[v3] Fix qemu_strtosz() read-out-of-bounds

[PATCH v3 00/19] Fix qemu_strtosz() read-out-of-bounds

Eric Blake posted 19 patches 11 months, 1 week ago

Diff against v1 v2
Download series mbox

Failed in applying to current master (apply log)

Maintainers: Gerd Hoffmann <kraxel@redhat.com>, "Marc-André Lureau" <marcandre.lureau@redhat.com>, Kevin Wolf <kwolf@redhat.com>, Hanna Reitz <hreitz@redhat.com>, Peter Lieven <pl@kamp.de>, Eduardo Habkost <eduardo@habkost.net>, Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, "Philippe Mathieu-Daudé" <philmd@linaro.org>, Yanan Wang <wangyanan55@huawei.com>, Markus Armbruster <armbru@redhat.com>, Michael Roth <michael.roth@amd.com>, "Daniel P. Berrangé" <berrange@redhat.com>

include/qemu/cutils.h            |    5 +-
audio/audio_legacy.c             |    4 +-
block/gluster.c                  |    4 +-
block/nfs.c                      |    4 +-
blockdev.c                       |    4 +-
contrib/ivshmem-server/main.c    |    4 +-
hw/core/numa.c                   |   11 +-
qapi/opts-visitor.c              |   10 +-
tests/unit/test-cutils.c         | 2469 ++++++++++++++++++++++--------
ui/vnc.c                         |    4 +-
util/cutils.c                    |  262 ++--
util/guest-random.c              |    4 +-
util/qemu-sockets.c              |   10 +-
tests/qemu-iotests/049.out       |    7 +-
tests/qemu-iotests/178.out.qcow2 |    3 +-
tests/qemu-iotests/178.out.raw   |    3 +-
16 files changed, 2030 insertions(+), 778 deletions(-)

Expand all Fold all

[PATCH v3 00/19] Fix qemu_strtosz() read-out-of-bounds

Posted by Eric Blake 11 months, 1 week ago

v2 was here:
https://lists.gnu.org/archive/html/qemu-devel/2023-05/msg02951.html

Since then:
 - fix another qemu_strtoui bug
 - address review comments from Hanna

001/19:[----] [--] 'test-cutils: Avoid g_assert in unit tests'
002/19:[----] [--] 'test-cutils: Use g_assert_cmpuint where appropriate'
003/19:[----] [--] 'test-cutils: Test integral qemu_strto* value on failures'
004/19:[0204] [FC] 'test-cutils: Test more integer corner cases'
005/19:[0048] [FC] 'cutils: Fix wraparound parsing in qemu_strtoui'
006/19:[----] [--] 'cutils: Document differences between parse_uint and qemu_strtou64'
007/19:[0016] [FC] 'cutils: Adjust signature of parse_uint[_full]'
008/19:[----] [--] 'cutils: Allow NULL endptr in parse_uint()'
009/19:[0006] [FC] 'test-cutils: Add coverage of qemu_strtod'
010/19:[----] [--] 'test-cutils: Prepare for upcoming semantic change in qemu_strtosz'
011/19:[----] [--] 'test-cutils: Refactor qemu_strtosz tests for less boilerplate'
012/19:[0007] [FC] 'cutils: Allow NULL str in qemu_strtosz'
013/19:[----] [--] 'numa: Check for qemu_strtosz_MiB error'
014/19:[0007] [FC] 'test-cutils: Add more coverage to qemu_strtosz'
015/19:[----] [--] 'cutils: Set value in all qemu_strtosz* error paths'
016/19:[----] [--] 'cutils: Set value in all integral qemu_strto* error paths'
017/19:[0013] [FC] 'cutils: Use parse_uint in qemu_strtosz for negative rejection'
018/19:[----] [--] 'cutils: Improve qemu_strtod* error paths'
019/19:[----] [--] 'cutils: Improve qemu_strtosz handling of fractions'

Eric Blake (19):
  test-cutils: Avoid g_assert in unit tests
  test-cutils: Use g_assert_cmpuint where appropriate
  test-cutils: Test integral qemu_strto* value on failures
  test-cutils: Test more integer corner cases
  cutils: Fix wraparound parsing in qemu_strtoui
  cutils: Document differences between parse_uint and qemu_strtou64
  cutils: Adjust signature of parse_uint[_full]
  cutils: Allow NULL endptr in parse_uint()
  test-cutils: Add coverage of qemu_strtod
  test-cutils: Prepare for upcoming semantic change in qemu_strtosz
  test-cutils: Refactor qemu_strtosz tests for less boilerplate
  cutils: Allow NULL str in qemu_strtosz
  numa: Check for qemu_strtosz_MiB error
  test-cutils: Add more coverage to qemu_strtosz
  cutils: Set value in all qemu_strtosz* error paths
  cutils: Set value in all integral qemu_strto* error paths
  cutils: Use parse_uint in qemu_strtosz for negative rejection
  cutils: Improve qemu_strtod* error paths
  cutils: Improve qemu_strtosz handling of fractions

 include/qemu/cutils.h            |    5 +-
 audio/audio_legacy.c             |    4 +-
 block/gluster.c                  |    4 +-
 block/nfs.c                      |    4 +-
 blockdev.c                       |    4 +-
 contrib/ivshmem-server/main.c    |    4 +-
 hw/core/numa.c                   |   11 +-
 qapi/opts-visitor.c              |   10 +-
 tests/unit/test-cutils.c         | 2469 ++++++++++++++++++++++--------
 ui/vnc.c                         |    4 +-
 util/cutils.c                    |  262 ++--
 util/guest-random.c              |    4 +-
 util/qemu-sockets.c              |   10 +-
 tests/qemu-iotests/049.out       |    7 +-
 tests/qemu-iotests/178.out.qcow2 |    3 +-
 tests/qemu-iotests/178.out.raw   |    3 +-
 16 files changed, 2030 insertions(+), 778 deletions(-)


base-commit: ad3387396a71416cacc0b394e5e440dd6e9ba19a
prerequisite-patch-id: 7d7341e4caa6f8ef05dda8dd5f43b98a6ef969f1
-- 
2.40.1

Re: [PATCH v3 00/19] Fix qemu_strtosz() read-out-of-bounds

Posted by Eric Blake 11 months ago

On Mon, May 22, 2023 at 02:04:22PM -0500, Eric Blake wrote:
> v2 was here:
> https://lists.gnu.org/archive/html/qemu-devel/2023-05/msg02951.html
> 
> Since then:
>  - fix another qemu_strtoui bug
>  - address review comments from Hanna

This series has been reviewed; I fixed up the last few bits, and am
queueing it through my NBD tree (not really about NBD directly, but
tangentially we rely on size parsing in unit testing...), in order to
prepare a pull request today.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org