From: Hanna Czenczek <hreitz@redhat.com>
To: Eric Blake <eblake@redhat.com>, qemu-devel@nongnu.org
Subject: Re: [PATCH 11/11] cutils: Improve qemu_strtosz handling of fractions
Date: Tue, 9 May 2023 19:54:30 +0200 [thread overview]
Message-ID: <40919a58-2bb2-f156-ddc0-49c117a8f031@redhat.com> (raw)
In-Reply-To: <20230508200343.791450-12-eblake@redhat.com>
On 08.05.23 22:03, Eric Blake wrote:
> We have several limitations and bugs worth fixing; they are
> inter-related enough that it is not worth splitting this patch into
> smaller pieces:
>
> * ".5k" should work to specify 512, just as "0.5k" does
> * "1.9999k" and "1." + "9"*50 + "k" should both produce the same
> result of 2048 after rounding
> * "1." + "0"*350 + "1B" should not be treated the same as "1.0B";
> underflow in the fraction should not be lost
> * "7.99e99" and "7.99e999" look similar, but our code was doing a
> read-out-of-bounds on the latter because it was not expecting ERANGE
> due to overflow. While we document that scientific notation is not
> supported, and the previous patch actually fixed
> qemu_strtod_finite() to no longer return ERANGE overflows, it is
> easier to pre-filter than to try and determine after the fact if
> strtod() consumed more than we wanted. Note that this is a
> low-level semantic change (when endptr is not NULL, we can now
> successfully parse with a scale of 'E' and then report trailing
> junk, instead of failing outright with EINVAL); but an earlier
> commit already argued that this is not a high-level semantic change
> since the only caller passing in a non-NULL endptr also checks that
> the tail is whitespace-only.
>
> Fixes: https://gitlab.com/qemu-project/qemu/-/issues/1629
> Signed-off-by: Eric Blake <eblake@redhat.com>
> ---
> tests/unit/test-cutils.c | 51 +++++++++++------------
> util/cutils.c | 89 ++++++++++++++++++++++++++++------------
> 2 files changed, 88 insertions(+), 52 deletions(-)
[...]
> diff --git a/util/cutils.c b/util/cutils.c
> index 0e056a27a44..d1dfbc69d16 100644
> --- a/util/cutils.c
> +++ b/util/cutils.c
[...]
> @@ -246,27 +244,66 @@ static int do_strtosz(const char *nptr, const char **end,
> retval = -EINVAL;
> goto out;
> }
> - } else if (*endptr == '.') {
> + } else if (*endptr == '.' || (endptr == nptr && strchr(nptr, '.'))) {
What case is there where we have a fraction but *endptr != '.'?
> /*
> * Input looks like a fraction. Make sure even 1.k works
> - * without fractional digits. If we see an exponent, treat
> - * the entire input as invalid instead.
> + * without fractional digits. strtod tries to treat 'e' as an
> + * exponent, but we want to treat it as a scaling suffix;
> + * doing this requires modifying a copy of the fraction.
> */
> - double fraction;
> + double fraction = 0.0;
>
> - f = endptr;
> - retval = qemu_strtod_finite(f, &endptr, &fraction);
> - if (retval) {
> + if (retval == 0 && *endptr == '.' && !isdigit(endptr[1])) {
> + /* If we got here, we parsed at least one digit already. */
> endptr++;
> - } else if (memchr(f, 'e', endptr - f) || memchr(f, 'E', endptr - f)) {
> - endptr = nptr;
> - retval = -EINVAL;
> - goto out;
> } else {
> - /* Extract into a 64-bit fixed-point fraction. */
> + char *e;
> + const char *tail;
> + g_autofree char *copy = g_strdup(endptr);
> +
> + e = strchr(copy, 'e');
> + if (e) {
> + *e = '\0';
> + }
> + e = strchr(copy, 'E');
> + if (e) {
> + *e = '\0';
> + }
> + /*
> + * If this is a floating point, we are guaranteed that '.'
> + * appears before any possible digits in copy. If it is
> + * not a floating point, strtod will fail. Either way,
> + * there is now no exponent in copy, so if it parses, we
> + * know 0.0 <= abs(result) <= 1.0 (after rounding), and
> + * ERANGE is only possible on underflow which is okay.
> + */
> + retval = qemu_strtod_finite(copy, &tail, &fraction);
> + endptr += tail - copy;
> + }
> +
> + /* Extract into a 64-bit fixed-point fraction. */
> + if (fraction == 1.0) {
> + if (val == UINT64_MAX) {
> + retval = -ERANGE;
> + goto out;
> + }
> + val++;
> + } else if (retval == -ERANGE) {
> + /* See comments above about underflow */
> + valf = 1;
It doesn’t really matter because even an EiB is just 2^60, and so 1 EiB
* 2^-64 (the resolution of our fractional part) is still less than 1, but:
DBL_MIN * 0x1p64 is 2^-(1022-64) == 2^-958, i.e. much less than 1, so
I’d set valf to 0 here.
(If you put “.00000000000000000001” into this, there won’t be an
underflow, but the value is so small that valf ends up 0. But if you
put `.$(yes 0 | head -n 307 | tr -d '\n')1` into this, there will be an
underflow, setting valf to 1, even though the value is smaller.)
Hanna
> + retval = 0;
> + } else {
> valf = (uint64_t)(fraction * 0x1p64);
> }
> }
> + if (retval) {
> + goto out;
> + }
> + if (memchr(nptr, '-', endptr - nptr) != NULL) {
> + endptr = nptr;
> + retval = -EINVAL;
> + goto out;
> + }
> c = *endptr;
> mul = suffix_mul(c, unit);
> if (mul > 0) {
next prev parent reply other threads:[~2023-05-09 17:54 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-08 20:03 [PATCH 00/11] Fix qemu_strtosz() read-out-of-bounds Eric Blake
2023-05-08 20:03 ` [PATCH 01/11] test-cutils: Avoid g_assert in unit tests Eric Blake
2023-05-08 20:03 ` [PATCH 02/11] test-cutils: Use g_assert_cmpuint where appropriate Eric Blake
2023-05-08 20:03 ` [PATCH 03/11] test-cutils: Test integral qemu_strto* value on failures Eric Blake
2023-05-08 20:03 ` [PATCH 04/11] test-cutils: Add coverage of qemu_strtod Eric Blake
2023-05-08 20:03 ` [PATCH 05/11] test-cutils: Prepare for upcoming semantic change in qemu_strtosz Eric Blake
2023-05-08 20:03 ` [PATCH 06/11] test-cutils: Add more coverage to qemu_strtosz Eric Blake
2023-05-09 12:31 ` Hanna Czenczek
2023-05-09 12:42 ` Hanna Czenczek
2023-05-09 16:06 ` Eric Blake
2023-05-09 15:15 ` Hanna Czenczek
2023-05-09 15:50 ` Eric Blake
2023-05-09 16:10 ` Eric Blake
2023-05-08 20:03 ` [PATCH 07/11] numa: Check for qemu_strtosz_MiB error Eric Blake
2023-05-08 21:15 ` Eric Blake
2023-05-08 20:03 ` [PATCH 08/11] cutils: Set value in all qemu_strtosz* error paths Eric Blake
2023-05-08 20:03 ` [PATCH 09/11] cutils: Set value in all integral qemu_strto* " Eric Blake
2023-05-08 20:03 ` [PATCH 10/11] cutils: Improve qemu_strtod* " Eric Blake
2023-05-08 20:03 ` [PATCH 11/11] cutils: Improve qemu_strtosz handling of fractions Eric Blake
2023-05-08 21:21 ` Eric Blake
2023-05-09 17:54 ` Hanna Czenczek [this message]
2023-05-09 21:28 ` Eric Blake
2023-05-10 7:46 ` Hanna Czenczek
2023-05-10 7:48 ` Hanna Czenczek
2023-05-09 17:55 ` [PATCH 00/11] Fix qemu_strtosz() read-out-of-bounds Hanna Czenczek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40919a58-2bb2-f156-ddc0-49c117a8f031@redhat.com \
--to=hreitz@redhat.com \
--cc=eblake@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).