[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCHv2] qdev: Validate hex properties
|
From: |
Eric Blake |
|
Subject: |
Re: [Qemu-devel] [PATCHv2] qdev: Validate hex properties |
|
Date: |
Wed, 27 Nov 2013 05:48:26 -0700 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 |
On 11/27/2013 12:52 AM, Hannes Reinecke wrote:
> strtoul(l) might overflow, in which case it'll return '-1' and set
> the appropriate error code. So update the calls to strtoul(l) when
> parsing hex properties to avoid silent overflows.
>
> Cc: Peter Maydell <address@hidden>
> Cc: Eric Blake <address@hidden>
> Signed-off-by: Hannes Reinecke <address@hidden>
> ---
> hw/core/qdev-properties.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/hw/core/qdev-properties.c b/hw/core/qdev-properties.c
> index dc8ae69..5a94c04 100644
> --- a/hw/core/qdev-properties.c
> +++ b/hw/core/qdev-properties.c
> @@ -198,7 +198,10 @@ static int parse_hex8(DeviceState *dev, Property *prop,
> const char *str)
> return -EINVAL;
> }
>
> + errno = 0;
> *ptr = strtoul(str, &end, 16);
> + if (errno)
> + return -errno;
> if ((*end != '\0') || (end == str)) {
> return -EINVAL;
> }
Still incomplete. You still have silent overflows. Consider a string of
"0x100". strtoul() does not set errno, but *ptr is set to 0 because
0x100 is bigger than a uint8_t. You HAVE to parse the results into an
unsigned long, then manually check that the resulting unsigned long
value does not overflow *ptr.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature