From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:48662)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <armbru@pond.sub.org>) id 1RSlze-0006Yi-ED
	for qemu-devel@nongnu.org; Tue, 22 Nov 2011 03:46:20 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <armbru@pond.sub.org>) id 1RSlza-000095-23
	for qemu-devel@nongnu.org; Tue, 22 Nov 2011 03:46:18 -0500
Received: from oxygen.pond.sub.org ([78.46.104.156]:53676)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <armbru@pond.sub.org>) id 1RSlzZ-00007R-N4
	for qemu-devel@nongnu.org; Tue, 22 Nov 2011 03:46:13 -0500
Received: from blackfin.pond.sub.org (p5B32D94C.dip.t-dialin.net
	[91.50.217.76])
	by oxygen.pond.sub.org (Postfix) with ESMTPA id A969EA4112
	for <qemu-devel@nongnu.org>; Tue, 22 Nov 2011 09:46:07 +0100 (CET)
From: Markus Armbruster <armbru@redhat.com>
Date: Tue, 22 Nov 2011 09:46:04 +0100
Message-Id: <1321951566-11667-5-git-send-email-armbru@redhat.com>
In-Reply-To: <1321951566-11667-1-git-send-email-armbru@redhat.com>
References: <1321951566-11667-1-git-send-email-armbru@redhat.com>
Subject: [Qemu-devel] [PATCH 4/6] x86/cpuid: Tighten parsing of tsc_freq=FREQ
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Jes.Sorensen@redhat.com

cpu_x86_find_by_name() uses strtosz_suffix_unit(), but screws up the
error checking.  It detects some failures, but not all.  Undetected
failures result in a zero tsc_khz value (error value -1 divided by
1000), which means "no tsc_freq set".

To reproduce, try "-cpu qemu64,tsc_freq=9999999T".
strtosz_suffix_unit() fails, because the value overflows int64_t,

Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
 target-i386/cpuid.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/target-i386/cpuid.c b/target-i386/cpuid.c
index 21e5896..56c7671 100644
--- a/target-i386/cpuid.c
+++ b/target-i386/cpuid.c
@@ -692,7 +692,7 @@ static int cpu_x86_find_by_name(x86_def_t *x86_cpu_def, const char *cpu_model)
 
                 tsc_freq = strtosz_suffix_unit(val, &err,
                                                STRTOSZ_DEFSUFFIX_B, 1000);
-                if (!*val || *err) {
+                if (tsc_freq < 0 || *err) {
                     fprintf(stderr, "bad numerical value %s\n", val);
                     goto error;
                 }
-- 
1.7.6.4