From nobody Mon Feb 9 14:34:01 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1487068657804807.9228277943254; Tue, 14 Feb 2017 02:37:37 -0800 (PST) Received: from localhost ([::1]:33750 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cdaUK-0007oP-8F for importer@patchew.org; Tue, 14 Feb 2017 05:37:36 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38741) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cdaJO-0005qk-If for qemu-devel@nongnu.org; Tue, 14 Feb 2017 05:26:21 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cdaJM-0003MA-Bh for qemu-devel@nongnu.org; Tue, 14 Feb 2017 05:26:18 -0500 Received: from mx1.redhat.com ([209.132.183.28]:51852) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cdaJM-0003LM-5H for qemu-devel@nongnu.org; Tue, 14 Feb 2017 05:26:16 -0500 Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 553D63A7698 for ; Tue, 14 Feb 2017 10:26:16 +0000 (UTC) Received: from blackfin.pond.sub.org (ovpn-116-50.ams2.redhat.com [10.36.116.50]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1EAQFo0023203 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 14 Feb 2017 05:26:16 -0500 Received: by blackfin.pond.sub.org (Postfix, from userid 1000) id 96F8211384B5; Tue, 14 Feb 2017 11:26:11 +0100 (CET) From: Markus Armbruster To: qemu-devel@nongnu.org Date: Tue, 14 Feb 2017 11:25:56 +0100 Message-Id: <1487067971-10443-10-git-send-email-armbru@redhat.com> In-Reply-To: <1487067971-10443-1-git-send-email-armbru@redhat.com> References: <1487067971-10443-1-git-send-email-armbru@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 14 Feb 2017 10:26:16 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 09/24] QemuOpts: Fix to reject numbers that overflow uint64_t X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" parse_option_number() fails to check for overflow after strtoull(). Has always been broken. Fix that. Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake --- tests/test-qemu-opts.c | 14 ++++++-------- util/qemu-option.c | 11 ++++++++--- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/tests/test-qemu-opts.c b/tests/test-qemu-opts.c index f4426bb..6a9d3c5 100644 --- a/tests/test-qemu-opts.c +++ b/tests/test-qemu-opts.c @@ -585,17 +585,15 @@ static void test_opts_parse_number(void) =20 /* Above upper limit */ opts =3D qemu_opts_parse(&opts_list_01, "number1=3D1844674407370955161= 6", - false, &error_abort); - /* BUG: should reject */ - g_assert_cmpuint(opts_count(opts), =3D=3D, 1); - g_assert_cmpuint(qemu_opt_get_number(opts, "number1", 1), =3D=3D, UINT= 64_MAX); + false, &err); + error_free_or_abort(&err); + g_assert(!opts); =20 /* Below lower limit */ opts =3D qemu_opts_parse(&opts_list_01, "number1=3D-184467440737095516= 16", - false, &error_abort); - /* BUG: should reject */ - g_assert_cmpuint(opts_count(opts), =3D=3D, 1); - g_assert_cmpuint(qemu_opt_get_number(opts, "number1", 1), =3D=3D, UINT= 64_MAX); + false, &err); + error_free_or_abort(&err); + g_assert(!opts); =20 /* Hex and octal */ opts =3D qemu_opts_parse(&opts_list_01, "number1=3D0x2a,number2=3D052", diff --git a/util/qemu-option.c b/util/qemu-option.c index 2b4e0c9..5d82327 100644 --- a/util/qemu-option.c +++ b/util/qemu-option.c @@ -141,11 +141,16 @@ static void parse_option_bool(const char *name, const= char *value, bool *ret, static void parse_option_number(const char *name, const char *value, uint64_t *ret, Error **errp) { - char *postfix; uint64_t number; + int err; =20 - number =3D strtoull(value, &postfix, 0); - if (*postfix !=3D '\0') { + err =3D qemu_strtou64(value, NULL, 0, &number); + if (err =3D=3D -ERANGE) { + error_setg(errp, "Value '%s' is too large for parameter '%s'", + value, name); + return; + } + if (err) { error_setg(errp, QERR_INVALID_PARAMETER_VALUE, name, "a number"); return; } --=20 2.7.4