From 149d2789db76fd9831b5571696c04048ff568f28 Mon Sep 17 00:00:00 2001
From: saturneric <eric@bktus.com>
Date: Fri, 3 May 2024 21:08:04 +0200
Subject: [PATCH] fix: solve safe issues

---
 src/core/module/Event.cpp                             | 4 ++--
 src/core/module/Module.cpp                            | 4 ++--
 src/core/utils/IOUtils.cpp                            | 2 +-
 src/module/mods/gpg_info/GnuPGInfoGatheringModule.cpp | 2 +-
 src/module/sdk/GFSDKBasic.cpp                         | 1 +
 src/module/sdk/GFSDKBasic.h                           | 5 ++++-
 src/module/sdk/GFSDKModule.h                          | 2 +-
 src/ui/GpgFrontendUIInit.cpp                          | 4 ++--
 8 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/src/core/module/Event.cpp b/src/core/module/Event.cpp
index 0285ae6c..4b0b989b 100644
--- a/src/core/module/Event.cpp
+++ b/src/core/module/Event.cpp
@@ -106,7 +106,7 @@ class Event::Impl {
         static_cast<GFModuleEvent*>(SecureMalloc(sizeof(GFModuleEvent)));
 
     event->id = GFStrDup(event_identifier_);
-    event->triggger_id = GFStrDup(trigger_uuid_);
+    event->trigger_id = GFStrDup(trigger_uuid_);
 
     GFModuleEventParam* l_param = nullptr;
     GFModuleEventParam* p_param;
@@ -121,7 +121,7 @@ class Event::Impl {
       p_param->value = GFStrDup(data.second);
       p_param->next = nullptr;
 
-      l_param->next = p_param;
+      if (l_param != nullptr) l_param->next = p_param;
       l_param = p_param;
     }
 
diff --git a/src/core/module/Module.cpp b/src/core/module/Module.cpp
index 7011f2f5..9c875fce 100644
--- a/src/core/module/Module.cpp
+++ b/src/core/module/Module.cpp
@@ -121,15 +121,15 @@ class Module::Impl {
     }
 
     GF_CORE_LOG_INFO(
-        "module loaded, id: {}, verison: {}, "
+        "module loaded, id: {}, version: {}, "
         "sdk version: {}, qt env version: {}, hash: {}, path: {}",
         identifier_, version_, gf_sdk_ver_, qt_env_ver_, module_hash_,
         module_library_path_);
 
     ::GFModuleMetaData* p_meta_data = get_metadata_api_();
-    ::GFModuleMetaData* l_meta_data;
 
     while (p_meta_data != nullptr) {
+      ::GFModuleMetaData* l_meta_data;
       meta_data_[QString::fromUtf8(p_meta_data->key)] =
           QString::fromUtf8(p_meta_data->value);
       l_meta_data = p_meta_data;
diff --git a/src/core/utils/IOUtils.cpp b/src/core/utils/IOUtils.cpp
index 79b879f9..0be11755 100644
--- a/src/core/utils/IOUtils.cpp
+++ b/src/core/utils/IOUtils.cpp
@@ -202,7 +202,7 @@ auto CalculateBinaryChacksum(const QString& path) -> QString {
   // read data by chunks
   const qint64 buffer_size = 8192;  // Define a suitable buffer size
   while (!f.atEnd()) {
-    QByteArray buffer = f.read(buffer_size);
+    QByteArray const buffer = f.read(buffer_size);
     if (buffer.isEmpty()) {
       GF_CORE_LOG_ERROR("error reading file {} during checksum calculation",
                         path.toStdString());
diff --git a/src/module/mods/gpg_info/GnuPGInfoGatheringModule.cpp b/src/module/mods/gpg_info/GnuPGInfoGatheringModule.cpp
index 3965c661..949f7287 100644
--- a/src/module/mods/gpg_info/GnuPGInfoGatheringModule.cpp
+++ b/src/module/mods/gpg_info/GnuPGInfoGatheringModule.cpp
@@ -262,7 +262,7 @@ auto CalculateBinaryChacksum(const QString &path) -> std::optional<QString> {
   // read data by chunks
   const qint64 buffer_size = 8192;  // Define a suitable buffer size
   while (!f.atEnd()) {
-    QByteArray buffer = f.read(buffer_size);
+    QByteArray const buffer = f.read(buffer_size);
     if (buffer.isEmpty()) {
       GFModuleLogError(
           fmt::format("error reading file {} during checksum calculation",
diff --git a/src/module/sdk/GFSDKBasic.cpp b/src/module/sdk/GFSDKBasic.cpp
index ac0b74d2..e982d165 100644
--- a/src/module/sdk/GFSDKBasic.cpp
+++ b/src/module/sdk/GFSDKBasic.cpp
@@ -90,6 +90,7 @@ void GFExecuteCommandBatchSync(int32_t context_size,
 
 auto GPGFRONTEND_MODULE_SDK_EXPORT GFModuleStrDup(const char* src) -> char* {
   auto len = strlen(src);
+  if (len > kGfStrlenMax) return nullptr;
 
   char* dst = static_cast<char*>(GFAllocateMemory((len + 1) * sizeof(char)));
   memcpy(dst, src, len);
diff --git a/src/module/sdk/GFSDKBasic.h b/src/module/sdk/GFSDKBasic.h
index ad6302d0..07ff6ed7 100644
--- a/src/module/sdk/GFSDKBasic.h
+++ b/src/module/sdk/GFSDKBasic.h
@@ -28,12 +28,15 @@
 
 #pragma once
 
-#include <stdint.h>
+#include <cstddef>
+#include <cstdint>
 
 #include "GFSDKExport.h"
 
 extern "C" {
 
+constexpr int32_t kGfStrlenMax = static_cast<const int32_t>(1024 * 8);
+
 using GFCommandExeucteCallback = void (*)(void* data, int errcode,
                                           const char* out, const char* err);
 
diff --git a/src/module/sdk/GFSDKModule.h b/src/module/sdk/GFSDKModule.h
index 4df07762..67c1f492 100644
--- a/src/module/sdk/GFSDKModule.h
+++ b/src/module/sdk/GFSDKModule.h
@@ -48,7 +48,7 @@ struct GFModuleEventParam {
 
 struct GFModuleEvent {
   const char *id;
-  const char *triggger_id;
+  const char *trigger_id;
   GFModuleEventParam *params;
 };
 
diff --git a/src/ui/GpgFrontendUIInit.cpp b/src/ui/GpgFrontendUIInit.cpp
index 7b18e78c..046c25d7 100644
--- a/src/ui/GpgFrontendUIInit.cpp
+++ b/src/ui/GpgFrontendUIInit.cpp
@@ -77,14 +77,14 @@ void WaitEnvCheckingProcess() {
                         &QEventLoop::quit);
 
   QApplication::connect(waiting_dialog, &QProgressDialog::canceled, [=]() {
-    GF_UI_LOG_DEBUG("cancel clicked on wairing dialog");
+    GF_UI_LOG_DEBUG("cancel clicked on waiting dialog");
     QApplication::quit();
     exit(0);
   });
 
   auto env_state =
       Module::RetrieveRTValueTypedOrDefault<>("core", "env.state.basic", 0);
-  GF_UI_LOG_DEBUG("ui is ready to wating for env initialized, env_state: {}",
+  GF_UI_LOG_DEBUG("ui is ready to waiting for env initialized, env_state: {}",
                   env_state);
 
   // check twice to avoid some unlucky sitations