Replace functions with secured version for OSX compliance (#7586)

* replace strlen with strnlen * replace vsnprintf with vsnprintf_l * add macro * switch to std numeric::limits * apply uint16 max * fix build err * fix mac build * define MAX_STR_LEN * define MAX_STR_LEN * fix typo * trim empty lines * apply constexpr * fix typo * add namespace * fix build err * rename global constant Co-authored-by: Randy <Randy@randysmac.attlocal.net> Co-authored-by: Randy Shuai <rashuai@microsoft.com> Co-authored-by: Randy <Randy@randysmac.local>
2026-06-01 23:30:35 +00:00 · 2021-07-08 11:02:36 -07:00 · 2021-07-08 11:02:36 -07:00 · f40df30219
commit f40df30219
parent 6dbfb8db0e
9 changed files with 18 additions and 10 deletions
--- a/include/onnxruntime/core/common/common.h
+++ b/include/onnxruntime/core/common/common.h
@ -289,4 +289,6 @@ inline std::string ToWideString(const std::string& s) { return s; }
 #define ORT_IF_CONSTEXPR if
 #endif

+constexpr size_t kMaxStrLen = 2048;
+
 }  // namespace onnxruntime
--- a/onnxruntime/core/codegen/common/utils.cc
+++ b/onnxruntime/core/codegen/common/utils.cc
@ -31,7 +31,7 @@ std::unique_ptr<char[]> GetEnv(const char* var) {
  // to its caller and make distinguish between windows and linux, we return
  // a unique_ptr, and it will be destroyed automatically after the caller
  // completes.
-  size_t len_val = strlen(val) + 1;
+  size_t len_val = strnlen(val, onnxruntime::kMaxStrLen) + 1;
  auto p = std::make_unique<char[]>(len_val);
  // use explicit loop to get ride of VC's warning on unsafe copy
  for (size_t i = 0; i < len_val; ++i) {
--- a/onnxruntime/core/common/logging/capture.cc
+++ b/onnxruntime/core/common/logging/capture.cc
@ -36,8 +36,12 @@ void Capture::ProcessPrintf(msvc_printf_check const char* format, va_list args)
    error = errno != 0;
    truncated = !error;
  }
+#else
+#ifdef __APPLE__
+  const int nbrcharacters = vsnprintf_l(message.data(), message.size(), nullptr, format, args);
 #else
  const int nbrcharacters = vsnprintf(message.data(), message.size(), format, args);
+#endif
  error = nbrcharacters < 0;
  truncated = (nbrcharacters >= 0 && static_cast<gsl::index>(nbrcharacters) > message.size());
 #endif
--- a/onnxruntime/core/framework/error_code.cc
+++ b/onnxruntime/core/framework/error_code.cc
@ -23,7 +23,7 @@ struct OrtStatus {
 _Check_return_ _Ret_notnull_ OrtStatus* ORT_API_CALL OrtApis::CreateStatus(OrtErrorCode code,
                                                                           _In_z_ const char* msg) NO_EXCEPTION {
  assert(!(code == 0 && msg != nullptr));
-  SafeInt<size_t> clen(nullptr == msg ? 0 : strlen(msg));
+  SafeInt<size_t> clen(nullptr == msg ? 0 : strnlen(msg, onnxruntime::kMaxStrLen));
  OrtStatus* p = reinterpret_cast<OrtStatus*>(::malloc(sizeof(OrtStatus) + clen));
  if (p == nullptr) return nullptr;  // OOM. What we can do here? abort()?
  p->code = code;
--- a/onnxruntime/core/providers/coreml/builders/helper.cc
+++ b/onnxruntime/core/providers/coreml/builders/helper.cc
@ -120,7 +120,7 @@ bool HasNeuralEngine(const logging::Logger& logger) {
  // A12: iPhone XS (11,2), iPad Mini - 5th Gen (11,1)
  // A12X: iPad Pro - 3rd Gen (8,1)
  // For more information, see https://www.theiphonewiki.com/wiki/Models
-  size_t str_len = strlen(system_info.machine);
+  size_t str_len = strnlen(system_info.machine, onnxruntime::kMaxStrLen);
  if (str_len > 4 && strncmp("iPad", system_info.machine, 4) == 0) {
    const int major_version = atoi(system_info.machine + 4);
    has_neural_engine = major_version >= 8;  // There are no device between iPad 8 and 11.
@ -143,4 +143,5 @@ bool HasNeuralEngine(const logging::Logger& logger) {
 }

 }  // namespace coreml
-}  // namespace onnxruntime
+}  // namespace onnxruntime
+
--- a/onnxruntime/test/common/utf8_util_test.cc
+++ b/onnxruntime/test/common/utf8_util_test.cc
@ -31,7 +31,7 @@ TEST(Utf8UtilTest, Validate) {
  using namespace utf8_util;
  for (auto& s : samples) {
    size_t utf8_len = 0;
-    if (s.valid != utf8_validate(reinterpret_cast<const unsigned char*>(s.sequence), strlen(s.sequence), utf8_len)) {
+    if (s.valid != utf8_validate(reinterpret_cast<const unsigned char*>(s.sequence), strnlen(s.sequence, onnxruntime::kMaxStrLen), utf8_len)) {
      ASSERT_TRUE(false);
    } else {
      if (s.valid) {
--- a/onnxruntime/test/fuzzing/src/testlog.cpp
+++ b/onnxruntime/test/fuzzing/src/testlog.cpp
@ -145,7 +145,7 @@ namespace Logger
    {
        std::mbstate_t ps;
        size_t retVal;
-        size_t length_str = std::strlen(pStr);
+        size_t length_str = std::strnlen(pStr, onnxruntime::kMaxStrLen);
        mbsrtowcs_s(&retVal, nullptr, 0, &pStr, length_str, &ps );
        retVal += 1;
        auto ptr = std::make_unique<wchar_t[]>(retVal);
@ -158,4 +158,4 @@ namespace Logger
        mbsrtowcs_s(&retVal, ptr.get(), retVal, &pStr, length_str, &ps );
        return std::wstring{ptr.get()};
    }
-}
+}
--- a/onnxruntime/test/shared_lib/test_inference.cc
+++ b/onnxruntime/test/shared_lib/test_inference.cc
@ -1051,7 +1051,7 @@ TEST(CApiTest, get_string_tensor_element) {
  tensor.FillStringTensor(s, expected_len);

  auto expected_string = s[element_index];
-  size_t expected_string_len = strlen(expected_string);
+  size_t expected_string_len = strnlen(expected_string, onnxruntime::kMaxStrLen);

  std::string result(expected_string_len, '\0');
  tensor.GetStringTensorElement(expected_string_len, element_index, (void*)result.data());
@ -1649,4 +1649,4 @@ TEST(CApiTest, TestConfigureTensorRTProviderOptions) {
  struct stat buffer;
  ASSERT_TRUE(stat(engine_cache_path, &buffer) == 0);
 }
-#endif
+#endif
--- a/onnxruntime/test/xctest/orttestmain.m
+++ b/onnxruntime/test/xctest/orttestmain.m
@ -2,9 +2,10 @@
 // Licensed under the MIT License.

 #import <UIKit/UIKit.h>
+static const size_t kMaxStrLen = 2048;

 static void set_test_rootdir(const char* image_path){
-    size_t n = strlen(image_path);
+    size_t n = strnlen(image_path, kMaxStrLen);
    for (; n >=0; n--) {
        if (image_path[n] == '/') {
            break;