From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1MSs36-0008LP-Vh
	for qemu-devel@nongnu.org; Mon, 20 Jul 2009 08:32:57 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1MSs32-0008Hd-8N
	for qemu-devel@nongnu.org; Mon, 20 Jul 2009 08:32:56 -0400
Received: from [199.232.76.173] (port=47395 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1MSs32-0008HM-0Y
	for qemu-devel@nongnu.org; Mon, 20 Jul 2009 08:32:52 -0400
Received: from verein.lst.de ([213.95.11.210]:33028)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA1:24) (Exim 4.60)
	(envelope-from <hch@lst.de>) id 1MSs31-0001cU-6m
	for qemu-devel@nongnu.org; Mon, 20 Jul 2009 08:32:51 -0400
Received: from verein.lst.de (localhost [127.0.0.1])
	by verein.lst.de (8.12.3/8.12.3/Debian-7.1) with ESMTP id
	n6KCWmgh009299
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for <qemu-devel@nongnu.org>; Mon, 20 Jul 2009 14:32:49 +0200
Received: (from hch@localhost)
	by verein.lst.de (8.12.3/8.12.3/Debian-7.2) id n6KCWmJr009297
	for qemu-devel@nongnu.org; Mon, 20 Jul 2009 14:32:48 +0200
Date: Mon, 20 Jul 2009 14:32:48 +0200
From: Christoph Hellwig <hch@lst.de>
Message-ID: <20090720123248.GA9199@lst.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Subject: [Qemu-devel] [PATCH v2] qemu-io: reject invalid pattern
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Replace the use of atoi which is used for pattern parsing currently with
strtol.  Atoi won't parse sedecimal pattern values (it always returns 0),
but qemu-iotests use such pattern values.  Also reject every pattern
that is not a unsigned char as we pass the pattern to memset which
expect a bye value (despite having the pattern argument declared as int).

Based on an earlier patch by Stefan Weil which did not include the
error handling.


Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reported-by: Stefan Weil <weil@mail.berlios.de>

Index: qemu/qemu-io.c
===================================================================
--- qemu.orig/qemu-io.c	2009-07-20 14:29:31.532907056 +0200
+++ qemu/qemu-io.c	2009-07-20 14:31:25.690150856 +0200
@@ -26,6 +26,28 @@ static BlockDriverState *bs;
 static int misalign;
 
 /*
+ * Parse the pattern argument to various sub-commands.
+ *
+ * Because the pattern is used as an argument to memset it must evaluate
+ * to an unsigned integer that fits into a single byte.
+ *
+ * Returns the pattern byte or -1 in case arg does not contain a valid pattern.
+ */
+static int parse_pattern(const char *arg)
+{
+	char *endptr = NULL;
+	long pattern;
+
+	pattern = strtol(arg, &endptr, 0);
+	if (pattern < 0 || pattern > UCHAR_MAX || *endptr != '\0') {
+		printf("%s is not a valid pattern byte\n", arg);
+		return -1;
+	}
+
+	return pattern;
+}
+
+/*
  * Memory allocation helpers.
  *
  * Make sure memory is aligned by default, or purposefully misaligned if
@@ -304,7 +326,10 @@ read_f(int argc, char **argv)
 			break;
 		case 'P':
 			Pflag = 1;
-			pattern = atoi(optarg);
+			pattern = parse_pattern(optarg);
+			if (pattern < 0) {
+				return 0;
+			}
 			break;
 		case 'q':
 			qflag = 1;
@@ -469,7 +494,10 @@ readv_f(int argc, char **argv)
 			break;
 		case 'P':
 			Pflag = 1;
-			pattern = atoi(optarg);
+			pattern = parse_pattern(optarg);
+			if (pattern < 0) {
+				return 0;
+			}
 			break;
 		case 'q':
 			qflag = 1;
@@ -594,7 +622,10 @@ write_f(int argc, char **argv)
 			pflag = 1;
 			break;
 		case 'P':
-			pattern = atoi(optarg);
+			pattern = parse_pattern(optarg);
+			if (pattern < 0) {
+				return 0;
+			}
 			break;
 		case 'q':
 			qflag = 1;
@@ -721,7 +752,10 @@ writev_f(int argc, char **argv)
 			qflag = 1;
 			break;
 		case 'P':
-			pattern = atoi(optarg);
+			pattern = parse_pattern(optarg);
+			if (pattern < 0) {
+				return 0;
+			}
 			break;
 		default:
 			return command_usage(&writev_cmd);
@@ -895,7 +929,10 @@ aio_read_f(int argc, char **argv)
 			break;
 		case 'P':
 			ctx->Pflag = 1;
-			ctx->pattern = atoi(optarg);
+			ctx->pattern = parse_pattern(optarg);
+			if (ctx->pattern < 0) {
+				return 0;
+			}
 			break;
 		case 'q':
 			ctx->qflag = 1;
@@ -995,7 +1032,10 @@ aio_write_f(int argc, char **argv)
 			ctx->qflag = 1;
 			break;
 		case 'P':
-			pattern = atoi(optarg);
+			pattern = parse_pattern(optarg);
+			if (pattern < 0) {
+				return 0;
+			}
 			break;
 		default:
 			free(ctx);