[Qemu-devel] [PATCH v4 0/2]: hmp: integer parsing fixes

[Qemu-devel] [PATCH v4 0/2]: hmp: integer parsing fixes

[Luiz Capitulino]

I've decided to implement Markus's suggestion (ie. check only for ERANGE) to
avoid needless discussions on a simple thing...

o V4

- Check only for ERANGE in expr_unary() [Markus]

 monitor.c |   12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

[Qemu-devel] [PATCH 1/2] hmp: expr_unary(): check for overflow in strtoul()/strtoull()

[Luiz Capitulino]

It's not checked currently, so something like:

  (qemu) balloon -100000000000001111114334234
  (qemu)

Will just "work" (in this case the balloon command will get a random
value).

Fix it by checking if strtoul()/strtoull() overflowed.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
---
 monitor.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/monitor.c b/monitor.c
index 8946a10..bf60984 100644
--- a/monitor.c
+++ b/monitor.c
@@ -3120,11 +3120,15 @@ static int64_t expr_unary(Monitor *mon)
         n = 0;
         break;
     default:
+        errno = 0;
 #if TARGET_PHYS_ADDR_BITS > 32
         n = strtoull(pch, &p, 0);
 #else
         n = strtoul(pch, &p, 0);
 #endif
+        if (errno == ERANGE) {
+            expr_error(mon, "number too large");
+        }
         if (pch == p) {
             expr_error(mon, "invalid char in expression");
         }
-- 
1.7.9.2.384.g4a92a

[Qemu-devel] [PATCH 2/2] hmp: fix bad value conversion for M type

[Luiz Capitulino]

The M type converts from megabytes to bytes. However, the value can be
negative before the conversion, which will lead to a flawed conversion.

For example, this:

 (qemu) balloon -1000000000000011
 (qemu)

Just "works", but the value passed by the balloon command will be
something else.

This patch fixes this problem by requering a positive value before
converting. There's really no reason to accept a negative value for
the M type.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
---
 monitor.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/monitor.c b/monitor.c
index bf60984..12a6fe2 100644
--- a/monitor.c
+++ b/monitor.c
@@ -89,8 +89,8 @@
  *              TODO lift the restriction
  * 'i'          32 bit integer
  * 'l'          target long (32 or 64 bit)
- * 'M'          just like 'l', except in user mode the value is
- *              multiplied by 2^20 (think Mebibyte)
+ * 'M'          Non-negative target long (32 or 64 bit), in user mode the
+ *              value is multiplied by 2^20 (think Mebibyte)
  * 'o'          octets (aka bytes)
  *              user mode accepts an optional T, t, G, g, M, m, K, k
  *              suffix, which multiplies the value by 2^40 for
@@ -3622,6 +3622,10 @@ static const mon_cmd_t *monitor_parse_command(Monitor *mon,
                     monitor_printf(mon, "integer is for 32-bit values\n");
                     goto fail;
                 } else if (c == 'M') {
+                    if (val < 0) {
+                        monitor_printf(mon, "enter a positive value\n");
+                        goto fail;
+                    }
                     val <<= 20;
                 }
                 qdict_put(qdict, key, qint_from_int(val));
-- 
1.7.9.2.384.g4a92a

Re: [Qemu-devel] [PATCH v4 0/2]: hmp: integer parsing fixes

[Eric Blake]

[-- Attachment #1: Type: text/plain, Size: 504 bytes --]

On 05/07/2012 08:09 AM, Luiz Capitulino wrote:
> I've decided to implement Markus's suggestion (ie. check only for ERANGE) to
> avoid needless discussions on a simple thing...
> 
> o V4
> 
> - Check only for ERANGE in expr_unary() [Markus]
> 
>  monitor.c |   12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)

Series: Reviewed-by: Eric Blake <eblake@redhat.com>

-- 
Eric Blake   eblake@redhat.com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 620 bytes --]