Signed-off-by: Nia Alarie <nia.ala...@gmail.com> --- hw/9pfs/9p.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c index 48fa48e720..64f3bb976c 100644 --- a/hw/9pfs/9p.c +++ b/hw/9pfs/9p.c @@ -15,6 +15,7 @@ #include <glib/gprintf.h> #include "hw/virtio/virtio.h" #include "qapi/error.h" +#include "qemu/cutils.h" #include "qemu/error-report.h" #include "qemu/iov.h" #include "qemu/sockets.h" @@ -2213,8 +2214,15 @@ static void coroutine_fn v9fs_create(void *opaque) } v9fs_path_copy(&fidp->path, &path); } else if (perm & P9_STAT_MODE_LINK) { - int32_t ofid = atoi(extension.data); - V9fsFidState *ofidp = get_fid(pdu, ofid); + long ofid; + V9fsFidState *ofidp; + + if (qemu_strtol(extension.data, NULL, 10, &ofid) || + ofid > INT32_MAX || ofid < INT32_MIN) { + err = -EINVAL; + goto out; + } + ofidp = get_fid(pdu, (int32_t)ofid); if (ofidp == NULL) { err = -EINVAL; goto out; -- 2.16.2