On 03/11/2018 03:12 PM, Nia Alarie wrote:
Signed-off-by: Nia Alarie <nia.ala...@gmail.com>
  hw/9pfs/9p.c | 12 ++++++++++--
  1 file changed, 10 insertions(+), 2 deletions(-)

      } else if (perm & P9_STAT_MODE_LINK) {
-        int32_t ofid = atoi(extension.data);
-        V9fsFidState *ofidp = get_fid(pdu, ofid);
+        long ofid;
+        V9fsFidState *ofidp;
+        if (qemu_strtol(extension.data, NULL, 10, &ofid) ||
+            ofid > INT32_MAX || ofid < INT32_MIN) {

Dan has a pending patch that will add qemu_strtoi, which might be a nicer fit for this situation:


int32_t is not necessarily int, but all platforms that compile qemu have 'int32_t' and 'int' both at 32 bits, so it's simpler to change to 'int ofid' and use Dan's function than it is to parse to long and then do bounds checking. Except that Dan still needs to post an updated version of his patch...

Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Reply via email to