From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1MSffL-0002AO-BE
	for qemu-devel@nongnu.org; Sun, 19 Jul 2009 19:19:35 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1MSffG-00024g-Dc
	for qemu-devel@nongnu.org; Sun, 19 Jul 2009 19:19:34 -0400
Received: from [199.232.76.173] (port=60937 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1MSffG-00024d-7i
	for qemu-devel@nongnu.org; Sun, 19 Jul 2009 19:19:30 -0400
Received: from verein.lst.de ([213.95.11.210]:45982)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA1:24) (Exim 4.60)
	(envelope-from <hch@lst.de>) id 1MSffF-0001DQ-Od
	for qemu-devel@nongnu.org; Sun, 19 Jul 2009 19:19:30 -0400
Date: Mon, 20 Jul 2009 01:19:25 +0200
From: Christoph Hellwig <hch@lst.de>
Message-ID: <20090719231925.GA1923@lst.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Subject: [Qemu-devel] [PATCH] qemu-io: reject invalid pattern
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Replace the use of atoi which is used for pattern parsing currently with
strtol.  Atoi won't parse sedecimal pattern values (it always returns 0),
but qemu-iotests use such pattern values.  Also reject every pattern
that is not a unsigned char as we pass the pattern to memset which
expect a bye value (despite having the pattern argument declared as int).

Based on an earlier patch by Stefan Weil which did not include the
error handling.


Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Stefan Weil <weil@mail.berlios.de>

Index: qemu/qemu-io.c
===================================================================
--- qemu.orig/qemu-io.c	2009-07-20 00:59:41.616922630 +0200
+++ qemu/qemu-io.c	2009-07-20 01:06:23.824900811 +0200
@@ -26,6 +26,26 @@ static BlockDriverState *bs;
 static int misalign;
 
 /*
+ * Parse the pattern argument to various sub-commands.
+ *
+ * Because the pattern is used as an argument to memset it must evaluate
+ * to an unsigned integer that fits into a single byte.
+ */
+static int parse_pattern(const char *arg)
+{
+	char *endptr = NULL;
+	long pattern;
+
+	pattern = strtol(arg, &endptr, 0);
+	if (pattern < 0 || pattern > UCHAR_MAX || *endptr != '\0') {
+		printf("%s is not a valid pattern byte\n", arg);
+		return -1;
+	}
+
+	return pattern;
+}
+
+/*
  * Memory allocation helpers.
  *
  * Make sure memory is aligned by default, or purposefully misaligned if
@@ -304,7 +324,9 @@ read_f(int argc, char **argv)
 			break;
 		case 'P':
 			Pflag = 1;
-			pattern = atoi(optarg);
+			pattern = parse_pattern(optarg);
+			if (pattern < 0)
+				return 0;
 			break;
 		case 'q':
 			qflag = 1;
@@ -469,7 +491,9 @@ readv_f(int argc, char **argv)
 			break;
 		case 'P':
 			Pflag = 1;
-			pattern = atoi(optarg);
+			pattern = parse_pattern(optarg);
+			if (pattern < 0)
+				return 0;
 			break;
 		case 'q':
 			qflag = 1;
@@ -594,7 +618,9 @@ write_f(int argc, char **argv)
 			pflag = 1;
 			break;
 		case 'P':
-			pattern = atoi(optarg);
+			pattern = parse_pattern(optarg);
+			if (pattern < 0)
+				return 0;
 			break;
 		case 'q':
 			qflag = 1;
@@ -721,7 +747,9 @@ writev_f(int argc, char **argv)
 			qflag = 1;
 			break;
 		case 'P':
-			pattern = atoi(optarg);
+			pattern = parse_pattern(optarg);
+			if (pattern < 0)
+				return 0;
 			break;
 		default:
 			return command_usage(&writev_cmd);
@@ -895,7 +923,9 @@ aio_read_f(int argc, char **argv)
 			break;
 		case 'P':
 			ctx->Pflag = 1;
-			ctx->pattern = atoi(optarg);
+			ctx->pattern = parse_pattern(optarg);
+			if (ctx->pattern < 0)
+				return 0;
 			break;
 		case 'q':
 			ctx->qflag = 1;
@@ -995,7 +1025,9 @@ aio_write_f(int argc, char **argv)
 			ctx->qflag = 1;
 			break;
 		case 'P':
-			pattern = atoi(optarg);
+			pattern = parse_pattern(optarg);
+			if (pattern < 0)
+				return 0;
 			break;
 		default:
 			free(ctx);