From: Markus Armbruster <armbru@redhat.com>
To: Laszlo Ersek <lersek@redhat.com>
Cc: aliguori@us.ibm.com, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 7/7] smbios: Check R in -smbios type=0, release=R parses okay
Date: Thu, 06 Jun 2013 22:02:30 +0200 [thread overview]
Message-ID: <874ndbrort.fsf@blackfin.pond.sub.org> (raw)
In-Reply-To: <51B0D75E.8000305@redhat.com> (Laszlo Ersek's message of "Thu, 06 Jun 2013 20:39:26 +0200")
Laszlo Ersek <lersek@redhat.com> writes:
> On 06/06/13 18:27, Markus Armbruster wrote:
>> Signed-off-by: Markus Armbruster <armbru@redhat.com>
>> ---
>> hw/i386/smbios.c | 5 ++++-
>> 1 file changed, 4 insertions(+), 1 deletion(-)
>>
>> diff --git a/hw/i386/smbios.c b/hw/i386/smbios.c
>> index 68bd6d0..88a1360 100644
>> --- a/hw/i386/smbios.c
>> +++ b/hw/i386/smbios.c
>> @@ -140,7 +140,10 @@ static void smbios_build_type_0_fields(const char *t)
>> bios_release_date_str),
>> buf, strlen(buf) + 1);
>> if (get_param_value(buf, sizeof(buf), "release", t)) {
>> - sscanf(buf, "%hhd.%hhd", &major, &minor);
>> + if (sscanf(buf, "%hhd.%hhd", &major, &minor) != 2) {
>> + error_report("Invalid release");
>> + exit(1);
>> + }
>> smbios_add_field(0, offsetof(struct smbios_type_0,
>> system_bios_major_release),
>> &major, 1);
>>
>
> Right. OTOH if any of the decimal strings provided doesn't fit into the
> space provided (eg. you pass "256" for an "unsigned char" which happens
> to be uint8_t), the behavior is undefined anyway. sscanf() cannot be
> used with "untrusted" data. ("... if the result of the conversion cannot
> be represented in the space provided, the behavior is undefined.")
Yes, this isn't rigorous parsing. It improves the code from "brazenly
careless" to the more common (in QEMU) "quick but sloppy".
> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Thanks for the review!
prev parent reply other threads:[~2013-06-06 20:02 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-06 16:27 [Qemu-devel] [PATCH 0/7] Some -smbios work Markus Armbruster
2013-06-06 16:27 ` [Qemu-devel] [PATCH 1/7] error-report.h: Supply missing include Markus Armbruster
2013-06-06 18:22 ` Laszlo Ersek
2013-06-06 16:27 ` [Qemu-devel] [PATCH 2/7] log.h: Supply missing includes Markus Armbruster
2013-06-06 18:22 ` Laszlo Ersek
2013-06-06 16:27 ` [Qemu-devel] [PATCH 3/7] smbios: Convert to error_report() Markus Armbruster
2013-06-06 18:23 ` Laszlo Ersek
2013-06-06 16:27 ` [Qemu-devel] [PATCH 4/7] Use sizeof(qemu_uuid) instead of literal 16 Markus Armbruster
2013-06-06 18:26 ` Laszlo Ersek
2013-06-06 19:52 ` Markus Armbruster
2013-06-06 16:27 ` [Qemu-devel] [PATCH 5/7] smbios: Clean up smbios_add_field() parameters Markus Armbruster
2013-06-06 18:31 ` Laszlo Ersek
2013-06-06 19:52 ` Markus Armbruster
2013-06-06 16:27 ` [Qemu-devel] [PATCH 6/7] smbios: Fix -smbios type=0, release=... for big endian hosts Markus Armbruster
2013-06-06 18:35 ` Laszlo Ersek
2013-06-06 19:55 ` Markus Armbruster
2013-06-06 16:27 ` [Qemu-devel] [PATCH 7/7] smbios: Check R in -smbios type=0, release=R parses okay Markus Armbruster
2013-06-06 18:39 ` Laszlo Ersek
2013-06-06 20:02 ` Markus Armbruster [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874ndbrort.fsf@blackfin.pond.sub.org \
--to=armbru@redhat.com \
--cc=aliguori@us.ibm.com \
--cc=lersek@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.