Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing

From:	malc
Subject:	Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing
Date:	Fri, 17 Feb 2012 01:35:45 +0400 (MSK)
User-agent:	Alpine 2.00 (LNX 1167 2008-08-23)

On Thu, 16 Feb 2012, Eric Blake wrote:

> On 02/16/2012 12:23 PM, malc wrote:
> > On Thu, 16 Feb 2012, Michael S. Tsirkin wrote:
> > 
> >> Use scanf instead of manual string scanning.
> >>
> >> +
> >> +    /* Parse [[<domain>:]<bus>:]<slot> */
> >> +    sscanf(addr, "%x:%x:%x%n", &dom, &bus, &slot, &n);
> > 
> > sscanf can fail.
> 
> Worse, the *scanf family has undefined behavior on integer overflow.  If
> addr contains "100000000000000:0:0", there's no telling whether it will
> be diagnosed as a parse error, or silently accepted and truncated, in
> which case, there's no telling what dom will contain.
> 
> I cringe any time I see someone using scanf to parse numbers from
> arbitrary user input; I barely tolerate it for parsing things generated
> by the kernel, but even there, I won't ever use scanf myself.  Same goes
> for atoi.  _Only_ strtol and friends can robustly parse arbitrary input
> into integers.

To whomever wanted to apply this - don't.

-- 
mailto:address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 0/2] pci devaddr parsing cleanups, Michael S. Tsirkin, 2012/02/16
- [Qemu-devel] [PATCH 1/2] pci: don't export an internal function, Michael S. Tsirkin, 2012/02/16
- [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, Michael S. Tsirkin, 2012/02/16
  - Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, malc, 2012/02/16
    - Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, Eric Blake, 2012/02/16
    - Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, malc <=
    - Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, Michael S. Tsirkin, 2012/02/17
    - Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, Markus Armbruster, 2012/02/17
    - Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, Michael S. Tsirkin, 2012/02/19
    - Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, Michael S. Tsirkin, 2012/02/19
    - Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, Michael S. Tsirkin, 2012/02/17
    - Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, malc, 2012/02/17
    - Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, Michael S. Tsirkin, 2012/02/17

Prev by Date: Re: [Qemu-devel] VirtIO 9p mount_tag (bogus?) limit of 32 bytes
Next by Date: [Qemu-devel] [PATCH 2/2] qxl: make qxl_render_update async
Previous by thread: Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing
Next by thread: Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing
Index(es):
- Date
- Thread