[Qemu-devel] [PATCH 01/16] cutils: tighten qemu_parse_fd()
qemu_parse_fd() used to handle at least the following strings incorrectly: o -2: simply let through o 2147483648: returned as LONG_MAX==INT_MAX on ILP32 (with ERANGE ignored); implementation-defined behavior on LP64 Signed-off-by: Laszlo Ersek ler...@redhat.com --- util/cutils.c | 13 ++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/util/cutils.c b/util/cutils.c index b337293..dbe7412 100644 --- a/util/cutils.c +++ b/util/cutils.c @@ -22,10 +22,12 @@ * THE SOFTWARE. */ #include qemu-common.h #include qemu/host-utils.h #include math.h +#include limits.h +#include errno.h #include qemu/sockets.h #include qemu/iov.h #include net/net.h @@ -455,15 +457,20 @@ int parse_uint_full(const char *s, unsigned long long *value, int base) return 0; } int qemu_parse_fd(const char *param) { -int fd; -char *endptr = NULL; +long fd; +char *endptr; +errno = 0; fd = strtol(param, endptr, 10); -if (*endptr || (fd == 0 param == endptr)) { +if (param == endptr /* no conversion performed */|| +errno != 0 /* not representable as long; possibly others */ || +*endptr != '\0' /* final string not empty */ || +fd 0 /* invalid as file descriptor */ || +fd INT_MAX/* not representable as int */) { return -1; } return fd; } -- 1.8.3.1
Re: [Qemu-devel] [PATCH 01/16] cutils: tighten qemu_parse_fd()
On 04/10/2014 02:24 AM, Laszlo Ersek wrote: qemu_parse_fd() used to handle at least the following strings incorrectly: o -2: simply let through o 2147483648: returned as LONG_MAX==INT_MAX on ILP32 (with ERANGE ignored); implementation-defined behavior on LP64 Signed-off-by: Laszlo Ersek ler...@redhat.com --- util/cutils.c | 13 ++--- 1 file changed, 10 insertions(+), 3 deletions(-) I still think qemu should follow libvirt's lead of wrapping ALL uses of strto*l behind sane wrappers, since this is not the only place in the code base affected by misuse of the function - but that's a story for another day. +errno = 0; fd = strtol(param, endptr, 10); -if (*endptr || (fd == 0 param == endptr)) { +if (param == endptr /* no conversion performed */|| +errno != 0 /* not representable as long; possibly others */ || +*endptr != '\0' /* final string not empty */ || +fd 0 /* invalid as file descriptor */ || +fd INT_MAX/* not representable as int */) { return -1; Your comments make it particularly obvious that YOU know how to properly use this function, and hopefully teach future readers. :) Reviewed-by: Eric Blake ebl...@redhat.com -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature