From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:47909)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <namei.unix@gmail.com>) id 1VeR2I-00017d-LQ
	for qemu-devel@nongnu.org; Thu, 07 Nov 2013 09:58:27 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <namei.unix@gmail.com>) id 1VeR2A-00076h-20
	for qemu-devel@nongnu.org; Thu, 07 Nov 2013 09:58:18 -0500
Received: from mail-pd0-x22e.google.com ([2607:f8b0:400e:c02::22e]:62760)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <namei.unix@gmail.com>) id 1VeR29-00076V-Ob
	for qemu-devel@nongnu.org; Thu, 07 Nov 2013 09:58:09 -0500
Received: by mail-pd0-f174.google.com with SMTP id z10so700240pdj.33
	for <qemu-devel@nongnu.org>; Thu, 07 Nov 2013 06:58:08 -0800 (PST)
Date: Thu, 7 Nov 2013 22:58:00 +0800
From: Liu Yuan <namei.unix@gmail.com>
Message-ID: <20131107145800.GA14947@ubuntu-precise>
References: <1383318613-490-1-git-send-email-namei.unix@gmail.com>
	<1383318613-490-3-git-send-email-namei.unix@gmail.com>
	<20131105143759.GE16457@stefanha-thinkpad.redhat.com>
	<527912BF.2040003@redhat.com>
	<20131106093424.GE30528@stefanha-thinkpad.redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20131106093424.GE30528@stefanha-thinkpad.redhat.com>
Subject: Re: [Qemu-devel] [PATCH v5 2/2] sheepdog: support user-defined
 redundancy option
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>, Stefan Hajnoczi <stefanha@gmail.com>, sheepdog@lists.wpkg.org, qemu-devel@nongnu.org

On Wed, Nov 06, 2013 at 10:34:24AM +0100, Stefan Hajnoczi wrote:
> On Tue, Nov 05, 2013 at 08:46:07AM -0700, Eric Blake wrote:
> > On 11/05/2013 07:37 AM, Stefan Hajnoczi wrote:
> > 
> > >> +
> > >> +    copy = strtol(n1, NULL, 10);
> > >> +    if (copy > SD_MAX_COPIES) {
> > >> +        return -EINVAL;
> > >> +    }
> > 
> > > 
> > > The string manipulation can be simplified using sscanf(3) and
> > > is_numeric() can be dropped:
> > > 
> > > static int parse_redundancy(BDRVSheepdogState *s, const char *opt)
> > > {
> > >     struct SheepdogInode *inode = &s->inode;
> > >     uint8_t copy, parity;
> > >     int n;
> > > 
> > >     n = sscanf(opt, "%hhu:%hhu", &copy, &parity);
> > 
> > Personally, I detest the use of sscanf() to parse integers out of
> > strings, because POSIX says that behavior is undefined if overflow
> > occurs.  For internal strings, you can get away with it.  But for
> > untrusted input that did not originate in your process, a user can mess
> > you up by passing a string that parses larger than the integer you are
> > trying to store into, where the behavior is unspecified whether it wraps
> > around module 256, parses additional digits, or any other odd behavior.
> >  By the time you've added code to sanitize untrusted input, it's just as
> > fast to use strtol() anyways.
> 
> Hmm...I didn't know that overflow was undefined behavior in POSIX :(.
> 
> In that case forget sscanf(3) can look at the strtol(3) result for
> errors.  There's still no need for a custom is_numeric() function.

Thanks for your comments, I'll remove is_numeric() for v6

Thanks
Yuan