From: Kevin Wolf <kwolf@redhat.com>
To: John Snow <jsnow@redhat.com>
Cc: qemu-devel@nongnu.org, qemu-block@nongnu.org, mreitz@redhat.com
Subject: Re: [Qemu-devel] [PATCH v3 1/3] qemu-io: fix cvtnum lval types
Date: Wed, 4 Nov 2015 11:35:44 +0100 [thread overview]
Message-ID: <20151104103544.GA4026@noname.redhat.com> (raw)
In-Reply-To: <1446596262-15328-2-git-send-email-jsnow@redhat.com>
Am 04.11.2015 um 01:17 hat John Snow geschrieben:
> cvtnum() returns int64_t: we should not be storing this
> result inside of an int.
>
> In a few cases, we need an extra sprinkling of error handling
> where we expect to pass this number on towards a function that
> expects something smaller than int64_t.
>
> Reported-by: Max Reitz <mreitz@redhat.com>
> Signed-off-by: John Snow <jsnow@redhat.com>
> ---
> qemu-io-cmds.c | 88 +++++++++++++++++++++++++++++++++++-----------------------
> 1 file changed, 53 insertions(+), 35 deletions(-)
> v3:
> - pulled a lot of loose yarn, now missing my sweater
> (Updated patch 1 even further, reported-by Kevin)
I'm afraid you'll have to start using up another sweater.
> diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c
> index 6e5d1e4..f04c1db 100644
> --- a/qemu-io-cmds.c
> +++ b/qemu-io-cmds.c
> @@ -294,7 +294,7 @@ static void qemu_io_free(void *p)
> qemu_vfree(p);
> }
>
> -static void dump_buffer(const void *buffer, int64_t offset, int len)
> +static void dump_buffer(const void *buffer, int64_t offset, int64_t len)
> {
> int i, j;
> const uint8_t *p;
One more line of context:
for (i = 0, p = buffer; i < len; i += 16) {
For len > INT_MAX, this is an endless loop. The same way, i + j a few
lines below can wrap around.
> @@ -393,8 +393,8 @@ fail:
> return buf;
> }
>
> -static int do_read(BlockBackend *blk, char *buf, int64_t offset, int count,
> - int *total)
> +static int do_read(BlockBackend *blk, char *buf, int64_t offset, int64_t count,
> + int64_t *total)
> {
> int ret;
Again, one more line of context:
ret = blk_read(blk, offset >> 9, (uint8_t *)buf, count >> 9);
count is silently truncated if it's larger than INT_MAX << 9. I think we
should return an error (ERANGE? EINVAL? EFBIG?) instead.
Same for do_write, do_pread, do_pwrite, co_write_zeroes_entry,
do_write_compressed, do_load_vmstate, do_save_vmstate.
Kevin
next prev parent reply other threads:[~2015-11-04 10:35 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-04 0:17 [Qemu-devel] [PATCH v3 0/3] qemu-io: clean up cvtnum usage John Snow
2015-11-04 0:17 ` [Qemu-devel] [PATCH v3 1/3] qemu-io: fix cvtnum lval types John Snow
2015-11-04 10:35 ` Kevin Wolf [this message]
2015-11-04 0:17 ` [Qemu-devel] [PATCH v3 2/3] qemu-io: Check for trailing chars John Snow
2015-11-04 0:17 ` [Qemu-devel] [PATCH v3 3/3] qemu-io: Correct error messages John Snow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151104103544.GA4026@noname.redhat.com \
--to=kwolf@redhat.com \
--cc=jsnow@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).