On Thu, Aug 12, 2021 at 03:50:34PM -0500, Eric Blake wrote: > On Thu, Aug 12, 2021 at 03:43:56PM -0500, Eric Blake wrote: > > > > $ ./nbdkit -f memory 1 --filter=delay delay-read=1oopsms > > > > Oops - our use of sscanf didn't check for trailing garbage, and this > > is behaving as delay-read=1ms. > > > > $ ./nbdkit -fv memory 1 --filter=delay delay-read=999999999999999999999ms > > > > Using gdb, I see that in glibc this results in the same as > > delay-read=4294967295, but that behavior is unspecified by POSIX and > > may result in other values on other platforms. Better would be > > detecting overflow, but sscanf() cannot detect numeric overflow. > > > > Detecting trailing garbage could be done with sscanf(value, "%ums%n", > > r, &n) == 1 followed by checking that n consumed strlen(value) bytes, > > but detecting overflow really needs strtol() rather than sscanf. > > > > We have other filters and plugins that use sscanf. As long as their > > inputs come from stable sources (such as scanning kernel /proc files) > > or don't parse numbers, that is safe; but in general, use of sscanf to > > parse user-provided data is risky. > > I'm wondering if we want to add > int nbdkit_parse_int_suffix (const char *what, const char *str, char **suff, > int *r); > > and friends, which sets *suff to the first unparsed byte in str on a > successful integer prefix parse.
string + length parsing would also work in this case. I don't have any particular preference. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://libguestfs.org _______________________________________________ Libguestfs mailing list [email protected] https://listman.redhat.com/mailman/listinfo/libguestfs
