From: Bo Tu <tubo@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Cc: kwolf@redhat.com, mreitz@redhat.com, armbru@redhat.com,
mimu@linux.vnet.ibm.com
Subject: [Qemu-devel] [PATCH RFC v9 5/7] qemu-iotests: s390x: fix test 049
Date: Fri, 22 May 2015 09:26:19 +0800 [thread overview]
Message-ID: <1432257981-10411-6-git-send-email-tubo@linux.vnet.ibm.com> (raw)
In-Reply-To: <1432257981-10411-1-git-send-email-tubo@linux.vnet.ibm.com>
when creating an image qemu-img enable us specifying the size of the
image using -o size=xx options. But when we specify an invalid size
such as a negtive size then different platform gives different result.
parse_option_size() function in util/qemu-option.c will be called to
parse the size, a cast was called in the function to cast the input
(saved as a double in the function) size to an unsigned int64 value,
when the input is a negtive value or exceeds the maximum of uint64, then
the result is undefined.
Language spec 6.3.1.4 Real floating and integers:
the result of this assignment/cast is undefined if the float is not
in the open interval (-1, U<type>_MAX+1).
Signed-off-by: Bo Tu <tubo@linux.vnet.ibm.com>
---
tests/qemu-iotests/049.out | 10 ++++------
util/qemu-option.c | 5 +++++
2 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/tests/qemu-iotests/049.out b/tests/qemu-iotests/049.out
index 9f93666..b8790f9 100644
--- a/tests/qemu-iotests/049.out
+++ b/tests/qemu-iotests/049.out
@@ -95,17 +95,15 @@ qemu-img create -f qcow2 TEST_DIR/t.qcow2 -- -1024
qemu-img: Image size must be less than 8 EiB!
qemu-img create -f qcow2 -o size=-1024 TEST_DIR/t.qcow2
-qemu-img: qcow2 doesn't support shrinking images yet
-qemu-img: TEST_DIR/t.qcow2: Could not resize image: Operation not supported
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=-1024 encryption=off cluster_size=65536 lazy_refcounts=off refcount_bits=16
+qemu-img: Parameter 'size' expects a non-negative number below 2^64
+qemu-img: TEST_DIR/t.qcow2: Invalid options for file format 'qcow2'
qemu-img create -f qcow2 TEST_DIR/t.qcow2 -- -1k
qemu-img: Image size must be less than 8 EiB!
qemu-img create -f qcow2 -o size=-1k TEST_DIR/t.qcow2
-qemu-img: qcow2 doesn't support shrinking images yet
-qemu-img: TEST_DIR/t.qcow2: Could not resize image: Operation not supported
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=-1024 encryption=off cluster_size=65536 lazy_refcounts=off refcount_bits=16
+qemu-img: Parameter 'size' expects a non-negative number below 2^64
+qemu-img: TEST_DIR/t.qcow2: Invalid options for file format 'qcow2'
qemu-img create -f qcow2 TEST_DIR/t.qcow2 -- 1kilobyte
qemu-img: Invalid image size specified! You may use k, M, G, T, P or E suffixes for
diff --git a/util/qemu-option.c b/util/qemu-option.c
index fda4e5f..57b20c5 100644
--- a/util/qemu-option.c
+++ b/util/qemu-option.c
@@ -179,6 +179,11 @@ void parse_option_size(const char *name, const char *value,
if (value != NULL) {
sizef = strtod(value, &postfix);
+ if (sizef < 0 || sizef > UINT64_MAX) {
+ error_set(errp, QERR_INVALID_PARAMETER_VALUE, name, \
+ "a non-negative number below 2^64");
+ return;
+ }
switch (*postfix) {
case 'T':
sizef *= 1024;
--
2.3.0
next prev parent reply other threads:[~2015-05-22 1:26 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-22 1:26 [Qemu-devel] [PATCH RFC v9 0/7] Update tests/qemu-iotests failing cases for the s390 platform Bo Tu
2015-05-22 1:26 ` [Qemu-devel] [PATCH RFC v9 1/7] qemu-iotests: qemu machine type support Bo Tu
2015-05-22 1:26 ` [Qemu-devel] [PATCH RFC v9 2/7] qemu-iotests: run qemu with -nodefaults and fix 067, 071, 081 and 087 Bo Tu
2015-05-22 1:26 ` [Qemu-devel] [PATCH RFC v9 3/7] qemu-iotests: s390x: fix test 041 Bo Tu
2015-05-22 1:26 ` [Qemu-devel] [PATCH RFC v9 4/7] qemu-iotests: s390x: fix test 055 Bo Tu
2015-05-22 1:26 ` Bo Tu [this message]
2015-05-23 17:52 ` [Qemu-devel] [PATCH RFC v9 5/7] qemu-iotests: s390x: fix test 049 Max Reitz
2015-05-22 1:26 ` [Qemu-devel] [PATCH RFC v9 6/7] qemu-iotests: s390x: fix test 051 Bo Tu
2015-05-22 1:26 ` [Qemu-devel] [PATCH RFC v9 7/7] qemu-iotests: s390x: fix test 130 Bo Tu
-- strict thread matches above, loose matches on Subject: below --
2015-05-25 3:30 [Qemu-devel] [PATCH RFC v9 0/7] Update tests/qemu-iotests failing cases for the s390 platform Bo Tu
2015-05-25 3:30 ` [Qemu-devel] [PATCH RFC v9 5/7] qemu-iotests: s390x: fix test 049 Bo Tu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1432257981-10411-6-git-send-email-tubo@linux.vnet.ibm.com \
--to=tubo@linux.vnet.ibm.com \
--cc=armbru@redhat.com \
--cc=kwolf@redhat.com \
--cc=mimu@linux.vnet.ibm.com \
--cc=mreitz@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).