From: Stefan Hajnoczi <stefanha@redhat.com>
To: Eric Blake <eblake@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>,
Stefan Hajnoczi <stefanha@gmail.com>,
sheepdog@lists.wpkg.org, qemu-devel@nongnu.org,
Liu Yuan <namei.unix@gmail.com>
Subject: Re: [Qemu-devel] [PATCH v5 2/2] sheepdog: support user-defined redundancy option
Date: Wed, 6 Nov 2013 10:34:24 +0100 [thread overview]
Message-ID: <20131106093424.GE30528@stefanha-thinkpad.redhat.com> (raw)
In-Reply-To: <527912BF.2040003@redhat.com>
On Tue, Nov 05, 2013 at 08:46:07AM -0700, Eric Blake wrote:
> On 11/05/2013 07:37 AM, Stefan Hajnoczi wrote:
>
> >> +
> >> + copy = strtol(n1, NULL, 10);
> >> + if (copy > SD_MAX_COPIES) {
> >> + return -EINVAL;
> >> + }
>
> >
> > The string manipulation can be simplified using sscanf(3) and
> > is_numeric() can be dropped:
> >
> > static int parse_redundancy(BDRVSheepdogState *s, const char *opt)
> > {
> > struct SheepdogInode *inode = &s->inode;
> > uint8_t copy, parity;
> > int n;
> >
> > n = sscanf(opt, "%hhu:%hhu", ©, &parity);
>
> Personally, I detest the use of sscanf() to parse integers out of
> strings, because POSIX says that behavior is undefined if overflow
> occurs. For internal strings, you can get away with it. But for
> untrusted input that did not originate in your process, a user can mess
> you up by passing a string that parses larger than the integer you are
> trying to store into, where the behavior is unspecified whether it wraps
> around module 256, parses additional digits, or any other odd behavior.
> By the time you've added code to sanitize untrusted input, it's just as
> fast to use strtol() anyways.
Hmm...I didn't know that overflow was undefined behavior in POSIX :(.
In that case forget sscanf(3) can look at the strtol(3) result for
errors. There's still no need for a custom is_numeric() function.
Stefan
next prev parent reply other threads:[~2013-11-06 9:34 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-01 15:10 [Qemu-devel] [PATCH v5 RESENT 0/2] sheepdog: add user-defined redundancy option Liu Yuan
2013-11-01 15:10 ` [Qemu-devel] [PATCH v5 1/2] sheepdog: refactor do_sd_create() Liu Yuan
2013-11-01 15:10 ` [Qemu-devel] [PATCH v5 2/2] sheepdog: support user-defined redundancy option Liu Yuan
2013-11-05 14:37 ` Stefan Hajnoczi
2013-11-05 15:46 ` Eric Blake
2013-11-06 9:34 ` Stefan Hajnoczi [this message]
2013-11-07 14:58 ` Liu Yuan
2013-11-01 17:46 ` [Qemu-devel] [sheepdog] [PATCH v5 RESENT 0/2] sheepdog: add " MORITA Kazutaka
-- strict thread matches above, loose matches on Subject: below --
2013-11-01 15:06 [Qemu-devel] [PATCH v5 " Liu Yuan
2013-11-01 15:06 ` [Qemu-devel] [PATCH v5 2/2] sheepdog: support " Liu Yuan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131106093424.GE30528@stefanha-thinkpad.redhat.com \
--to=stefanha@redhat.com \
--cc=eblake@redhat.com \
--cc=kwolf@redhat.com \
--cc=namei.unix@gmail.com \
--cc=qemu-devel@nongnu.org \
--cc=sheepdog@lists.wpkg.org \
--cc=stefanha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).