On Tue, Nov 09, 2010 at 12:50:11PM +0100, Gerd Hoffmann wrote:
> Hi,
>
> >>>>+static int get_bool(QEMUFile *f, void *pv, size_t size)
> >>>>+{
> >>>>+ bool *v = pv;
> >>>>+ *v = qemu_get_byte(f);
> >>>>+ return 0;
>
> >I think we should verify that value is 0 or 1 and fail
> >migration otherwise, to make it more robust.
>
> I still think such a check doesn't belong into the migration code as
> such a bug would exist without migration too. And if anything we
> should check on save not on load, otherwise qemu can write out
> savevm images which it will refuse to load. I wouldn't call this
> "robust".
>
> cheers,
> Gerd
I think we should verify on load: e.g. the image could have
got corrupted. What, exactly, do you want to check on save?
---
savevm: validate bool values on load
We always save 0 or 1 values for booleans. Validate on input to
increase the chance of detecting input corruption.
Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
---
diff --git a/savevm.c b/savevm.c
index 4e49765..da2fdfa 100644
--- a/savevm.c
+++ b/savevm.c
@@ -680,7 +680,12 @@ uint64_t qemu_get_be64(QEMUFile *f)
static int get_bool(QEMUFile *f, void *pv, size_t size)
{
bool *v = pv;
- *v = qemu_get_byte(f);
+ uint8_t b;
+ b = qemu_get_byte(f);
+ if (b != (uint8_t)true && b != (uint8_t)false) {
+ return -EINVAL;
+ }
+ *v = b;
return 0;
}
