From: Liu Yuan <namei.unix@gmail.com>
To: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>,
Stefan Hajnoczi <stefanha@gmail.com>,
sheepdog@lists.wpkg.org, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH v5 2/2] sheepdog: support user-defined redundancy option
Date: Thu, 7 Nov 2013 22:58:00 +0800 [thread overview]
Message-ID: <20131107145800.GA14947@ubuntu-precise> (raw)
In-Reply-To: <20131106093424.GE30528@stefanha-thinkpad.redhat.com>
On Wed, Nov 06, 2013 at 10:34:24AM +0100, Stefan Hajnoczi wrote:
> On Tue, Nov 05, 2013 at 08:46:07AM -0700, Eric Blake wrote:
> > On 11/05/2013 07:37 AM, Stefan Hajnoczi wrote:
> >
> > >> +
> > >> + copy = strtol(n1, NULL, 10);
> > >> + if (copy > SD_MAX_COPIES) {
> > >> + return -EINVAL;
> > >> + }
> >
> > >
> > > The string manipulation can be simplified using sscanf(3) and
> > > is_numeric() can be dropped:
> > >
> > > static int parse_redundancy(BDRVSheepdogState *s, const char *opt)
> > > {
> > > struct SheepdogInode *inode = &s->inode;
> > > uint8_t copy, parity;
> > > int n;
> > >
> > > n = sscanf(opt, "%hhu:%hhu", ©, &parity);
> >
> > Personally, I detest the use of sscanf() to parse integers out of
> > strings, because POSIX says that behavior is undefined if overflow
> > occurs. For internal strings, you can get away with it. But for
> > untrusted input that did not originate in your process, a user can mess
> > you up by passing a string that parses larger than the integer you are
> > trying to store into, where the behavior is unspecified whether it wraps
> > around module 256, parses additional digits, or any other odd behavior.
> > By the time you've added code to sanitize untrusted input, it's just as
> > fast to use strtol() anyways.
>
> Hmm...I didn't know that overflow was undefined behavior in POSIX :(.
>
> In that case forget sscanf(3) can look at the strtol(3) result for
> errors. There's still no need for a custom is_numeric() function.
Thanks for your comments, I'll remove is_numeric() for v6
Thanks
Yuan
next prev parent reply other threads:[~2013-11-07 14:58 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-01 15:10 [Qemu-devel] [PATCH v5 RESENT 0/2] sheepdog: add user-defined redundancy option Liu Yuan
2013-11-01 15:10 ` [Qemu-devel] [PATCH v5 1/2] sheepdog: refactor do_sd_create() Liu Yuan
2013-11-01 15:10 ` [Qemu-devel] [PATCH v5 2/2] sheepdog: support user-defined redundancy option Liu Yuan
2013-11-05 14:37 ` Stefan Hajnoczi
2013-11-05 15:46 ` Eric Blake
2013-11-06 9:34 ` Stefan Hajnoczi
2013-11-07 14:58 ` Liu Yuan [this message]
2013-11-01 17:46 ` [Qemu-devel] [sheepdog] [PATCH v5 RESENT 0/2] sheepdog: add " MORITA Kazutaka
-- strict thread matches above, loose matches on Subject: below --
2013-11-01 15:06 [Qemu-devel] [PATCH v5 " Liu Yuan
2013-11-01 15:06 ` [Qemu-devel] [PATCH v5 2/2] sheepdog: support " Liu Yuan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131107145800.GA14947@ubuntu-precise \
--to=namei.unix@gmail.com \
--cc=kwolf@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=sheepdog@lists.wpkg.org \
--cc=stefanha@gmail.com \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).