From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1JzAdf-0000PC-63 for qemu-devel@nongnu.org; Thu, 22 May 2008 09:15:23 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1JzAdd-0000N6-Va for qemu-devel@nongnu.org; Thu, 22 May 2008 09:15:22 -0400 Received: from [199.232.76.173] (port=46977 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1JzAdd-0000Mj-Pb for qemu-devel@nongnu.org; Thu, 22 May 2008 09:15:21 -0400 Received: from fmmailgate01.web.de ([217.72.192.221]:40796) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1JzAdc-0000zV-OT for qemu-devel@nongnu.org; Thu, 22 May 2008 09:15:21 -0400 Received: from smtp06.web.de (fmsmtp06.dlan.cinetic.de [172.20.5.172]) by fmmailgate01.web.de (Postfix) with ESMTP id 431D2E03FEE4 for ; Thu, 22 May 2008 15:15:20 +0200 (CEST) Received: from [88.64.5.207] (helo=[192.168.1.198]) by smtp06.web.de with asmtp (TLSv1:AES256-SHA:256) (WEB.DE 4.109 #226) id 1JzAdc-0002OB-00 for qemu-devel@nongnu.org; Thu, 22 May 2008 15:15:20 +0200 Message-ID: <483571E7.2@web.de> Date: Thu, 22 May 2008 15:15:19 +0200 From: Jan Kiszka MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Sender: jan.kiszka@web.de Subject: [Qemu-devel] [PATCH 1/2] Refactor und fix do_sendkey Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Looking at the sendkey implementation, planning to enhance it with a hold time argument, I found some potential out-of-bound access and not very readable code. Here is a fix for the former and a (subjective) improvement of the latter. Signed-off-by: Jan Kiszka --- monitor.c | 52 +++++++++++++++++++++++++++++----------------------- 1 file changed, 29 insertions(+), 23 deletions(-) Index: b/monitor.c =================================================================== --- a/monitor.c +++ b/monitor.c @@ -925,33 +925,39 @@ static int get_keycode(const char *key) return -1; } -static void do_send_key(const char *string) +static void do_sendkey(const char *string) { - char keybuf[16], *q; uint8_t keycodes[16]; - const char *p; - int nb_keycodes, keycode, i; - - nb_keycodes = 0; - p = string; - while (*p != '\0') { - q = keybuf; - while (*p != '\0' && *p != '-') { - if ((q - keybuf) < sizeof(keybuf) - 1) { - *q++ = *p; + int nb_keycodes = 0; + char keyname_buf[16]; + char *separator; + int keyname_len, keycode, i; + + while (1) { + separator = strchr(string, '-'); + keyname_len = separator ? separator-string : strlen(string); + if (keyname_len > 0) { + strncpy(keyname_buf, string, sizeof(keyname_buf) - 1); + if (keyname_len > sizeof(keyname_buf) - 1) { + keyname_buf[sizeof(keyname_buf) - 1] = 0; + term_printf("invalid key: '%s...'\n", keyname_buf); + return; } - p++; - } - *q = '\0'; - keycode = get_keycode(keybuf); - if (keycode < 0) { - term_printf("unknown key: '%s'\n", keybuf); - return; + if (nb_keycodes == sizeof(keycodes)) { + term_printf("too many keys\n"); + return; + } + keyname_buf[keyname_len] = 0; + keycode = get_keycode(keyname_buf); + if (keycode < 0) { + term_printf("unknown key: '%s'\n", keyname_buf); + return; + } + keycodes[nb_keycodes++] = keycode; } - keycodes[nb_keycodes++] = keycode; - if (*p == '\0') + if (!separator) break; - p++; + string = separator + 1; } /* key down events */ for(i = 0; i < nb_keycodes; i++) { @@ -1353,7 +1359,7 @@ static term_cmd_t term_cmds[] = { { "i", "/ii.", do_ioport_read, "/fmt addr", "I/O port read" }, - { "sendkey", "s", do_send_key, + { "sendkey", "s", do_sendkey, "keys", "send keys to the VM (e.g. 'sendkey ctrl-alt-f1')" }, { "system_reset", "", do_system_reset, "", "reset the system" },