From: "Richard W.M. Jones" <rjones@redhat.com>
To: qemu-devel@nongnu.org
Cc: Luiz Capitulino <lcapitulino@redhat.com>
Subject: [Qemu-devel] [PATCH] qemu: json: Fix parsing of integers >= 0x8000000000000000
Date: Fri, 20 May 2011 19:03:31 +0100 [thread overview]
Message-ID: <20110520180331.GA21837@amd.home.annexia.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 375 bytes --]
There seem to be a few unsafe uses of strto* functions. This patch
just fixes the one that affects me :-)
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v
[-- Attachment #2: 0001-json-Fix-parsing-of-integers-0x8000000000000000.patch --]
[-- Type: text/plain, Size: 1756 bytes --]
>From 6d58224bff821c49e91f5fe46c0e72f85e2583c6 Mon Sep 17 00:00:00 2001
From: Richard W.M. Jones <rjones@redhat.com>
Date: Fri, 20 May 2011 18:55:12 +0100
Subject: [PATCH] json: Fix parsing of integers >= 0x8000000000000000
Because of use of strtoll without any error checking, these integers
were truncated to [-0x8000000000000000, 0x7fffffffffffffff].
If you passed a high memory address to (eg.) memsave, it would get
clipped. For example memsave with val = 0xffffffff81000000 would
actually read from address 0x7fffffffffffffff.
Replace strtoll with strtoull, and add error checking.
---
json-parser.c | 11 ++++++++++-
1 files changed, 10 insertions(+), 1 deletions(-)
diff --git a/json-parser.c b/json-parser.c
index 6c06ef9..3747ba5 100644
--- a/json-parser.c
+++ b/json-parser.c
@@ -512,6 +512,8 @@ static QObject *parse_literal(JSONParserContext *ctxt, QList **tokens)
{
QObject *token, *obj;
QList *working = qlist_copy(*tokens);
+ const char *token_str;
+ unsigned long long ull;
token = qlist_pop(working);
switch (token_get_type(token)) {
@@ -519,7 +521,14 @@ static QObject *parse_literal(JSONParserContext *ctxt, QList **tokens)
obj = QOBJECT(qstring_from_escaped_str(ctxt, token));
break;
case JSON_INTEGER:
- obj = QOBJECT(qint_from_int(strtoll(token_get_value(token), NULL, 10)));
+ token_str = token_get_value(token);
+ errno = 0;
+ ull = strtoull(token_str, NULL, 10);
+ if (errno != 0) {
+ parse_error(ctxt, token, "invalid integer: %s", strerror(errno));
+ return NULL;
+ }
+ obj = QOBJECT(qint_from_int(ull));
break;
case JSON_FLOAT:
/* FIXME dependent on locale */
--
1.7.5.1
next reply other threads:[~2011-05-20 18:03 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-20 18:03 Richard W.M. Jones [this message]
2011-05-20 18:11 ` [Qemu-devel] [PATCH] qemu: json: Fix parsing of integers >= 0x8000000000000000 Anthony Liguori
2011-05-20 18:36 ` Richard W.M. Jones
2011-05-20 18:37 ` Richard W.M. Jones
2011-05-20 18:47 ` Richard W.M. Jones
2011-05-20 21:19 ` Richard W.M. Jones
2011-05-23 13:04 ` Daniel P. Berrange
2011-05-23 13:33 ` Anthony Liguori
2011-05-23 13:39 ` Richard W.M. Jones
2011-05-23 13:40 ` Daniel P. Berrange
2011-05-23 13:45 ` Anthony Liguori
2011-05-23 14:14 ` Daniel P. Berrange
2011-05-23 15:03 ` Anthony Liguori
2011-05-23 15:41 ` Daniel P. Berrange
2011-05-23 14:20 ` Markus Armbruster
2011-05-23 13:50 ` Anthony Liguori
2011-05-23 14:02 ` Luiz Capitulino
2011-05-23 14:06 ` Anthony Liguori
2011-05-23 14:24 ` Daniel P. Berrange
2011-05-23 14:29 ` Markus Armbruster
2011-05-23 14:32 ` Daniel P. Berrange
2011-05-23 15:07 ` Anthony Liguori
2011-05-23 15:19 ` Richard W.M. Jones
2011-05-23 15:24 ` Anthony Liguori
2011-05-23 15:29 ` Richard W.M. Jones
2011-05-23 15:59 ` Anthony Liguori
2011-05-23 16:06 ` Daniel P. Berrange
2011-05-23 15:38 ` Daniel P. Berrange
2011-05-23 16:18 ` Markus Armbruster
2011-05-23 16:37 ` Anthony Liguori
2011-05-24 6:26 ` Markus Armbruster
2011-05-23 23:02 ` [Qemu-devel] Use a hex string (was: [PATCH] qemu: json: Fix parsing of integers >= 0x8000000000000000) Jamie Lokier
2011-05-24 2:50 ` [Qemu-devel] Use a hex string Anthony Liguori
2011-05-24 5:30 ` Jamie Lokier
2011-05-23 13:38 ` [Qemu-devel] [PATCH] qemu: json: Fix parsing of integers >= 0x8000000000000000 Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110520180331.GA21837@amd.home.annexia.org \
--to=rjones@redhat.com \
--cc=lcapitulino@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).