd_engines_lists, 0, sizeof(struct lcrd_engine_operation_lists));
     /* init lcrd_engines_op_rwlock */
 
     ret = pthread_rwlock_init(&g_lcrd_engines_lists.lcrd_engines_op_rwlock, NULL);

src/engines/lcr/lcr_engine.c

@@ -23,7 +23,6 @@
 #include <lcr/lcrcontainer.h>
 
 #include "error.h"
-#include "securec.h"
 #include "engine.h"
 #include "log.h"
 #include "lcrd_config.h"
@@ -80,7 +79,6 @@ static Engine_Container_Status lcrsta2sta(const char *state)
 static bool lcr_update_container(const char *name, const char *lcrpath, const struct engine_cgroup_resources *cr)
 {
     struct lcr_cgroup_resources lcr_cr;
-    errno_t ret = EOK;
 
     if (g_lcr_update_op == NULL) {
         ERROR("Not supported update operation");
@@ -92,11 +90,7 @@ static bool lcr_update_container(const char *name, const char *lcrpath, const st
         return false;
     }
 
-    ret = memset_s(&lcr_cr, sizeof(struct lcr_cgroup_resources), 0x00, sizeof(struct lcr_cgroup_resources));
+    (void)memset(&lcr_cr, 0, sizeof(struct lcr_cgroup_resources));
-    if (ret != EOK) {
-        ERROR("Failed to set memory");
-        return false;
-    }
 
     lcr_cr.blkio_weight = cr->blkio_weight;
     lcr_cr.cpu_shares = cr->cpu_shares;
@@ -146,18 +140,13 @@ bool get_console_config(const char *name, const char *lcrpath, struct engine_con
 {
     struct lcr_console_config lcr_config;
     bool ret = false;
-    errno_t mret = EOK;
 
     if (name == NULL || config == NULL) {
         ERROR("Invalid arguments");
         return ret;
     }
 
-    mret = memset_s(&lcr_config, sizeof(struct lcr_console_config), 0x00, sizeof(struct lcr_console_config));
+    (void)memset(&lcr_config, 0, sizeof(struct lcr_console_config));
-    if (mret != EOK) {
-        ERROR("Failed to set memory");
-        return ret;
-    }
 
     if (g_lcr_get_console_config_op != NULL) {
         ret = g_lcr_get_console_config_op(name, lcrpath, &lcr_config);
@@ -215,9 +204,7 @@ static void copy_container_status(const struct lcr_container_state *lcs, struct
     const char *defvalue = "-";
     const char *name = NULL;
 
-    if (memset_s(status, sizeof(struct engine_container_info), 0, sizeof(struct engine_container_info)) != EOK) {
+    (void)memset(status, 0, sizeof(struct engine_container_info));
-        WARN("Can not set memory");
-    }
 
     name = lcs->name ? lcs->name : defvalue;
     status->id = util_strdup_s(name);

src/error.h

@@ -16,7 +16,7 @@
 #define __LCRD_ERROR_H_
 
 #include <stdlib.h>
-#include <securec.h>
+#include <stdarg.h>
 #include "utils.h"
 
 #ifdef __cplusplus
@@ -60,9 +60,9 @@ static inline void format_errorf(char **err, const char *format, ...)
     va_list argp;
     va_start(argp, format);
 
-    ret = vsprintf_s(errbuf, BUFSIZ, format, argp);
+    ret = vsnprintf(errbuf, BUFSIZ, format, argp);
     va_end(argp);
-    if (ret < 0) {
+    if (ret < 0 || ret >= BUFSIZ) {
         *err = util_strdup_s("Error is too long!!!");
         return;
     }

src/http/buffer.c

@@ -14,8 +14,8 @@
  ******************************************************************************/
 #define _GNU_SOURCE
 #include "buffer.h"
-#include <securec.h>
 
+#include <string.h>
 #include "log.h"
 #include "utils.h"
 
@@ -71,16 +71,10 @@ void buffer_free(Buffer *buf)
 /* buffer empty */
 void buffer_empty(Buffer *buf)
 {
-    errno_t ret = EOK;
-
     if (buf == NULL) {
         return;
     }
-    ret = memset_s(buf->contents, buf->total_size, 0x00, buf->total_size);
+    (void)memset(buf->contents, 0, buf->total_size);
-    if (ret != EOK) {
-        ERROR("Failed to set memory");
-        return;
-    }
 
     buf->bytes_used = 0;
 }
@@ -89,9 +83,7 @@ void buffer_empty(Buffer *buf)
 int buffer_grow(Buffer *buffer, size_t min_size)
 {
     size_t factor = 0;
-    int ret;
     size_t new_size = 0;
-    errno_t mret = EOK;
     char *tmp = NULL;
 
     if (buffer == NULL) {
@@ -116,19 +108,9 @@ int buffer_grow(Buffer *buffer, size_t min_size)
         return -1;
     }
 
-    ret = memcpy_s(tmp, new_size, buffer->contents, buffer->total_size);
+    (void)memcpy(tmp, buffer->contents, buffer->total_size);
-    if (ret) {
-        ERROR("Failed to copy memory");
-        free(tmp);
-        return -1;
-    }
 
-    mret = memset_s(buffer->contents, buffer->total_size, 0, buffer->total_size);
+    (void)memset(buffer->contents, 0, buffer->total_size);
-    if (mret != EOK) {
-        ERROR("Failed to set memory");
-        free(tmp);
-        return -1;
-    }
 
     free(buffer->contents);
     buffer->contents = tmp;

src/http/certificate.c

@@ -15,10 +15,10 @@
 #include "certificate.h"
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <string.h>
 
 #include "log.h"
 #include "utils.h"
-#include "securec.h"
 
 int get_common_name_from_tls_cert(const char *cert_path, char *value, size_t len)
 {

src/http/http.c

@@ -20,7 +20,6 @@
 #include "buffer.h"
 #include "log.h"
 #include "utils.h"
-#include "securec.h"
 
 size_t fwrite_buffer(const char *ptr, size_t eltsize, size_t nmemb, void *buffer_)
 {
@@ -96,8 +95,8 @@ struct curl_slist *http_get_chunk_header(const struct http_get_options *options)
             ret = -1;
             goto out;
         }
-        nret = sprintf_s(header, len, "Authorization: %s", options->authorization);
+        nret = snprintf(header, len, "Authorization: %s", options->authorization);
-        if (nret < 0) {
+        if (nret < 0 || (size_t)nret >= len) {
             ERROR("Failed to print string");
             ret = -1;
             goto out;
@@ -126,8 +125,8 @@ struct curl_slist *http_get_chunk_header(const struct http_get_options *options)
             ret = -1;
             goto out;
         }
-        nret = sprintf_s(header, len, "Accept: %s", options->accepts);
+        nret = snprintf(header, len, "Accept: %s", options->accepts);
-        if (nret < 0) {
+        if (nret < 0 || (size_t)nret >= len) {
             ERROR("Failed to print string");
             ret = -1;
             goto out;
@@ -365,7 +364,8 @@ int authz_http_request(const char *username, const char *action, char **resp)
         *resp = util_strdup_s("Inernal server error: Out of memory");
         return -1;
     }
-    if (sprintf_s(request_body, length, "%s:%s", username, action) < 0) {
+    int nret = snprintf(request_body, length, "%s:%s", username, action);
+    if (nret < 0 || (size_t)nret >= length) {
         ERROR("Failed to print string");
         free(request_body);
         return -1;
@@ -392,8 +392,8 @@ int authz_http_request(const char *username, const char *action, char **resp)
         goto out;
     }
     if (response_code != StatusOK) {
-        ret = sprintf_s(err_msg, sizeof(err_msg), "action '%s' for user '%s': permission denied", action, username);
+        ret = snprintf(err_msg, sizeof(err_msg), "action '%s' for user '%s': permission denied", action, username);
-        if (ret < 0) {
+        if (ret < 0 || (size_t)ret >= sizeof(err_msg)) {
             ERROR("Out of memory");
             *resp = util_strdup_s("Inernal server error: Out of memory");
             goto out;

src/http/parser.c

@@ -13,7 +13,8 @@
  * Description: provide container parser functions
  ******************************************************************************/
 #include <http_parser.h>
-#include <securec.h>
+#include <string.h>
+#include <stdlib.h>
 
 #include "parser.h"
 #include "utils.h"
@@ -29,11 +30,7 @@ size_t strlncat(char *dststr, size_t size, const char *srcstr, size_t nsize)
     if (dsize < size) {
         size_t rsize = size - dsize;
         size_t ncpy = ssize < rsize ? ssize : (rsize - 1);
-        errno_t nret = memcpy_s(dststr + dsize, size - dsize, srcstr, ncpy);
+        (void)memcpy(dststr + dsize, srcstr, ncpy);
-        if (nret != EOK) {
-            ERROR("Fail at strlncat memcpy!");
-            return 0;
-        }
         dststr[dsize + ncpy] = '\0';
     }
 
@@ -109,11 +106,7 @@ static int parser_body_cb(http_parser *parser, const char *buf, size_t len)
         return -1;
     }
     if (m->body != NULL && m->body_size > 0) {
-        if (memcpy_s(body, newsize, m->body, m->body_size) != EOK) {
+        (void)memcpy(body, m->body, m->body_size);
-            ERROR("Failed to copy memory");
-            free(body);
-            return -1;
-        }
         free(m->body);
     }
 

src/http/rest_common.c

@@ -14,7 +14,7 @@
  ******************************************************************************/
 #include "rest_common.h"
 #include <dlfcn.h>
-#include "securec.h"
+#include <string.h>
 #include "log.h"
 #include "utils.h"
 
@@ -72,8 +72,6 @@ int check_status_code(int status_code)
 /* free httpclient ops */
 static void free_httpclient_ops(struct httpclient_ops *ops)
 {
-    errno_t rc = EOK;
-
     if (ops == NULL || ops->handle == NULL) {
         return;
     }
@@ -81,10 +79,7 @@ static void free_httpclient_ops(struct httpclient_ops *ops)
         return;
     }
     dlclose(ops->handle);
-    rc = memset_s(ops, sizeof(struct httpclient_ops), 0, sizeof(struct httpclient_ops));
+    (void)memset(ops, 0, sizeof(struct httpclient_ops));
-    if (rc != EOK) {
-        ERROR("Failed to set memory!");
-    }
 }
 
 /* ops init */
@@ -92,16 +87,11 @@ static int ops_init(struct httpclient_ops *ops)
 {
     void *handle = NULL;
     int ret = -1;
-    errno_t rc = EOK;
 
     if (ops == NULL) {
         return ret;
     }
-    rc = memset_s(ops, sizeof(struct httpclient_ops), 0, sizeof(struct httpclient_ops));
+    (void)memset(ops, 0, sizeof(struct httpclient_ops));
-    if (rc != EOK) {
-        ERROR("Failed to set memory!");
-        goto out;
-    }
     handle = dlopen("libhttpclient.so", RTLD_LAZY);
     if (handle == NULL) {
         COMMAND_ERROR("Dlopen libhttpclient: %s", dlerror());

src/image/embedded/db/db_all.c

@@ -14,7 +14,7 @@
  ******************************************************************************/
 #include <limits.h>
 #include <pthread.h>
-#include "securec.h"
+#include <stdlib.h>
 #include "log.h"
 #include "utils.h"
 #include "db_common.h"

src/image/embedded/db/sqlite_common.c

@@ -16,7 +16,6 @@
 #include <limits.h>
 #include <unistd.h>
 #include <sys/stat.h>
-#include "securec.h"
 
 #include "utils.h"
 #include "constants.h"
@@ -158,8 +157,8 @@ int db_common_init(const char *rootpath)
     char dbpath[PATH_MAX] = { 0 };
     bool retry = true;
 
-    nret = sprintf_s(dbpath, sizeof(dbpath), "%s/%s", rootpath, DBNAME);
+    nret = snprintf(dbpath, sizeof(dbpath), "%s/%s", rootpath, DBNAME);
-    if (nret < 0) {
+    if (nret < 0 || (size_t)nret >= sizeof(dbpath)) {
         ERROR("Failed to print string");
         return -1;
     }

src/image/embedded/embedded_config_merge.c

@@ -19,7 +19,6 @@
 #include <string.h>
 #include <linux/limits.h>
 
-#include "securec.h"
 #include "utils.h"
 #include "log.h"
 #include "liblcrd.h"
@@ -141,15 +140,15 @@ int gen_one_mount(embedded_manifest *manifest, char *mount, char *real_path, int
         return -1;
     }
     if (strcmp(manifest->layers[i]->media_type, MediaTypeEmbeddedLayerSquashfs) == 0) {
-        nret = sprintf_s(mount, PATH_MAX * 3,
+        nret = snprintf(mount, PATH_MAX * 3,
-                         "type=squashfs,ro=true,src=%s,dst=%s",
+                        "type=squashfs,ro=true,src=%s,dst=%s",
-                         real_path, manifest->layers[i]->path_in_container);
+                        real_path, manifest->layers[i]->path_in_container);
     } else {
-        nret = sprintf_s(mount, PATH_MAX * 3,
+        nret = snprintf(mount, PATH_MAX * 3,
-                         "type=bind,ro=true,bind-propagation=rprivate,src=%s,dst=%s",
+                        "type=bind,ro=true,bind-propagation=rprivate,src=%s,dst=%s",
-                         real_path, manifest->layers[i]->path_in_container);
+                        real_path, manifest->layers[i]->path_in_container);
     }
-    if (nret < 0) {
+    if (nret < 0 || (size_t)nret >= (PATH_MAX * 3)) {
         ERROR("print string for mounts failed");
         return -1;
     }

src/image/embedded/embedded_image.c

@@ -24,7 +24,6 @@
 #include "containers_store.h"
 #include "specs_extend.h"
 #include "log.h"
-#include "securec.h"
 #include "embedded_image.h"
 #include "lim.h"
 #include "embedded_config_merge.h"

src/image/embedded/lim.c

@@ -20,7 +20,6 @@
 #include "log.h"
 #include "lim.h"
 #include "liblcrd.h"
-#include "securec.h"
 #include "mediatype.h"
 #include "snapshot.h"
 #include "snapshot_def.h"
@@ -241,8 +240,8 @@ static bool validate_layer_path_in_host(size_t layer_index, const char *location
             return false;
         }
         abs_path = util_add_path(location, path_in_host);
-        sret = sprintf_s(parent_location, sizeof(parent_location), "%s/..", location);
+        sret = snprintf(parent_location, sizeof(parent_location), "%s/..", location);
-        if (sret < 0 || sret >= (int)sizeof(parent_location)) {
+        if (sret < 0 || (size_t)sret >= sizeof(parent_location)) {
             ERROR("Failed to sprintf parent_location");
             lcrd_try_set_error_message("Failed to sprintf parent_location");
             UTIL_FREE_AND_SET_NULL(abs_path);

src/image/embedded/load.c

@@ -21,7 +21,6 @@
 #include "lim.h"
 #include "limits.h"
 #include "log.h"
-#include "securec.h"
 #include "image.h"
 
 #define RAW_DIGEST_LEN 64
@@ -48,11 +47,7 @@ static char *replace_suffix_to_sgn(const char *file)
     }
 
     /* dump chars to sgn_file */
-    if (strcat_s(sgn_file, len, file) != EOK) {
+    (void)strcat(sgn_file, file);
-        ERROR("strcat string failed");
-        free(sgn_file);
-        return NULL;
-    }
 
     /* strip file's suffix */
     for (i = strlen(sgn_file); i > 0; i--) {
@@ -67,11 +62,7 @@ static char *replace_suffix_to_sgn(const char *file)
     }
 
     /* add .sgn to tail as suffix */
-    if (strcat_s(sgn_file, len, ".sgn") != EOK) {
+    (void)strcat(sgn_file, ".sgn");
-        ERROR("strcat string failed");
-        free(sgn_file);
-        return NULL;
-    }
 
     return sgn_file;
 }

src/image/embedded/snapshot/embedded.c

@@ -17,7 +17,6 @@
 #include "utils.h"
 #include "linked_list.h"
 #include "log.h"
-#include "securec.h"
 #include "snapshot_def.h"
 #include "embedded.h"
 

src/image/external/ext_image.c

@@ -24,7 +24,6 @@
 #include "log.h"
 #include "utils.h"
 #include "specs_extend.h"
-#include "securec.h"
 #include "ext_image.h"
 
 #ifdef ENABLE_OCI_IMAGE

src/image/image.c

@@ -21,7 +21,6 @@
 #include <sys/utsname.h>
 #include <ctype.h>
 
-#include "securec.h"
 #include "image.h"
 #include "liblcrd.h"
 #include "log.h"
@@ -1684,8 +1683,8 @@ int map_to_key_value_string(const json_map_string_string *map, char ***array, si
             ERROR("Out of memory");
             goto cleanup;
         }
-        ret = sprintf_s(str, len, "%s=%s", map->keys[i], map->values[i]);
+        ret = snprintf(str, len, "%s=%s", map->keys[i], map->values[i]);
-        if (ret < 0) {
+        if (ret < 0 || (size_t)ret >= len) {
             ERROR("Failed to print string");
             free(str);
             goto cleanup;

src/image/oci/global_config.c

@@ -17,7 +17,6 @@
 #include <stddef.h>
 
 #include "lcrd_config.h"
-#include "securec.h"
 #include "log.h"
 #ifdef ENABLE_OCI_IMAGE
 #include "driver.h"
@@ -198,7 +197,8 @@ static int pack_global_opt_time(const char * const *options, char *params[], siz
     opt_timeout = conf_get_im_opt_timeout();
     if (opt_timeout != 0) {
         add_array_elem(params, PARAM_NUM, &i, options[GB_OPTION_OPT_TIMEOUT]);
-        if (sprintf_s(timeout_str, UINT_LEN, "%us", opt_timeout) < 0) {
+        int nret = snprintf(timeout_str, UINT_LEN + 2, "%us", opt_timeout);
+        if (nret < 0 || (size_t)nret >= (UINT_LEN + 2)) {
             COMMAND_ERROR("Failed to print string");
             goto out;
         }

src/image/oci/isula_image_pull.c

@@ -20,6 +20,7 @@
 #include "isula_helper.h"
 #include "connect.h"
 #include "oci_images_store.h"
+#include "oci_common_operators.h"
 
 static bool need_new_isula_auth(const im_pull_request *request)
 {
@@ -107,6 +108,7 @@ int isula_pull_image(const im_pull_request *request, im_pull_response **response
     struct isula_pull_response *iresp = NULL;
     int ret = -1;
     client_connect_config_t conf = { 0 };
+    char *normalized = NULL;
 
     im_ops = get_isula_image_ops();
     if (im_ops == NULL) {
@@ -149,9 +151,16 @@ int isula_pull_image(const im_pull_request *request, im_pull_response **response
         goto err_out;
     }
 
-    ret = register_new_oci_image_into_memory(request->image);
+    normalized = oci_normalize_image_name(request->image);
+    if (normalized == NULL) {
+        ret = -1;
+        ERROR("Normalize image name %s failed", request->image);
+        goto err_out;
+    }
+
+    ret = register_new_oci_image_into_memory(normalized);
     if (ret != 0) {
-        ERROR("Register image %s into store failed", request->image);
+        ERROR("Register image %s into store failed", normalized);
         goto err_out;
     }
 
@@ -161,6 +170,7 @@ err_out:
     *response = NULL;
     ret = -1;
 out:
+    free(normalized);
     free_client_connect_config_value(&conf);
     free_isula_pull_request(ireq);
     free_isula_pull_response(iresp);

src/image/oci/isula_images_list.c

@@ -99,18 +99,21 @@ err_out:
     return -1;
 }
 
-static void pack_imagetool_images_list(const struct isula_list_response *resp, imagetool_images_list **images)
+static int pack_imagetool_images_list(const struct isula_list_response *resp, imagetool_images_list **images)
 {
+    int ret = 0;
     size_t i = 0;
     imagetool_images_list *tmp_list = NULL;
 
     if (resp == NULL) {
-        return;
+        ret = -1;
+        goto err_out;
     }
     tmp_list = (imagetool_images_list *)util_common_calloc_s(sizeof(imagetool_images_list));
     if (tmp_list == NULL) {
         ERROR("Out of memory");
-        return;
+        ret = -1;
+        goto err_out;
     }
     if (resp->images_len == 0) {
         DEBUG("Get number of images is 0");
@@ -119,7 +122,8 @@ static void pack_imagetool_images_list(const struct isula_list_response *resp, i
     tmp_list->images = (imagetool_image **)util_common_calloc_s(sizeof(imagetool_image *) * resp->images_len);
     if (tmp_list->images == NULL) {
         ERROR("Out of memory");
-        goto out;
+        ret = -1;
+        goto err_out;
     }
     for (; i < resp->images_len; i++) {
         if (pack_imagetool_image(resp->images[i], &(tmp_list->images[i])) != 0) {
@@ -128,8 +132,14 @@ static void pack_imagetool_images_list(const struct isula_list_response *resp, i
         tmp_list->images_len++;
     }
 
+    goto out;
+
+err_out:
+    free(tmp_list);
+    tmp_list = NULL;
 out:
     *images = tmp_list;
+    return ret;
 }
 
 int isula_list_images(const im_list_request *request, imagetool_images_list **images)
@@ -175,7 +185,11 @@ int isula_list_images(const im_list_request *request, imagetool_images_list **im
         goto out;
     }
 
-    pack_imagetool_images_list(iresp, images);
+    if (pack_imagetool_images_list(iresp, images) != 0) {
+        ERROR("Failed to pack images list");
+        ret = -1;
+        goto out;
+    }
 out:
     free_isula_list_request(ireq);
     free_isula_list_response(iresp);

src/image/oci/oci_auth.c

@@ -19,7 +19,6 @@
 #include <unistd.h>
 #include <string.h>
 
-#include "securec.h"
 #include "utils.h"
 #include "log.h"
 #include "imagetool_auth_input.h"

src/image/oci/oci_common_operators.c

@@ -23,7 +23,6 @@
 
 #include "log.h"
 #include "utils.h"
-#include "securec.h"
 #include "oci_images_store.h"
 #include "specs_extend.h"
 #include "oci_config_merge.h"
@@ -169,7 +168,8 @@ char *oci_normalize_image_name(const char *name)
     util_free_array(parts);
 
     // Normalize image name
-    if (sprintf_s(temp, sizeof(temp), "%s%s%s%s", add_dockerio, add_library, name, add_default_tag) < 0) {
+    int nret = snprintf(temp, sizeof(temp), "%s%s%s%s", add_dockerio, add_library, name, add_default_tag);
+    if (nret < 0 || (size_t)nret >= sizeof(temp)) {
         ERROR("sprint temp image name failed");
         return NULL;
     }
@@ -196,7 +196,8 @@ static char *oci_strip_dockerio_prefix(const char *name)
         return NULL;
     }
 
-    if (sprintf_s(prefix, sizeof(prefix), "%s%s", DEFAULT_HOSTNAME, DEFAULT_REPO_PREFIX) < 0) {
+    int nret = snprintf(prefix, sizeof(prefix), "%s%s", DEFAULT_HOSTNAME, DEFAULT_REPO_PREFIX);
+    if (nret < 0 || (size_t)nret >= sizeof(prefix)) {
         ERROR("sprint prefix prefix failed");
         return NULL;
     }
@@ -756,11 +757,8 @@ int oci_inspect_image(const im_inspect_request *im_request, char **inspected_jso
         return -1;
     }
 
-    ret = memset_s(&request, sizeof(im_status_request), 0x00, sizeof(im_status_request));
+    (void)memset(&request, 0, sizeof(im_status_request));
-    if (ret != EOK) {
+
-        ERROR("Failed to set memory");
-        return -1;
-    }
     request.image.image = im_request->image.image;
 
     response = (im_status_response *)util_common_calloc_s(sizeof(im_status_response));

src/image/oci/oci_config_merge.c

@@ -19,7 +19,6 @@
 #include <stdio.h>
 #include <unistd.h>
 #include <string.h>
-#include "securec.h"
 #include "utils.h"
 #include "log.h"
 #include "liblcrd.h"

src/image/oci/run_image_server.c

@@ -169,8 +169,8 @@ static unsigned long long get_image_server_start_time(pid_t server_pid)
         return 0;
     }
 
-    sret = sprintf_s(filename, sizeof(filename), "/proc/%d/stat", server_pid);
+    sret = snprintf(filename, sizeof(filename), "/proc/%d/stat", server_pid);
-    if (sret < 0 || (unsigned int)sret >= sizeof(filename)) {
+    if (sret < 0 || (size_t)sret >= sizeof(filename)) {
         ERROR("Failed to sprintf filename");
         goto out;
     }

src/json/schema/schema/container/config-v2.json

@@ -99,6 +99,9 @@
             ],
             "type": "object"
         },
+        "Image": {
+            "type": "string"
+        },
         "State": {
             "properties": {
                 "Dead": {

src/json/schema/src/common_c.py

@@ -33,8 +33,8 @@ yajl_gen_status map_uint(void *ctx, long long unsigned int num) {
     char numstr[MAX_NUM_STR_LEN];
     int ret;
 
-    ret = sprintf_s(numstr, sizeof(numstr), "%llu", num);
+    ret = snprintf(numstr, sizeof(numstr), "%llu", num);
-    if (ret < 0) {
+    if (ret < 0 || (size_t)ret >= sizeof(numstr)) {
         return yajl_gen_in_error_state;
     }
     return yajl_gen_number((yajl_gen)ctx, (const char *)numstr, strlen(numstr));
@@ -44,8 +44,8 @@ yajl_gen_status map_int(void *ctx, long long int num) {
     char numstr[MAX_NUM_STR_LEN];
     int ret;
 
-    ret = sprintf_s(numstr, sizeof(numstr), "%lld", num);
+    ret = snprintf(numstr, sizeof(numstr), "%lld", num);
-    if (ret < 0) {
+    if (ret < 0 || (size_t)ret >= sizeof(numstr)) {
         return yajl_gen_in_error_state;
     }
     return yajl_gen_number((yajl_gen)ctx, (const char *)numstr, strlen(numstr));
@@ -389,8 +389,8 @@ yajl_gen_status gen_json_map_int_int(void *ctx, const json_map_int_int *map, con
     for (i = 0; i < len; i++) {
         char numstr[MAX_NUM_STR_LEN];
         int nret;
-        nret = sprintf_s(numstr, sizeof(numstr), "%lld", (long long int)map->keys[i]);
+        nret = snprintf(numstr, sizeof(numstr), "%lld", (long long int)map->keys[i]);
-        if (nret < 0) {
+        if (nret < 0 || (size_t)nret >= sizeof(numstr)) {
             if (!*err && asprintf(err, "Error to print string") < 0) {
                 *(err) = safe_strdup("error allocating memory");
             }
@@ -490,16 +490,8 @@ int append_json_map_int_int(json_map_int_int *map, int key, int val) {
     vals = safe_malloc(len * sizeof(int));
 
     if (map->len) {
-        if (memcpy_s(keys, len * sizeof(int), map->keys, map->len * sizeof(int)) != EOK) {
+        (void)memcpy(keys, map->keys, map->len * sizeof(int));
-            free(keys);
+        (void)memcpy(vals, map->values, map->len * sizeof(int));
-            free(vals);
-            return -1;
-        }
-        if (memcpy_s(vals, len * sizeof(int), map->values, map->len * sizeof(int)) != EOK) {
-            free(keys);
-            free(vals);
-            return -1;
-        }
     }
     free(map->keys);
     map->keys = keys;
@@ -530,8 +522,8 @@ yajl_gen_status gen_json_map_int_bool(void *ctx, const json_map_int_bool *map, c
     for (i = 0; i < len; i++) {
         char numstr[MAX_NUM_STR_LEN];
         int nret;
-        nret = sprintf_s(numstr, sizeof(numstr), "%lld", (long long int)map->keys[i]);
+        nret = snprintf(numstr, sizeof(numstr), "%lld", (long long int)map->keys[i]);
-        if (nret < 0) {
+        if (nret < 0 || (size_t)nret >= sizeof(numstr)) {
             if (!*err && asprintf(err, "Error to print string") < 0) {
                 *(err) = safe_strdup("error allocating memory");
             }
@@ -631,16 +623,8 @@ int append_json_map_int_bool(json_map_int_bool *map, int key, bool val) {
     vals = safe_malloc(len * sizeof(bool));
 
     if (map->len) {
-        if (memcpy_s(keys, len * sizeof(int), map->keys, map->len * sizeof(int)) != EOK) {
+        (void)memcpy(keys, map->keys, map->len * sizeof(int));
-            free(keys);
+        (void)memcpy(vals, map->values, map->len * sizeof(bool));
-            free(vals);
-            return -1;
-        }
-        if (memcpy_s(vals, len * sizeof(bool), map->values, map->len * sizeof(bool)) != EOK) {
-            free(keys);
-            free(vals);
-            return -1;
-        }
     }
     free(map->keys);
     map->keys = keys;
@@ -671,8 +655,8 @@ yajl_gen_status gen_json_map_int_string(void *ctx, const json_map_int_string *ma
     for (i = 0; i < len; i++) {
         char numstr[MAX_NUM_STR_LEN];
         int nret;
-        nret = sprintf_s(numstr, sizeof(numstr), "%lld", (long long int)map->keys[i]);
+        nret = snprintf(numstr, sizeof(numstr), "%lld", (long long int)map->keys[i]);
-        if (nret < 0) {
+        if (nret < 0 || (size_t)nret >= sizeof(numstr)) {
             if (!*err && asprintf(err, "Error to print string") < 0) {
                 *(err) = safe_strdup("error allocating memory");
             }
@@ -771,16 +755,8 @@ int append_json_map_int_string(json_map_int_string *map, int key, const char *va
     vals = safe_malloc(len * sizeof(char *));
 
     if (map->len) {
-        if (memcpy_s(keys, len * sizeof(int), map->keys, map->len * sizeof(int)) != EOK) {
+        (void)memcpy(keys, map->keys, map->len * sizeof(int));
-            free(keys);
+        (void)memcpy(vals, map->values, map->len * sizeof(char *));
-            free(vals);
-            return -1;
-        }
-        if (memcpy_s(vals, len * sizeof(char *), map->values, map->len * sizeof(char *)) != EOK) {
-            free(keys);
-            free(vals);
-            return -1;
-        }
     }
     free(map->keys);
     map->keys = keys;
@@ -897,16 +873,8 @@ int append_json_map_string_int(json_map_string_int *map, const char *key, int va
     vals = safe_malloc(len * sizeof(int));
 
     if (map->len) {
-        if (memcpy_s(keys, len * sizeof(char *), map->keys, map->len * sizeof(char *)) != EOK) {
+        (void)memcpy(keys, map->keys, map->len * sizeof(char *));
-            free(keys);
+        (void)memcpy(vals, map->values, map->len * sizeof(int));
-            free(vals);
-            return -1;
-        }
-        if (memcpy_s(vals, len * sizeof(int), map->values, map->len * sizeof(int)) != EOK) {
-            free(keys);
-            free(vals);
-            return -1;
-        }
     }
     free(map->keys);
     map->keys = keys;
@@ -1019,16 +987,8 @@ int append_json_map_string_bool(json_map_string_bool *map, const char *key, bool
     vals = safe_malloc(len * sizeof(bool));
 
     if (map->len) {
-        if (memcpy_s(keys, len * sizeof(char *), map->keys, map->len * sizeof(char *)) != EOK) {
+        (void)memcpy(keys, map->keys, map->len * sizeof(char *));
-            free(keys);
+        (void)memcpy(vals, map->values, map->len * sizeof(bool));
-            free(vals);
-            return -1;
-        }
-        if (memcpy_s(vals, len * sizeof(bool), map->values, map->len * sizeof(bool)) != EOK) {
-            free(keys);
-            free(vals);
-            return -1;
-        }
     }
     free(map->keys);
     map->keys = keys;
@@ -1148,16 +1108,8 @@ int append_json_map_string_string(json_map_string_string *map, const char *key,
     vals = safe_malloc(len * sizeof(char *));
 
     if (map->len) {
-        if (memcpy_s(keys, len * sizeof(char *), map->keys, map->len * sizeof(char *)) != EOK) {
+        (void)memcpy(keys, map->keys, map->len * sizeof(char *));
-            free(keys);
+        (void)memcpy(vals, map->values, map->len * sizeof(char *));
-            free(vals);
-            return -1;
-        }
-        if (memcpy_s(vals, len * sizeof(char *), map->values, map->len * sizeof(char *)) != EOK) {
-            free(keys);
-            free(vals);
-            return -1;
-        }
     }
     free(map->keys);
     map->keys = keys;
@@ -1205,12 +1157,7 @@ char *json_marshal_string(const char *str, size_t strlen, const struct parser_co
     }
 
     json_buf = safe_malloc(gen_len + 1);
-    if (memcpy_s(json_buf, gen_len + 1, gen_buf, gen_len) != EOK) {
+    (void)memcpy(json_buf, gen_buf, gen_len);
-        *err = safe_strdup("Error to memcpy json");
-        free(json_buf);
-        json_buf = NULL;
-        goto free_out;
-    }
     json_buf[gen_len] = '\\0';
 
 free_out:

src/json/schema/src/common_h.py

@@ -30,13 +30,13 @@ CODE = '''// Auto generated file. Do not edit!
 # ifndef _JSON_COMMON_H
 # define _JSON_COMMON_H
 
+# include <stdlib.h>
 # include <stdbool.h>
 # include <stdio.h>
 # include <string.h>
 # include <stdint.h>
 # include <yajl/yajl_tree.h>
 # include <yajl/yajl_gen.h>
-# include "securec.h"
 
 # ifdef __cplusplus
 extern "C" {

src/json/schema/src/read_file.c

@@ -23,7 +23,6 @@
 #include <stdint.h>
 
 #include <config.h>
-#include "securec.h"
 #include "read_file.h"
 
 #ifndef O_CLOEXEC
@@ -57,8 +56,6 @@ char *fread_file(FILE *stream, size_t *length)
 
     while (1) {
         size_t ret, newsize, sizejudge;
-        int pret;
-        errno_t rc = EOK;
         sizejudge = (JSON_MAX_SIZE - BUFSIZ) - 1;
         if (sizejudge < off) {
             goto out;
@@ -71,15 +68,9 @@ char *fread_file(FILE *stream, size_t *length)
         }
 
         if (buf != NULL) {
-            pret = memcpy_s(tmpbuf, newsize, buf, off);
+            (void)memcpy(tmpbuf, buf, off);
-            if (pret) {
-                goto out;
-            }
 
-            rc = memset_s(buf, off, 0, off);
+            (void)memset(buf, 0, off);
-            if (rc != EOK) {
-                goto out;
-            }
 
             free(buf);
         }
@@ -149,4 +140,3 @@ char *read_file(const char *path, size_t *length)
     (void)fclose(fp);
     return buf;
 }
-

src/json/schema/src/read_file.h

@@ -23,4 +23,3 @@ char *fread_file(FILE *stream, size_t *length);
 char *read_file(const char *path, size_t *length);
 
 #endif
-

src/json/schema/src/sources.py

@@ -797,7 +797,6 @@ def src_reflect(structs, schema_info, c_file, root_typ):
     c_file.write("#endif\n")
     c_file.write('#include <string.h>\n')
     c_file.write('#include <read_file.h>\n')
-    c_file.write('#include "securec.h"\n')
     c_file.write('#include "%s"\n\n' % schema_info.header.basename)
     for i in structs:
         append_c_code(i, c_file, schema_info.prefix)
@@ -982,12 +981,7 @@ yajl_gen_status gen_%s(yajl_gen g, const %s_element **ptr, size_t len, const str
     }
 
     json_buf = safe_malloc(gen_len + 1);
-    if (memcpy_s(json_buf, gen_len + 1, gen_buf, gen_len) != EOK) {
+    (void)memcpy(json_buf, gen_buf, gen_len);
-        *err = safe_strdup("Error to memcpy json");
-        free(json_buf);
-        json_buf = NULL;
-        goto free_out;
-    }
     json_buf[gen_len] = '\\0';
 
 free_out:

src/liblcrc.c

@@ -21,7 +21,6 @@
 #include "log.h"
 #include "pack_config.h"
 #include "utils.h"
-#include "securec.h"
 
 /* lcrc filters free */
 void lcrc_filters_free(struct lcrc_filters *filters)

src/liblcrd.c

@@ -16,12 +16,12 @@
 #include <stdio.h>
 #include <errno.h>
 #include <ctype.h>
+#include <stdarg.h>
 
 #include "liblcrd.h"
 #include "log.h"
 #include "pack_config.h"
 #include "utils.h"
-#include "securec.h"
 
 // record the errno
 __thread char *g_lcrd_errmsg = NULL;
@@ -107,9 +107,9 @@ void lcrd_set_error_message(const char *format, ...)
     va_list argp;
     va_start(argp, format);
 
-    ret = vsprintf_s(errbuf, BUFSIZ, format, argp);
+    ret = vsnprintf(errbuf, BUFSIZ, format, argp);
     va_end(argp);
-    if (ret < 0) {
+    if (ret < 0 || ret >= BUFSIZ) {
         return;
     }
 
@@ -129,9 +129,9 @@ void lcrd_try_set_error_message(const char *format, ...)
     va_list argp;
     va_start(argp, format);
 
-    ret = vsprintf_s(errbuf, BUFSIZ, format, argp);
+    ret = vsnprintf(errbuf, BUFSIZ, format, argp);
     va_end(argp);
-    if (ret < 0) {
+    if (ret < 0 || ret >= BUFSIZ) {
         return;
     }
 
@@ -148,9 +148,9 @@ void lcrd_append_error_message(const char *format, ...)
     va_list argp;
     va_start(argp, format);
 
-    ret = vsprintf_s(errbuf, BUFSIZ, format, argp);
+    ret = vsnprintf(errbuf, BUFSIZ, format, argp);
     va_end(argp);
-    if (ret < 0) {
+    if (ret < 0 || ret >= BUFSIZ) {
         return;
     }
     result = util_string_append(g_lcrd_errmsg, errbuf);

src/log.c

@@ -25,7 +25,6 @@
 #include <sys/stat.h>
 #include <stdarg.h>
 #include <inttypes.h>
-#include "securec.h"
 
 #include "utils.h"
 
@@ -244,11 +243,11 @@ int log_append(const struct log_event *event, const char *format, ...)
     struct timespec timestamp;
 
     va_start(args, format);
-    rc = vsnprintf_truncated_s(msg, MAX_MSG_LENGTH, format, args);
+    rc = vsnprintf(msg, MAX_MSG_LENGTH, format, args);
     va_end(args);
-    if (rc < 0 || rc >= MAX_MSG_LENGTH) {
+    if (rc < 0) {
-        rc = sprintf_s(msg, MAX_MSG_LENGTH, "%s", "Failed to truncate print error log");
+        rc = snprintf(msg, MAX_MSG_LENGTH, "%s", "Failed to truncate print error log");
-        if (rc < 0) {
+        if (rc < 0 || (size_t)rc >= MAX_MSG_LENGTH) {
             return 0;
         }
     }
@@ -307,12 +306,12 @@ void log_append_logfile(const struct log_event *event, const char *timestamp, co
         tmp_prefix = tmp_prefix + (strlen(tmp_prefix) - 15);
     }
     if (event->locinfo != NULL) {
-        nret = snprintf_truncated_s(log_buffer, sizeof(log_buffer), "%15s %s %-8s %s - %s:%s:%d - %s",
+        nret = snprintf(log_buffer, sizeof(log_buffer), "%15s %s %-8s %s - %s:%s:%d - %s",
-                                    tmp_prefix ? tmp_prefix : "", timestamp, g_log_prio_name[event->priority],
+                        tmp_prefix ? tmp_prefix : "", timestamp, g_log_prio_name[event->priority],
-                                    g_log_vmname ? g_log_vmname : "lcrd", event->locinfo->file, event->locinfo->func,
+                        g_log_vmname ? g_log_vmname : "lcrd", event->locinfo->file, event->locinfo->func,
-                                    event->locinfo->line, msg);
+                        event->locinfo->line, msg);
     } else {
-        nret = snprintf_truncated_s(log_buffer, sizeof(log_buffer), "%s %s", timestamp, msg);
+        nret = snprintf(log_buffer, sizeof(log_buffer), "%s %s", timestamp, msg);
     }
 
     if (nret < 0) {
@@ -429,14 +428,14 @@ int lcrd_unix_trans_to_utc(char *buf, size_t bufsize, const struct timespec *tim
     /* Calculate the real seconds */
     real_seconds = (((time->tv_sec - trans_to_sec) - hours_to_sec) - (real_minutes * 60));
 
-    ret = sprintf_s(ns, LCRD_NUMSTRLEN64, "%ld", time->tv_nsec);
+    ret = snprintf(ns, LCRD_NUMSTRLEN64, "%ld", time->tv_nsec);
-    if (ret < 0 || ret >= LCRD_NUMSTRLEN64) {
+    if (ret < 0 || (size_t)ret >= LCRD_NUMSTRLEN64) {
         return -1;
     }
 
     /* Create the final timestamp */
-    ret = sprintf_s(buf, bufsize, "%" PRId64 "%02" PRId64 "%02" PRId64 "%02" PRId64 "%02" PRId64 "%02" PRId64 ".%.3s",
+    ret = snprintf(buf, bufsize, "%" PRId64 "%02" PRId64 "%02" PRId64 "%02" PRId64 "%02" PRId64 "%02" PRId64 ".%.3s",
-                    real_year, real_month, real_day, real_hours, real_minutes, real_seconds, ns);
+                   real_year, real_month, real_day, real_hours, real_minutes, real_seconds, ns);
     if (ret < 0 || (size_t)ret >= bufsize) {
         return -1;
     }

src/log.h

@@ -17,6 +17,7 @@
 
 #include <syslog.h>
 #include <stdbool.h>
+#include <string.h>
 #include <sys/time.h>
 #include <time.h>
 

src/pack_config.c

@@ -1216,8 +1216,8 @@ static int parse_seccomp(const lcrc_host_config_t *srcconfig, host_config *dstco
                 ret = -1;
                 goto out;
             }
-            nret = sprintf_s(tmp_str, size, "seccomp=%s", seccomp_json);
+            nret = snprintf(tmp_str, size, "seccomp=%s", seccomp_json);
-            if (nret < 0) {
+            if (nret < 0 || (size_t)nret >= size) {
                 COMMAND_ERROR("failed to sprintf buffer!");
                 ret = -1;
                 goto out;

src/path.c

@@ -18,11 +18,12 @@
 #include <sys/param.h>
 #include <libgen.h>
 #include <sys/stat.h>
+#include <string.h>
+#include <stdlib.h>
 
 #include "log.h"
 #include "path.h"
 #include "utils.h"
-#include "securec.h"
 
 #define ISSLASH(C) ((C) == '/')
 #define IS_ABSOLUTE_FILE_NAME(F) (ISSLASH ((F)[0]))
@@ -51,7 +52,6 @@ static int do_clean_path(const char *respath, const char *limit_respath,
 {
     char *dest = *dst;
     const char *endpos = NULL;
-    errno_t ret;
 
     for (endpos = stpos; *stpos; stpos = endpos) {
         while (ISSLASH(*stpos)) {
@@ -80,11 +80,7 @@ static int do_clean_path(const char *respath, const char *limit_respath,
             return -1;
         }
 
-        ret = memcpy_s(dest, (size_t)(endpos - stpos), stpos, (size_t)(endpos - stpos));
+        (void)memcpy(dest, stpos, (size_t)(endpos - stpos));
-        if (ret != EOK) {
-            ERROR("Failed at cleanpath memcpy");
-            return -1;
-        }
         dest += endpos - stpos;
         *dest = '\0';
     }
@@ -98,7 +94,6 @@ char *cleanpath(const char *path, char *realpath, size_t realpath_len)
     char *dest = NULL;
     const char *stpos = NULL;
     const char *limit_respath = NULL;
-    errno_t ret;
 
     if (path == NULL || path[0] == '\0' || \
         realpath == NULL || (realpath_len < PATH_MAX)) {
@@ -107,11 +102,7 @@ char *cleanpath(const char *path, char *realpath, size_t realpath_len)
 
     respath = realpath;
 
-    ret = memset_s(respath, realpath_len, 0, realpath_len);
+    (void)memset(respath, 0, realpath_len);
-    if (ret != EOK) {
-        ERROR("Failed at cleanpath memset");
-        goto error;
-    }
     limit_respath = respath + PATH_MAX;
 
     if (!IS_ABSOLUTE_FILE_NAME(path)) {
@@ -125,11 +116,11 @@ char *cleanpath(const char *path, char *realpath, size_t realpath_len)
             ERROR("Failed to get the end of respath");
             goto error;
         }
-        ret = strcat_s(respath, PATH_MAX, path);
+        if (strlen(path) >= (PATH_MAX - 1) - strlen(respath)) {
-        if (ret != EOK) {
+            ERROR("%s path too long", path);
-            ERROR("Failed at cleanpath strcat");
             goto error;
         }
+        (void)strcat(respath, path);
         stpos = path;
     } else {
         dest = respath;
@@ -195,10 +186,7 @@ static int do_get_symlinks_copy_buf(const char *buf, const char *prefix, size_t
 {
     if (IS_ABSOLUTE_FILE_NAME(buf)) {
         if (prefix_len) {
-            if (memcpy_s(*rpath, PATH_MAX, prefix, prefix_len) != EOK) {
+            (void)memcpy(*rpath, prefix, prefix_len);
-                ERROR("Memory copy failed!");
-                return -1;
-            }
         }
         *dest = *rpath + prefix_len;
         *(*dest)++ = '/';
@@ -219,7 +207,6 @@ static int do_get_symlinks(const char **fullpath, const char *prefix, size_t pre
     int ret = -1;
     size_t len;
     ssize_t n;
-    errno_t rc = EOK;
     char *buf = NULL;
 
     if (++(*num_links) > MAXSYMLINKS) {
@@ -253,16 +240,8 @@ static int do_get_symlinks(const char **fullpath, const char *prefix, size_t pre
         goto out;
     }
 
-    rc = memmove_s(&(*extra_buf)[n], (size_t)(PATH_MAX - n), *end, len + 1);
+    (void)memmove(&(*extra_buf)[n], *end, len + 1);
-    if (rc != EOK) {
+    (void)memcpy(*extra_buf, buf, (size_t)n);
-        ERROR("Memory move failed!");
-        goto out;
-    }
-    rc = memcpy_s(*extra_buf, PATH_MAX, buf, (size_t)n);
-    if (rc != EOK) {
-        ERROR("Memory copy failed!");
-        goto out;
-    }
     *fullpath = *end = *extra_buf;
 
     if (do_get_symlinks_copy_buf(buf, prefix, prefix_len, rpath, dest) != 0) {
@@ -332,7 +311,6 @@ static int do_eval_symlinks_in_scope(const char *fullpath, const char *prefix,
     const char *start = NULL;
     const char *end = NULL;
     char *extra_buf = NULL;
-    errno_t rc = EOK;
 
     start = fullpath + prefix_len;
     for (end = start; *start; start = end) {
@@ -354,12 +332,7 @@ static int do_eval_symlinks_in_scope(const char *fullpath, const char *prefix,
                 goto out;
             }
 
-            rc = memcpy_s(*dest, (size_t)(end - start), start, (size_t)(end - start));
+            (void)memcpy(*dest, start, (size_t)(end - start));
-            if (rc != EOK) {
-                ERROR("Out of memory");
-                nret = -1;
-                goto out;
-            }
             *dest += end - start;
             **dest = '\0';
 
@@ -387,7 +360,6 @@ static char *eval_symlinks_in_scope(const char *fullpath, const char *rootpath)
     char *prefix = NULL;
     const char *rpath_limit = NULL;
     size_t prefix_len;
-    errno_t rc = EOK;
     char resroot[PATH_MAX] = { 0 };
 
     if (fullpath == NULL || rootpath == NULL) {
@@ -424,11 +396,7 @@ static char *eval_symlinks_in_scope(const char *fullpath, const char *rootpath)
 
     dest = rpath;
     if (prefix_len) {
-        rc = memcpy_s(rpath, PATH_MAX, prefix, prefix_len);
+        (void)memcpy(rpath, prefix, prefix_len);
-        if (rc != EOK) {
-            ERROR("Out of memory");
-            goto out;
-        }
         dest += prefix_len;
     }
     *dest++ = '/';
@@ -515,8 +483,8 @@ char *preserve_trailing_dot_or_separator(const char *cleanedpath, const char *or
         return NULL;
     }
 
-    nret = sprintf_s(respath, PATH_MAX, "%s", cleanedpath);
+    nret = snprintf(respath, PATH_MAX, "%s", cleanedpath);
-    if (nret < 0) {
+    if (nret < 0 || (size_t)nret >= PATH_MAX) {
         ERROR("Failed to print string");
         return NULL;
     }
@@ -598,8 +566,8 @@ char *get_resource_path(const char *rootpath, const char *path)
     char tmppath[PATH_MAX] = { 0 };
     char fullpath[PATH_MAX] = { 0 };
 
-    nret = sprintf_s(tmppath, sizeof(tmppath), "/%s/%s", rootpath, path);
+    nret = snprintf(tmppath, sizeof(tmppath), "/%s/%s", rootpath, path);
-    if (nret < 0) {
+    if (nret < 0 || (size_t)nret >= sizeof(tmppath)) {
         return NULL;
     }
 
@@ -624,8 +592,8 @@ int resolve_path(const char *rootpath, const char *path, char **resolvedpath, ch
     *resolvedpath = NULL;
     *abspath = NULL;
 
-    nret = sprintf_s(tmppath, sizeof(tmppath), "/%s", path);
+    nret = snprintf(tmppath, sizeof(tmppath), "/%s", path);
-    if (nret < 0) {
+    if (nret < 0 || (size_t)nret >= sizeof(tmppath)) {
         ERROR("Failed to print string");
         return -1;
     }
@@ -658,8 +626,8 @@ int resolve_path(const char *rootpath, const char *path, char **resolvedpath, ch
         ERROR("Out of memory");
         goto cleanup;
     }
-    nret = sprintf_s(*resolvedpath, len, "%s/%s", resolved_dir_path, basepath);
+    nret = snprintf(*resolvedpath, len, "%s/%s", resolved_dir_path, basepath);
-    if (nret < 0) {
+    if (nret < 0 || (size_t)nret >= len) {
         ERROR("Failed to print string");
         goto cleanup;
     }
@@ -759,7 +727,8 @@ int realpath_in_scope(const char *rootfs, const char *path, char **real_path)
     char cleaned[PATH_MAX] = { 0 };
     char *tmp = NULL;
 
-    if (sprintf_s(full_path, sizeof(full_path), "%s%s", rootfs, path) < 0) {
+    int nret = snprintf(full_path, sizeof(full_path), "%s%s", rootfs, path);
+    if (nret < 0 || (size_t)nret >= sizeof(full_path)) {
         ERROR("sprintf error: %s", strerror(errno));
         ret = -1;
         goto out;

src/plugin/plugin.c

@@ -303,8 +303,8 @@ static int get_plugin_dir(char *plugin_dir)
         return -1;
     }
 
-    ret = sprintf_s(plugin_dir, PATH_MAX, "%s/plugins", statedir);
+    ret = snprintf(plugin_dir, PATH_MAX, "%s/plugins", statedir);
-    if (ret < 0) {
+    if (ret < 0 || (size_t)ret >= PATH_MAX) {
         goto failed;
     }
 
@@ -365,14 +365,11 @@ static int get_plugin_addr_and_name(char *plugin_addr, char *plugin_name, const
         ERROR("not plugin filename %s", filename);
         goto out;
     }
-    nret = strcpy_s(plugin_name, PATH_MAX, filename);
+    (void)strcpy(plugin_name, filename);
-    if (nret < 0) {
+
-        ERROR("get plugin name failed %s", filename);
-        goto out;
-    }
     plugin_name[str_length - PLUGIN_SOCKET_FILE_SUFFIX_LEN] = 0;
-    nret = sprintf_s(plugin_addr, PATH_MAX, "%s/%s", plugin_dir, filename);
+    nret = snprintf(plugin_addr, PATH_MAX, "%s/%s", plugin_dir, filename);
-    if (nret < 0) {
+    if (nret < 0 || nret >= PATH_MAX) {
         ERROR("get plugin addr failed %s", filename);
         goto out;
     }
@@ -574,8 +571,8 @@ static int reload_plugin(const char *name)
         return -1;
     }
 
-    ret = sprintf_s(filename, PATH_MAX, "%s.sock", name);
+    ret = snprintf(filename, PATH_MAX, "%s.sock", name);
-    if (ret < 0) {
+    if (ret < 0 || ret >= PATH_MAX) {
         ERROR("get plugin addr failed %s", filename);
         return -1;
     }
@@ -904,8 +901,8 @@ int pm_activate_plugin(plugin_t *plugin)
     }
 
     body_len = strlen(body) + 1;
-    ret = sprintf_s(socket, PATH_MAX, "unix://%s", plugin->addr);
+    ret = snprintf(socket, PATH_MAX, "unix://%s", plugin->addr);
-    if (ret < 0) {
+    if (ret < 0 || ret >= PATH_MAX) {
         ERROR("get plugin socket failed");
         ret = -1;
         goto out;
@@ -1130,8 +1127,8 @@ static int pm_init_plugin(const plugin_t *plugin)
     }
 
     body_len = strlen(body) + 1;
-    ret = sprintf_s(socket, PATH_MAX, "unix://%s", plugin->addr);
+    ret = snprintf(socket, PATH_MAX, "unix://%s", plugin->addr);
-    if (ret < 0) {
+    if (ret < 0 || ret >= PATH_MAX) {
         ERROR("get plugin socket failed %s", plugin->addr);
         ret = -1;
         goto out;
@@ -1470,8 +1467,8 @@ static int plugin_event_pre_create_handle(const plugin_t *plugin, const char *ci
     }
 
     body_len = strlen(body) + 1;
-    ret = sprintf_s(socket, sizeof(socket), "unix://%s", plugin->addr);
+    ret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr);
-    if (ret < 0) {
+    if (ret < 0 || (size_t)ret >= sizeof(socket)) {
         ERROR("get plugin socket failed %s", plugin->addr);
         ret = -1;
         goto out;
@@ -1642,8 +1639,8 @@ static int plugin_event_pre_start_handle(const plugin_t *plugin, const char *cid
     }
 
     body_len = strlen(body) + 1;
-    ret = sprintf_s(socket, sizeof(socket), "unix://%s", plugin->addr);
+    ret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr);
-    if (ret < 0) {
+    if (ret < 0 || (size_t)ret >= sizeof(socket)) {
         ERROR("get plugin socket failed %s", plugin->addr);
         ret = -1;
         goto out;
@@ -1741,8 +1738,8 @@ static int plugin_event_post_stop_handle(const plugin_t *plugin, const char *cid
     }
 
     body_len = strlen(body) + 1;
-    ret = sprintf_s(socket, sizeof(socket), "unix://%s", plugin->addr);
+    ret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr);
-    if (ret < 0) {
+    if (ret < 0 || (size_t)ret >= sizeof(socket)) {
         ERROR("get plugin socket failed %s", plugin->addr);
         ret = -1;
         goto out;
@@ -1839,8 +1836,8 @@ static int plugin_event_post_remove_handle(const plugin_t *plugin, const char *c
     }
 
     body_len = strlen(body) + 1;
-    ret = sprintf_s(socket, sizeof(socket), "unix://%s", plugin->addr);
+    ret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr);
-    if (ret < 0) {
+    if (ret < 0 || (size_t)ret >= sizeof(socket)) {
         ERROR("get plugin socket failed %s", plugin->addr);
         ret = -1;
         goto out;