From nobody Thu Apr 25 22:42:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 15238775889981017.944487802132; Mon, 16 Apr 2018 04:19:48 -0700 (PDT) Received: from localhost ([::1]:37880 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f82Al-0003E6-MK for importer@patchew.org; Mon, 16 Apr 2018 07:19:47 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50740) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f828y-0002Gg-Cq for qemu-devel@nongnu.org; Mon, 16 Apr 2018 07:17:57 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1f828v-00042F-G0 for qemu-devel@nongnu.org; Mon, 16 Apr 2018 07:17:56 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:34858 helo=mx1.redhat.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1f828v-00041F-BJ for qemu-devel@nongnu.org; Mon, 16 Apr 2018 07:17:53 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id F157DE44B5; Mon, 16 Apr 2018 11:17:52 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.42.22.189]) by smtp.corp.redhat.com (Postfix) with ESMTP id CF91F2023227; Mon, 16 Apr 2018 11:17:51 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Mon, 16 Apr 2018 12:17:41 +0100 Message-Id: <20180416111743.8473-2-berrange@redhat.com> In-Reply-To: <20180416111743.8473-1-berrange@redhat.com> References: <20180416111743.8473-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Mon, 16 Apr 2018 11:17:53 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Mon, 16 Apr 2018 11:17:53 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'berrange@redhat.com' RCPT:'' Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 66.187.233.73 Subject: [Qemu-devel] [PATCH 1/3] accel: use g_strsplit for parsing accelerator names X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Habkost , "Michael S. Tsirkin" , Markus Armbruster , Marcel Apfelbaum , Paolo Bonzini , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Instead of re-using the get_opt_name() method from QemuOpts to split a string on ':', just use g_strsplit(). Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- accel/accel.c | 16 +++++++--------- include/qemu/option.h | 1 - util/qemu-option.c | 3 ++- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/accel/accel.c b/accel/accel.c index 93e2434c87..4981e7fff3 100644 --- a/accel/accel.c +++ b/accel/accel.c @@ -70,8 +70,8 @@ static int accel_init_machine(AccelClass *acc, MachineSta= te *ms) =20 void configure_accelerator(MachineState *ms) { - const char *accel, *p; - char buf[10]; + const char *accel; + char **accel_list, **tmp; int ret; bool accel_initialised =3D false; bool init_failed =3D false; @@ -83,13 +83,10 @@ void configure_accelerator(MachineState *ms) accel =3D "tcg"; } =20 - p =3D accel; - while (!accel_initialised && *p !=3D '\0') { - if (*p =3D=3D ':') { - p++; - } - p =3D get_opt_name(buf, sizeof(buf), p, ':'); - acc =3D accel_find(buf); + accel_list =3D g_strsplit(accel, ":", 0); + + for (tmp =3D accel_list; !accel_initialised && tmp && *tmp; tmp++) { + acc =3D accel_find(*tmp); if (!acc) { continue; } @@ -107,6 +104,7 @@ void configure_accelerator(MachineState *ms) accel_initialised =3D true; } } + g_strfreev(accel_list); =20 if (!accel_initialised) { if (!init_failed) { diff --git a/include/qemu/option.h b/include/qemu/option.h index 306fdb5f7a..1cfe5cbc2d 100644 --- a/include/qemu/option.h +++ b/include/qemu/option.h @@ -28,7 +28,6 @@ =20 #include "qemu/queue.h" =20 -const char *get_opt_name(char *buf, int buf_size, const char *p, char deli= m); const char *get_opt_value(char *buf, int buf_size, const char *p); =20 void parse_option_size(const char *name, const char *value, diff --git a/util/qemu-option.c b/util/qemu-option.c index d0756fda58..baca40fb94 100644 --- a/util/qemu-option.c +++ b/util/qemu-option.c @@ -49,7 +49,8 @@ * The return value is the position of the delimiter/zero byte after the o= ption * name in p. */ -const char *get_opt_name(char *buf, int buf_size, const char *p, char deli= m) +static const char *get_opt_name(char *buf, int buf_size, const char *p, + char delim) { char *q; =20 --=20 2.14.3 From nobody Thu Apr 25 22:42:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1523877600786923.7611484076482; Mon, 16 Apr 2018 04:20:00 -0700 (PDT) Received: from localhost ([::1]:37881 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f82At-0003He-8d for importer@patchew.org; Mon, 16 Apr 2018 07:19:55 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50743) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f828y-0002Gi-EK for qemu-devel@nongnu.org; Mon, 16 Apr 2018 07:17:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1f828w-00045H-Q5 for qemu-devel@nongnu.org; Mon, 16 Apr 2018 07:17:56 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:34860 helo=mx1.redhat.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1f828w-00044U-KF for qemu-devel@nongnu.org; Mon, 16 Apr 2018 07:17:54 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 41FD5EB6F6; Mon, 16 Apr 2018 11:17:54 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.42.22.189]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2D9142023227; Mon, 16 Apr 2018 11:17:53 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Mon, 16 Apr 2018 12:17:42 +0100 Message-Id: <20180416111743.8473-3-berrange@redhat.com> In-Reply-To: <20180416111743.8473-1-berrange@redhat.com> References: <20180416111743.8473-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Mon, 16 Apr 2018 11:17:54 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Mon, 16 Apr 2018 11:17:54 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'berrange@redhat.com' RCPT:'' Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 66.187.233.73 Subject: [Qemu-devel] [PATCH 2/3] opts: don't silently truncate long parameter keys X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Habkost , "Michael S. Tsirkin" , Markus Armbruster , Marcel Apfelbaum , Paolo Bonzini , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The existing QemuOpts parsing code uses a fixed size 128 byte buffer for storing the parameter keys. If a key exceeded this size it was silently truncate and no error reported to the user. This behaviour was reasonable & harmless because traditionally the key names are all statically declared, and it was known that no code was declaring a key longer than 127 bytes. This assumption, however, ceased to be valid once the block layer added support for dot-separate compound keys. This syntax allows for keys that can be arbitrarily long, limited only by the number of block drivers you can stack up. With this usage, silently truncating the key name can never lead to correct behaviour. Hopefully such truncation would turn into an error, when the block code then tried to extract options later, but there's no guarantee that will happen. It is conceivable that an option specified by the user may be truncated and then ignored. This could have serious consequences, possibly even leading to security problems if the ignored option set a security relevant parameter. If the operating system didn't limit the user's argv when spawning QEMU, the code should honour whatever length arguments were given without imposing its own length restrictions. This patch thus changes the code to use a heap allocated buffer for storing the keys during parsing, lifting the arbitrary length restriction. Signed-off-by: Daniel P. Berrang=C3=A9 --- tests/test-qemu-opts.c | 18 ------------------ util/qemu-option.c | 44 ++++++++++++++++++++++---------------------- 2 files changed, 22 insertions(+), 40 deletions(-) diff --git a/tests/test-qemu-opts.c b/tests/test-qemu-opts.c index 2c422abcd4..4508f95a9b 100644 --- a/tests/test-qemu-opts.c +++ b/tests/test-qemu-opts.c @@ -459,8 +459,6 @@ static void test_opts_parse(void) { Error *err =3D NULL; QemuOpts *opts; - char long_key[129]; - char *params; =20 /* Nothing */ opts =3D qemu_opts_parse(&opts_list_03, "", false, &error_abort); @@ -471,22 +469,6 @@ static void test_opts_parse(void) g_assert_cmpuint(opts_count(opts), =3D=3D, 1); g_assert_cmpstr(qemu_opt_get(opts, ""), =3D=3D, "val"); =20 - /* Long key */ - memset(long_key, 'a', 127); - long_key[127] =3D 'z'; - long_key[128] =3D 0; - params =3D g_strdup_printf("%s=3Dv", long_key); - opts =3D qemu_opts_parse(&opts_list_03, params + 1, NULL, &error_abort= ); - g_assert_cmpuint(opts_count(opts), =3D=3D, 1); - g_assert_cmpstr(qemu_opt_get(opts, long_key + 1), =3D=3D, "v"); - - /* Overlong key gets truncated */ - opts =3D qemu_opts_parse(&opts_list_03, params, NULL, &error_abort); - g_assert(opts_count(opts) =3D=3D 1); - long_key[127] =3D 0; - g_assert_cmpstr(qemu_opt_get(opts, long_key), =3D=3D, "v"); - g_free(params); - /* Multiple keys, last one wins */ opts =3D qemu_opts_parse(&opts_list_03, "a=3D1,b=3D2,,x,a=3D3", false, &error_abort); diff --git a/util/qemu-option.c b/util/qemu-option.c index baca40fb94..fa1a9f17fc 100644 --- a/util/qemu-option.c +++ b/util/qemu-option.c @@ -43,27 +43,23 @@ * first byte of the option name) * * The option name is delimited by delim (usually , or =3D) or the string = end - * and is copied into buf. If the option name is longer than buf_size, it = is - * truncated. buf is always zero terminated. + * and is copied into option. The caller is responsible for free'ing option + * when no longer required. * * The return value is the position of the delimiter/zero byte after the o= ption * name in p. */ -static const char *get_opt_name(char *buf, int buf_size, const char *p, - char delim) +static const char *get_opt_name(const char *p, char **option, char delim) { - char *q; + char *offset =3D strchr(p, delim); =20 - q =3D buf; - while (*p !=3D '\0' && *p !=3D delim) { - if (q && (q - buf) < buf_size - 1) - *q++ =3D *p; - p++; + if (offset) { + *option =3D g_strndup(p, offset - p); + return offset; + } else { + *option =3D g_strdup(p); + return p + strlen(p); } - if (q) - *q =3D '\0'; - - return p; } =20 /* @@ -758,7 +754,8 @@ void qemu_opts_print(QemuOpts *opts, const char *separa= tor) static void opts_do_parse(QemuOpts *opts, const char *params, const char *firstname, bool prepend, Error **err= p) { - char option[128], value[1024]; + char *option =3D NULL; + char value[1024]; const char *p,*pe,*pc; Error *local_err =3D NULL; =20 @@ -769,11 +766,11 @@ static void opts_do_parse(QemuOpts *opts, const char = *params, /* found "foo,more" */ if (p =3D=3D params && firstname) { /* implicitly named first option */ - pstrcpy(option, sizeof(option), firstname); + option =3D g_strdup(firstname); p =3D get_opt_value(value, sizeof(value), p); } else { /* option without value, probably a flag */ - p =3D get_opt_name(option, sizeof(option), p, ','); + p =3D get_opt_name(p, &option, ','); if (strncmp(option, "no", 2) =3D=3D 0) { memmove(option, option+2, strlen(option+2)+1); pstrcpy(value, sizeof(value), "off"); @@ -783,10 +780,8 @@ static void opts_do_parse(QemuOpts *opts, const char *= params, } } else { /* found "foo=3Dbar,more" */ - p =3D get_opt_name(option, sizeof(option), p, '=3D'); - if (*p !=3D '=3D') { - break; - } + p =3D get_opt_name(p, &option, '=3D'); + assert(*p =3D=3D '=3D'); p++; p =3D get_opt_value(value, sizeof(value), p); } @@ -795,13 +790,18 @@ static void opts_do_parse(QemuOpts *opts, const char = *params, opt_set(opts, option, value, prepend, &local_err); if (local_err) { error_propagate(errp, local_err); - return; + goto cleanup; } } if (*p !=3D ',') { break; } + g_free(option); + option =3D NULL; } + + cleanup: + g_free(option); } =20 /** --=20 2.14.3 From nobody Thu Apr 25 22:42:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1523877766982319.7729290180325; Mon, 16 Apr 2018 04:22:46 -0700 (PDT) Received: from localhost ([::1]:37990 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f82De-0005UY-4N for importer@patchew.org; Mon, 16 Apr 2018 07:22:46 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50778) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f8290-0002HP-K0 for qemu-devel@nongnu.org; Mon, 16 Apr 2018 07:18:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1f828y-00047g-Kh for qemu-devel@nongnu.org; Mon, 16 Apr 2018 07:17:58 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:49800 helo=mx1.redhat.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1f828y-00046s-BR for qemu-devel@nongnu.org; Mon, 16 Apr 2018 07:17:56 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id F3BF340704B6; Mon, 16 Apr 2018 11:17:55 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.42.22.189]) by smtp.corp.redhat.com (Postfix) with ESMTP id 885622023587; Mon, 16 Apr 2018 11:17:54 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Mon, 16 Apr 2018 12:17:43 +0100 Message-Id: <20180416111743.8473-4-berrange@redhat.com> In-Reply-To: <20180416111743.8473-1-berrange@redhat.com> References: <20180416111743.8473-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Mon, 16 Apr 2018 11:17:56 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Mon, 16 Apr 2018 11:17:56 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'berrange@redhat.com' RCPT:'' Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 66.187.233.73 Subject: [Qemu-devel] [PATCH 3/3] opts: don't silently truncate long option values X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Habkost , "Michael S. Tsirkin" , Markus Armbruster , Marcel Apfelbaum , Paolo Bonzini , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The existing QemuOpts parsing code uses a fixed size 1024 byte buffer for storing the option values. If a value exceeded this size it was silently truncated and no error reported to the user. Long option values is not a common scenario, but it is conceivable that they will happen. eg if the user has a very deeply nested filesystem it would be possible to come up with a disk path that was > 1024 bytes. Most of the time if such data was silently truncated, the user would get an error about opening a non-existant disk. If they're unlucky though, QEMU might use a completely different disk image from another VM, which could be considered a security issue. Another example program was in using the -smbios command line arg with very large data blobs. In this case the silent truncation will be providing semantically incorrect data to the guest OS for SMBIOS tables. If the operating system didn't limit the user's argv when spawning QEMU, the code should honour whatever length arguments were given without imposing its own length restrictions. This patch thus changes the code to use a heap allocated buffer for storing the values during parsing, lifting the arbitrary length restriction. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/i386/multiboot.c | 33 +++++++++------ include/qemu/option.h | 2 +- util/qemu-option.c | 111 +++++++++++++++++++++++++++-------------------= ---- 3 files changed, 81 insertions(+), 65 deletions(-) diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c index 5bc0a2cddb..7a2953e26f 100644 --- a/hw/i386/multiboot.c +++ b/hw/i386/multiboot.c @@ -291,12 +291,16 @@ int load_multiboot(FWCfgState *fw_cfg, cmdline_len =3D strlen(kernel_filename) + 1; cmdline_len +=3D strlen(kernel_cmdline) + 1; if (initrd_filename) { - const char *r =3D initrd_filename; + const char *r =3D get_opt_value(initrd_filename, NULL); cmdline_len +=3D strlen(r) + 1; mbs.mb_mods_avail =3D 1; - while (*(r =3D get_opt_value(NULL, 0, r))) { - mbs.mb_mods_avail++; - r++; + while (1) { + mbs.mb_mods_avail++; + r =3D get_opt_value(r, NULL); + if (!*r) { + break; + } + r++; } } =20 @@ -313,7 +317,8 @@ int load_multiboot(FWCfgState *fw_cfg, =20 if (initrd_filename) { const char *next_initrd; - char not_last, tmpbuf[strlen(initrd_filename) + 1]; + char not_last; + char *one_file =3D NULL; =20 mbs.offset_mods =3D mbs.mb_buf_size; =20 @@ -322,24 +327,26 @@ int load_multiboot(FWCfgState *fw_cfg, int mb_mod_length; uint32_t offs =3D mbs.mb_buf_size; =20 - next_initrd =3D get_opt_value(tmpbuf, sizeof(tmpbuf), initrd_f= ilename); + next_initrd =3D get_opt_value(initrd_filename, &one_file); not_last =3D *next_initrd; /* if a space comes after the module filename, treat everything after that as parameters */ - hwaddr c =3D mb_add_cmdline(&mbs, tmpbuf); - if ((next_space =3D strchr(tmpbuf, ' '))) + hwaddr c =3D mb_add_cmdline(&mbs, one_file); + next_space =3D strchr(one_file, ' '); + if (next_space) { *next_space =3D '\0'; - mb_debug("multiboot loading module: %s", tmpbuf); - mb_mod_length =3D get_image_size(tmpbuf); + } + mb_debug("multiboot loading module: %s", one_file); + mb_mod_length =3D get_image_size(one_file); if (mb_mod_length < 0) { - error_report("Failed to open file '%s'", tmpbuf); + error_report("Failed to open file '%s'", one_file); exit(1); } =20 mbs.mb_buf_size =3D TARGET_PAGE_ALIGN(mb_mod_length + mbs.mb_b= uf_size); mbs.mb_buf =3D g_realloc(mbs.mb_buf, mbs.mb_buf_size); =20 - load_image(tmpbuf, (unsigned char *)mbs.mb_buf + offs); + load_image(one_file, (unsigned char *)mbs.mb_buf + offs); mb_add_mod(&mbs, mbs.mb_buf_phys + offs, mbs.mb_buf_phys + offs + mb_mod_length, c); =20 @@ -347,6 +354,8 @@ int load_multiboot(FWCfgState *fw_cfg, (char *)mbs.mb_buf + offs, (char *)mbs.mb_buf + offs + mb_mod_length, c); initrd_filename =3D next_initrd+1; + g_free(one_file); + one_file =3D NULL; } while (not_last); } =20 diff --git a/include/qemu/option.h b/include/qemu/option.h index 1cfe5cbc2d..3dfb4493cc 100644 --- a/include/qemu/option.h +++ b/include/qemu/option.h @@ -28,7 +28,7 @@ =20 #include "qemu/queue.h" =20 -const char *get_opt_value(char *buf, int buf_size, const char *p); +const char *get_opt_value(const char *p, char **value); =20 void parse_option_size(const char *name, const char *value, uint64_t *ret, Error **errp); diff --git a/util/qemu-option.c b/util/qemu-option.c index fa1a9f17fc..58d1c23893 100644 --- a/util/qemu-option.c +++ b/util/qemu-option.c @@ -70,25 +70,37 @@ static const char *get_opt_name(const char *p, char **o= ption, char delim) * delimiter is fixed to be comma which starts a new option. To specify an * option value that contains commas, double each comma. */ -const char *get_opt_value(char *buf, int buf_size, const char *p) +const char *get_opt_value(const char *p, char **value) { - char *q; + size_t capacity =3D 0, length; + const char *offset; + + *value =3D NULL; + while (1) { + offset =3D strchr(p, ','); + if (!offset) { + offset =3D p + strlen(p); + } =20 - q =3D buf; - while (*p !=3D '\0') { - if (*p =3D=3D ',') { - if (*(p + 1) !=3D ',') - break; - p++; + length =3D offset - p; + if (*offset !=3D '\0' && *(offset + 1) =3D=3D ',') { + length++; + } + if (value) { + *value =3D g_renew(char, *value, capacity + length + 1); + strncpy(*value + capacity, p, length); + (*value)[capacity + length] =3D '\0'; + } + capacity +=3D length; + if (*offset =3D=3D '\0' || + *(offset + 1) !=3D ',') { + break; } - if (q && (q - buf) < buf_size - 1) - *q++ =3D *p; - p++; + + p +=3D (offset - p) + 2; } - if (q) - *q =3D '\0'; =20 - return p; + return offset; } =20 static void parse_option_bool(const char *name, const char *value, bool *r= et, @@ -162,50 +174,43 @@ void parse_option_size(const char *name, const char *= value, =20 bool has_help_option(const char *param) { - size_t buflen =3D strlen(param) + 1; - char *buf =3D g_malloc(buflen); const char *p =3D param; bool result =3D false; =20 - while (*p) { - p =3D get_opt_value(buf, buflen, p); + while (*p && !result) { + char *value; + + p =3D get_opt_value(p, &value); if (*p) { p++; } =20 - if (is_help_option(buf)) { - result =3D true; - goto out; - } + result =3D is_help_option(value); + g_free(value); } =20 -out: - g_free(buf); return result; } =20 -bool is_valid_option_list(const char *param) +bool is_valid_option_list(const char *p) { - size_t buflen =3D strlen(param) + 1; - char *buf =3D g_malloc(buflen); - const char *p =3D param; - bool result =3D true; + char *value =3D NULL; + bool result =3D false; =20 while (*p) { - p =3D get_opt_value(buf, buflen, p); - if (*p && !*++p) { - result =3D false; + p =3D get_opt_value(p, &value); + if ((*p && !*++p) || + (!*value || *value =3D=3D ',')) { goto out; } =20 - if (!*buf || *buf =3D=3D ',') { - result =3D false; - goto out; - } + g_free(value); + value =3D NULL; } =20 + result =3D true; out: - g_free(buf); + g_free(value); return result; } =20 @@ -487,7 +492,7 @@ int qemu_opt_unset(QemuOpts *opts, const char *name) } } =20 -static void opt_set(QemuOpts *opts, const char *name, const char *value, +static void opt_set(QemuOpts *opts, const char *name, char *value, bool prepend, Error **errp) { QemuOpt *opt; @@ -496,6 +501,7 @@ static void opt_set(QemuOpts *opts, const char *name, c= onst char *value, =20 desc =3D find_desc_by_name(opts->list->desc, name); if (!desc && !opts_accepts_any(opts)) { + g_free(value); error_setg(errp, QERR_INVALID_PARAMETER, name); return; } @@ -509,8 +515,7 @@ static void opt_set(QemuOpts *opts, const char *name, c= onst char *value, QTAILQ_INSERT_TAIL(&opts->head, opt, next); } opt->desc =3D desc; - opt->str =3D g_strdup(value); - assert(opt->str); + opt->str =3D value; qemu_opt_parse(opt, &local_err); if (local_err) { error_propagate(errp, local_err); @@ -521,7 +526,7 @@ static void opt_set(QemuOpts *opts, const char *name, c= onst char *value, void qemu_opt_set(QemuOpts *opts, const char *name, const char *value, Error **errp) { - opt_set(opts, name, value, false, errp); + opt_set(opts, name, g_strdup(value), false, errp); } =20 void qemu_opt_set_bool(QemuOpts *opts, const char *name, bool val, @@ -755,7 +760,7 @@ static void opts_do_parse(QemuOpts *opts, const char *p= arams, const char *firstname, bool prepend, Error **err= p) { char *option =3D NULL; - char value[1024]; + char *value =3D NULL; const char *p,*pe,*pc; Error *local_err =3D NULL; =20 @@ -767,15 +772,15 @@ static void opts_do_parse(QemuOpts *opts, const char = *params, if (p =3D=3D params && firstname) { /* implicitly named first option */ option =3D g_strdup(firstname); - p =3D get_opt_value(value, sizeof(value), p); + p =3D get_opt_value(p, &value); } else { /* option without value, probably a flag */ p =3D get_opt_name(p, &option, ','); if (strncmp(option, "no", 2) =3D=3D 0) { memmove(option, option+2, strlen(option+2)+1); - pstrcpy(value, sizeof(value), "off"); + value =3D g_strdup("off"); } else { - pstrcpy(value, sizeof(value), "on"); + value =3D g_strdup("on"); } } } else { @@ -783,11 +788,12 @@ static void opts_do_parse(QemuOpts *opts, const char = *params, p =3D get_opt_name(p, &option, '=3D'); assert(*p =3D=3D '=3D'); p++; - p =3D get_opt_value(value, sizeof(value), p); + p =3D get_opt_value(p, &value); } if (strcmp(option, "id") !=3D 0) { /* store and parse */ opt_set(opts, option, value, prepend, &local_err); + value =3D NULL; if (local_err) { error_propagate(errp, local_err); goto cleanup; @@ -797,11 +803,13 @@ static void opts_do_parse(QemuOpts *opts, const char = *params, break; } g_free(option); - option =3D NULL; + g_free(value); + option =3D value =3D NULL; } =20 cleanup: g_free(option); + g_free(value); } =20 /** @@ -820,7 +828,7 @@ static QemuOpts *opts_parse(QemuOptsList *list, const c= har *params, bool permit_abbrev, bool defaults, Error **err= p) { const char *firstname; - char value[1024], *id =3D NULL; + char *id =3D NULL; const char *p; QemuOpts *opts; Error *local_err =3D NULL; @@ -829,11 +837,9 @@ static QemuOpts *opts_parse(QemuOptsList *list, const = char *params, firstname =3D permit_abbrev ? list->implied_opt_name : NULL; =20 if (strncmp(params, "id=3D", 3) =3D=3D 0) { - get_opt_value(value, sizeof(value), params+3); - id =3D value; + get_opt_value(params + 3, &id); } else if ((p =3D strstr(params, ",id=3D")) !=3D NULL) { - get_opt_value(value, sizeof(value), p+4); - id =3D value; + get_opt_value(p + 4, &id); } =20 /* @@ -845,6 +851,7 @@ static QemuOpts *opts_parse(QemuOptsList *list, const c= har *params, */ assert(!defaults || list->merge_lists); opts =3D qemu_opts_create(list, id, !defaults, &local_err); + g_free(id); if (opts =3D=3D NULL) { error_propagate(errp, local_err); return NULL; --=20 2.14.3