From nobody Sun Feb 8 22:22:52 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1558533007; cv=none; d=zoho.com; s=zohoarc; b=Bv0OB3Z4bz/Z9ASPOnqIimNCyrMN5ZPOrbTCw7jby+lAz3cARNnuAQLjFJI1hKinc+husrPe4iTYcG2LeHVAXfD6pzIYuUZ4uKPkzoCs8H68EvKerrLM5W6Wxb8aftKd6P1Iu70WOM+wpQACebisuxeukhltjrvEso4DNJWWee0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1558533007; h=Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=Q2asl/GDbj3gJM8BuLxosEuUPigjqoT4uH7tXW6tnNE=; b=OceUnR2xA4732RvDAKoAalK+020MxO7KzKtykrw9aqwQjRI7n0MvuSxuKJLzsGGLN4ImhVngLr+Hm3lKNzHvhmxauyu27YIPQG6pR3cF2qUBmI08SS2EurS4ayVfOnGlqnIY2HpjABSkFVARXD9Yu2TRtlJQxi60lGeuhDL2NQQ= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (209.51.188.17 [209.51.188.17]) by mx.zohomail.com with SMTPS id 1558533007832456.2190381033282; Wed, 22 May 2019 06:50:07 -0700 (PDT) Received: from localhost ([127.0.0.1]:43656 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTRcx-00084g-OB for importer@patchew.org; Wed, 22 May 2019 09:49:55 -0400 Received: from eggs.gnu.org ([209.51.188.92]:43470) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTRac-0006sR-PY for qemu-devel@nongnu.org; Wed, 22 May 2019 09:47:31 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hTRab-0002bG-RQ for qemu-devel@nongnu.org; Wed, 22 May 2019 09:47:30 -0400 Received: from mx1.redhat.com ([209.132.183.28]:49510) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hTRab-0002aI-MI for qemu-devel@nongnu.org; Wed, 22 May 2019 09:47:29 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5C807C0528B3 for ; Wed, 22 May 2019 13:47:28 +0000 (UTC) Received: from blackfin.pond.sub.org (ovpn-116-28.ams2.redhat.com [10.36.116.28]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2C7627839C for ; Wed, 22 May 2019 13:47:28 +0000 (UTC) Received: by blackfin.pond.sub.org (Postfix, from userid 1000) id CF0FC1132BB6; Wed, 22 May 2019 15:47:26 +0200 (CEST) From: Markus Armbruster To: qemu-devel@nongnu.org Date: Wed, 22 May 2019 15:47:22 +0200 Message-Id: <20190522134726.19225-2-armbru@redhat.com> In-Reply-To: <20190522134726.19225-1-armbru@redhat.com> References: <20190522134726.19225-1-armbru@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Wed, 22 May 2019 13:47:28 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 1/5] qemu-bridge-helper: Fix misuse of isspace() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" parse_acl_file() passes char values to isspace(). Undefined behavior when the value is negative. Not a security issue, because the characters come from trusted $prefix/etc/qemu/bridge.conf and the files it includes. Furthermore, isspace()'s locale-dependence means qemu-bridge-helper uses the user's locale for parsing $prefix/etc/bridge.conf. Feels wrong. Use g_ascii_isspace() instead. This fixes the undefined behavior, and makes parsing of $prefix/etc/bridge.conf locale-independent. Signed-off-by: Markus Armbruster Message-Id: <20190514180311.16028-2-armbru@redhat.com> --- qemu-bridge-helper.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c index 5396fbfbb6..f9940deefd 100644 --- a/qemu-bridge-helper.c +++ b/qemu-bridge-helper.c @@ -75,7 +75,7 @@ static int parse_acl_file(const char *filename, ACLList *= acl_list) char *ptr =3D line; char *cmd, *arg, *argend; =20 - while (isspace(*ptr)) { + while (g_ascii_isspace(*ptr)) { ptr++; } =20 @@ -99,12 +99,12 @@ static int parse_acl_file(const char *filename, ACLList= *acl_list) =20 *arg =3D 0; arg++; - while (isspace(*arg)) { + while (g_ascii_isspace(*arg)) { arg++; } =20 argend =3D arg + strlen(arg); - while (arg !=3D argend && isspace(*(argend - 1))) { + while (arg !=3D argend && g_ascii_isspace(*(argend - 1))) { argend--; } *argend =3D 0; --=20 2.17.2 From nobody Sun Feb 8 22:22:52 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1558533157; cv=none; d=zoho.com; s=zohoarc; b=YGH66p42PqPyF+Z3u5muUH4kJQmKsO1jYPZJj3rrjzjA8zewMnzJhNvv2EVnH66TUvngNWwVCugChk4sRWaGv3b3Foy5OeY/NnWTJH+IfqrAYaxbQaAs3estAh65x/X0ewddqqRtXpKFph6mQtg9qmPwkQZX499VxTXEo8ZVerE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1558533157; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=coSxfBAyKG1GmwpJUolBtOtaxBuTBxqshU+UQDCcnYM=; b=hA7XmsbtMhHs7BNJld7SlJMS4N5CP1SRo4hi7qT0hA9Bk1avXL8ktpVLmJbRlISYXogQH6zaNU50WqPyYZxD0Wqm8+Ug4Q50eoBwl+8D8DVkHZI1i+QrlSgdyxOld6elEIViZSubLzWYSNf+8l8CXuoytHqt52allHUPm9/xe4g= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1558533157293999.7609376886948; Wed, 22 May 2019 06:52:37 -0700 (PDT) Received: from localhost ([127.0.0.1]:43721 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTRfV-0002VV-Ba for importer@patchew.org; Wed, 22 May 2019 09:52:33 -0400 Received: from eggs.gnu.org ([209.51.188.92]:43452) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTRac-0006sF-AC for qemu-devel@nongnu.org; Wed, 22 May 2019 09:47:31 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hTRab-0002ap-7l for qemu-devel@nongnu.org; Wed, 22 May 2019 09:47:30 -0400 Received: from mx1.redhat.com ([209.132.183.28]:39210) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hTRab-0002aE-0w for qemu-devel@nongnu.org; Wed, 22 May 2019 09:47:29 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5B36330C1AF9 for ; Wed, 22 May 2019 13:47:28 +0000 (UTC) Received: from blackfin.pond.sub.org (ovpn-116-28.ams2.redhat.com [10.36.116.28]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2DC9A5426D for ; Wed, 22 May 2019 13:47:28 +0000 (UTC) Received: by blackfin.pond.sub.org (Postfix, from userid 1000) id D2BC51132BD3; Wed, 22 May 2019 15:47:26 +0200 (CEST) From: Markus Armbruster To: qemu-devel@nongnu.org Date: Wed, 22 May 2019 15:47:23 +0200 Message-Id: <20190522134726.19225-3-armbru@redhat.com> In-Reply-To: <20190522134726.19225-1-armbru@redhat.com> References: <20190522134726.19225-1-armbru@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Wed, 22 May 2019 13:47:28 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 2/5] tests/vhost-user-bridge: Fix misuse of isdigit() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" vubr_set_host() passes char values to isdigit(). Undefined behavior when the value is negative. Fix by using qemu_isdigit() instead. Signed-off-by: Markus Armbruster Message-Id: <20190514180311.16028-3-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Thomas Huth [Missing #include "qemu-common.h" fixed] --- tests/vhost-user-bridge.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/vhost-user-bridge.c b/tests/vhost-user-bridge.c index 0033b61f2e..5b771de7a3 100644 --- a/tests/vhost-user-bridge.c +++ b/tests/vhost-user-bridge.c @@ -30,6 +30,7 @@ #define _FILE_OFFSET_BITS 64 =20 #include "qemu/osdep.h" +#include "qemu-common.h" #include "qemu/atomic.h" #include "qemu/iov.h" #include "standard-headers/linux/virtio_net.h" @@ -645,7 +646,7 @@ vubr_host_notifier_setup(VubrDev *dev) static void vubr_set_host(struct sockaddr_in *saddr, const char *host) { - if (isdigit(host[0])) { + if (qemu_isdigit(host[0])) { if (!inet_aton(host, &saddr->sin_addr)) { fprintf(stderr, "inet_aton() failed.\n"); exit(1); --=20 2.17.2 From nobody Sun Feb 8 22:22:52 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1558532997; cv=none; d=zoho.com; s=zohoarc; b=oga4hoTNPzLuABf61WFAKD9FGHSZvW8rwP/Z7mVJOH/EkAKqsPsYHsZzOO6ACGVfNNI50aS2e29eD2zBtuXe4GFfyGrqt72nEhMysZwYw+fCt545APyDDjIUULp2y5j15pcw8zAQPEr+3oUv5XDNVf5if2XGwqCpPIzTSOCZLlw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1558532997; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=mfD4TLPDuscMA3rWk6d/XnI6EGd83ziv8P7pQJuPZvw=; b=XyKGkB1UkUDG4Ymj+SRWbBM5ho29PWaJ0iKDjz+n6aahHMrwmJC2jIcDU0mXzADyCk0fl9EKPIbBJYCptwr4SORdJfGKvAT+LGJcci2o/+GW+Du8Pwc4Nha8696xQKJ7DY5GIPMfFxu8kQ4vbI6EOR0I3lNtDMWbRAE5xqmdYDU= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (209.51.188.17 [209.51.188.17]) by mx.zohomail.com with SMTPS id 1558532997386107.04466825583552; Wed, 22 May 2019 06:49:57 -0700 (PDT) Received: from localhost ([127.0.0.1]:43654 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTRct-00082Z-Cr for importer@patchew.org; Wed, 22 May 2019 09:49:51 -0400 Received: from eggs.gnu.org ([209.51.188.92]:43450) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTRac-0006sD-9k for qemu-devel@nongnu.org; Wed, 22 May 2019 09:47:31 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hTRab-0002ak-7h for qemu-devel@nongnu.org; Wed, 22 May 2019 09:47:30 -0400 Received: from mx1.redhat.com ([209.132.183.28]:36104) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hTRab-0002aF-0Q for qemu-devel@nongnu.org; Wed, 22 May 2019 09:47:29 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 606B85D5FF for ; Wed, 22 May 2019 13:47:28 +0000 (UTC) Received: from blackfin.pond.sub.org (ovpn-116-28.ams2.redhat.com [10.36.116.28]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 313741001281 for ; Wed, 22 May 2019 13:47:28 +0000 (UTC) Received: by blackfin.pond.sub.org (Postfix, from userid 1000) id D63CD1132B6C; Wed, 22 May 2019 15:47:26 +0200 (CEST) From: Markus Armbruster To: qemu-devel@nongnu.org Date: Wed, 22 May 2019 15:47:24 +0200 Message-Id: <20190522134726.19225-4-armbru@redhat.com> In-Reply-To: <20190522134726.19225-1-armbru@redhat.com> References: <20190522134726.19225-1-armbru@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Wed, 22 May 2019 13:47:28 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 3/5] gdbstub: Reject invalid RLE repeat counts X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" "Debugging with GDB / Appendix E GDB Remote Serial Protocol / Overview" specifies "The printable characters '#' and '$' or with a numeric value greater than 126 must not be used." gdb_read_byte() only rejects values < 32. This is wrong. Impact depends on the caller: * gdb_handlesig() passes a char. Incorrectly accepts '#', '$' and '\127'. * gdb_chr_receive() passes an uint8_t. Additionally accepts characters with the most-significant bit set. Correct the validity check to match the specification. Signed-off-by: Markus Armbruster Reviewed-by: Philippe Mathieu-Daud=C3=A9 Message-Id: <20190514180311.16028-4-armbru@redhat.com> --- gdbstub.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/gdbstub.c b/gdbstub.c index d54abd17cc..c41eb1de07 100644 --- a/gdbstub.c +++ b/gdbstub.c @@ -2064,7 +2064,11 @@ static void gdb_read_byte(GDBState *s, int ch) } break; case RS_GETLINE_RLE: - if (ch < ' ') { + /* + * Run-length encoding is explained in "Debugging with GDB / + * Appendix E GDB Remote Serial Protocol / Overview". + */ + if (ch < ' ' || ch =3D=3D '#' || ch =3D=3D '$' || ch > 126) { /* invalid RLE count encoding */ trace_gdbstub_err_invalid_repeat((uint8_t)ch); s->state =3D RS_GETLINE; --=20 2.17.2 From nobody Sun Feb 8 22:22:52 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1558533004; cv=none; d=zoho.com; s=zohoarc; b=QAO5W4t3XM3o8Q0qcMVaJ9j8O8Rbz9XZF2mng1mF3sJSQ2PpQJUw1hgQsAC72QCf0RK2n94+fM9ap8XD4qsvqK/0um2mgpCwnO7NtUjef8TimBeAl22HyLKUWWhtHTzYoYwQccxcHhwn9VuUOBiKn3y0HuszmI5eMTUFIYI/qrI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1558533004; h=Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=RCpBNEnNEph7HDa4TQjs1QW0y5xvDWJkohDe7AyKaS4=; b=HT2M1JiUu4fW+JhanGtoCYvVinfmTeVxb7eNc/9KujWCUA898NaP2vkg+x2gB+XzyzcD9pUJrjjlr0uiqxefjvVN7VKcb/AOeZaf/aPi+Vcel9dvEPgdgX6JPJSn0U9cP02Rd4ar8urfRbWJlF8iYjorWS+7LLnBxuzj+6+pI6g= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1558533004968522.3994116208729; Wed, 22 May 2019 06:50:04 -0700 (PDT) Received: from localhost ([127.0.0.1]:43658 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTRcy-00084v-4D for importer@patchew.org; Wed, 22 May 2019 09:49:56 -0400 Received: from eggs.gnu.org ([209.51.188.92]:43464) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTRac-0006sQ-LZ for qemu-devel@nongnu.org; Wed, 22 May 2019 09:47:31 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hTRab-0002b6-Fc for qemu-devel@nongnu.org; Wed, 22 May 2019 09:47:30 -0400 Received: from mx1.redhat.com ([209.132.183.28]:56478) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hTRab-0002aN-7I for qemu-devel@nongnu.org; Wed, 22 May 2019 09:47:29 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 891AE30BBE84 for ; Wed, 22 May 2019 13:47:28 +0000 (UTC) Received: from blackfin.pond.sub.org (ovpn-116-28.ams2.redhat.com [10.36.116.28]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 32E881001E67 for ; Wed, 22 May 2019 13:47:28 +0000 (UTC) Received: by blackfin.pond.sub.org (Postfix, from userid 1000) id D9A841132B74; Wed, 22 May 2019 15:47:26 +0200 (CEST) From: Markus Armbruster To: qemu-devel@nongnu.org Date: Wed, 22 May 2019 15:47:25 +0200 Message-Id: <20190522134726.19225-5-armbru@redhat.com> In-Reply-To: <20190522134726.19225-1-armbru@redhat.com> References: <20190522134726.19225-1-armbru@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.49]); Wed, 22 May 2019 13:47:28 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 4/5] gdbstub: Fix misuse of isxdigit() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" gdb_read_byte() passes its @ch argument to isxdigit(). Undefined behavior when the value is negative. Two callers: * gdb_chr_receive() passes an uint8_t value. Safe. * gdb_handlesig() a char value. Unsafe. Not a security issue, because the characters come from the gdb client, which is trusted. The obvious fix would be casting @ch to unsigned char. But note that gdb_read_byte() already casts @ch to uint8_t in many places. Uses of @ch without such a cast: (1) Compare to a character constant with =3D=3D or !=3D (2) s->linesum +=3D ch (3) Store ch or ch ^ 0x20 into s->line_buf[] (4) Check for invalid RLE count: ch < ' ' || ch =3D=3D '#' || ch =3D=3D '$' || ch > 126 (5) Pass to isxdigit() (6) Pass to fromhex() Change the parameter type from int to uint8_t, and drop the now redundant casts. Affects the above uses as follows: (1) No change: the character constants are all non-negative. (2) Effectively no change: we only ever use s->linesum & 0xff, and s->linesum is int. (3) No change: s->line_buf[] is char[]. (4) No change. (5) Avoid undefined behavior. (6) No change: only reached when isxdigit(ch) Signed-off-by: Markus Armbruster Message-Id: <20190514180311.16028-5-armbru@redhat.com> --- gdbstub.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/gdbstub.c b/gdbstub.c index c41eb1de07..b129df4e59 100644 --- a/gdbstub.c +++ b/gdbstub.c @@ -1987,7 +1987,7 @@ void gdb_do_syscall(gdb_syscall_complete_cb cb, const= char *fmt, ...) va_end(va); } =20 -static void gdb_read_byte(GDBState *s, int ch) +static void gdb_read_byte(GDBState *s, uint8_t ch) { uint8_t reply; =20 @@ -2001,7 +2001,7 @@ static void gdb_read_byte(GDBState *s, int ch) } else if (ch =3D=3D '+') { trace_gdbstub_io_got_ack(); } else { - trace_gdbstub_io_got_unexpected((uint8_t)ch); + trace_gdbstub_io_got_unexpected(ch); } =20 if (ch =3D=3D '+' || ch =3D=3D '$') @@ -2024,7 +2024,7 @@ static void gdb_read_byte(GDBState *s, int ch) s->line_sum =3D 0; s->state =3D RS_GETLINE; } else { - trace_gdbstub_err_garbage((uint8_t)ch); + trace_gdbstub_err_garbage(ch); } break; case RS_GETLINE: @@ -2070,11 +2070,11 @@ static void gdb_read_byte(GDBState *s, int ch) */ if (ch < ' ' || ch =3D=3D '#' || ch =3D=3D '$' || ch > 126) { /* invalid RLE count encoding */ - trace_gdbstub_err_invalid_repeat((uint8_t)ch); + trace_gdbstub_err_invalid_repeat(ch); s->state =3D RS_GETLINE; } else { /* decode repeat length */ - int repeat =3D (unsigned char)ch - ' ' + 3; + int repeat =3D ch - ' ' + 3; if (s->line_buf_index + repeat >=3D sizeof(s->line_buf) - = 1) { /* that many repeats would overrun the command buffer = */ trace_gdbstub_err_overrun(); @@ -2096,7 +2096,7 @@ static void gdb_read_byte(GDBState *s, int ch) case RS_CHKSUM1: /* get high hex digit of checksum */ if (!isxdigit(ch)) { - trace_gdbstub_err_checksum_invalid((uint8_t)ch); + trace_gdbstub_err_checksum_invalid(ch); s->state =3D RS_GETLINE; break; } @@ -2107,7 +2107,7 @@ static void gdb_read_byte(GDBState *s, int ch) case RS_CHKSUM2: /* get low hex digit of checksum */ if (!isxdigit(ch)) { - trace_gdbstub_err_checksum_invalid((uint8_t)ch); + trace_gdbstub_err_checksum_invalid(ch); s->state =3D RS_GETLINE; break; } --=20 2.17.2 From nobody Sun Feb 8 22:22:52 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1558533160; cv=none; d=zoho.com; s=zohoarc; b=J1VxQiLpn3WMRYvK6MpnRWpNd9DSlC6fatyRSACBE7Imo3E8VcSruqxEOUXoxa+1tCsRKYlmDWzUsFTuyVJYTPUVnxLeQqi+w3dJVIP3e2TCMT3zUnlf8lB/7OmMxjrbEUSbtpK/H8GKJbWU1SUJEql+cO1cKu+sQ7jYKjysh3k= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1558533160; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=WPxCxZjA4QWipMiREL9ZGTv7AXdEPrktU0rJsK2V5N4=; b=dPlT18dvd5FOC26YL5kFfn+sJHPmwIYeJyzZOtUPDOdTEFnTBBMrdPHXLSux2U3ANVQIU14lVil0p8DUKtdqPEfAo6f3uub1ysNK7JgKuKGlM2d9YhAI8GjtcysHm/9yq/quAvsHb/PdJoLWeMRND1fcyd9E+Iud06hk7kkaHQk= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1558533160424148.34355663932968; Wed, 22 May 2019 06:52:40 -0700 (PDT) Received: from localhost ([127.0.0.1]:43723 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTRfY-0002bD-Gr for importer@patchew.org; Wed, 22 May 2019 09:52:36 -0400 Received: from eggs.gnu.org ([209.51.188.92]:43494) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTRad-0006sU-Hi for qemu-devel@nongnu.org; Wed, 22 May 2019 09:47:32 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hTRac-0002cP-Ko for qemu-devel@nongnu.org; Wed, 22 May 2019 09:47:31 -0400 Received: from mx1.redhat.com ([209.132.183.28]:26742) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hTRac-0002bO-Eq for qemu-devel@nongnu.org; Wed, 22 May 2019 09:47:30 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C3DA95D608 for ; Wed, 22 May 2019 13:47:29 +0000 (UTC) Received: from blackfin.pond.sub.org (ovpn-116-28.ams2.redhat.com [10.36.116.28]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 961BA619B4 for ; Wed, 22 May 2019 13:47:29 +0000 (UTC) Received: by blackfin.pond.sub.org (Postfix, from userid 1000) id DCFBF1132B38; Wed, 22 May 2019 15:47:26 +0200 (CEST) From: Markus Armbruster To: qemu-devel@nongnu.org Date: Wed, 22 May 2019 15:47:26 +0200 Message-Id: <20190522134726.19225-6-armbru@redhat.com> In-Reply-To: <20190522134726.19225-1-armbru@redhat.com> References: <20190522134726.19225-1-armbru@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Wed, 22 May 2019 13:47:29 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 5/5] cutils: Simplify how parse_uint() checks for whitespace X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" Use qemu_isspace() so we don't have to cast to unsigned char. Signed-off-by: Markus Armbruster Message-Id: <20190514180311.16028-7-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- util/cutils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/cutils.c b/util/cutils.c index d682c90901..9aacc422ca 100644 --- a/util/cutils.c +++ b/util/cutils.c @@ -683,7 +683,7 @@ int parse_uint(const char *s, unsigned long long *value= , char **endptr, } =20 /* make sure we reject negative numbers: */ - while (isspace((unsigned char)*s)) { + while (qemu_isspace(*s)) { s++; } if (*s =3D=3D '-') { --=20 2.17.2