From: Eric Blake <eblake@redhat.com>
To: Stefan Hajnoczi <stefanha@gmail.com>, Liu Yuan <namei.unix@gmail.com>
Cc: Kevin Wolf <kwolf@redhat.com>,
sheepdog@lists.wpkg.org, qemu-devel@nongnu.org,
Stefan Hajnoczi <stefanha@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v5 2/2] sheepdog: support user-defined redundancy option
Date: Tue, 05 Nov 2013 08:46:07 -0700 [thread overview]
Message-ID: <527912BF.2040003@redhat.com> (raw)
In-Reply-To: <20131105143759.GE16457@stefanha-thinkpad.redhat.com>
[-- Attachment #1: Type: text/plain, Size: 1213 bytes --]
On 11/05/2013 07:37 AM, Stefan Hajnoczi wrote:
>> +
>> + copy = strtol(n1, NULL, 10);
>> + if (copy > SD_MAX_COPIES) {
>> + return -EINVAL;
>> + }
>
> The string manipulation can be simplified using sscanf(3) and
> is_numeric() can be dropped:
>
> static int parse_redundancy(BDRVSheepdogState *s, const char *opt)
> {
> struct SheepdogInode *inode = &s->inode;
> uint8_t copy, parity;
> int n;
>
> n = sscanf(opt, "%hhu:%hhu", ©, &parity);
Personally, I detest the use of sscanf() to parse integers out of
strings, because POSIX says that behavior is undefined if overflow
occurs. For internal strings, you can get away with it. But for
untrusted input that did not originate in your process, a user can mess
you up by passing a string that parses larger than the integer you are
trying to store into, where the behavior is unspecified whether it wraps
around module 256, parses additional digits, or any other odd behavior.
By the time you've added code to sanitize untrusted input, it's just as
fast to use strtol() anyways.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 621 bytes --]
next prev parent reply other threads:[~2013-11-05 15:46 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-01 15:10 [Qemu-devel] [PATCH v5 RESENT 0/2] sheepdog: add user-defined redundancy option Liu Yuan
2013-11-01 15:10 ` [Qemu-devel] [PATCH v5 1/2] sheepdog: refactor do_sd_create() Liu Yuan
2013-11-01 15:10 ` [Qemu-devel] [PATCH v5 2/2] sheepdog: support user-defined redundancy option Liu Yuan
2013-11-05 14:37 ` Stefan Hajnoczi
2013-11-05 15:46 ` Eric Blake [this message]
2013-11-06 9:34 ` Stefan Hajnoczi
2013-11-07 14:58 ` Liu Yuan
2013-11-01 17:46 ` [Qemu-devel] [sheepdog] [PATCH v5 RESENT 0/2] sheepdog: add " MORITA Kazutaka
-- strict thread matches above, loose matches on Subject: below --
2013-11-01 15:06 [Qemu-devel] [PATCH v5 " Liu Yuan
2013-11-01 15:06 ` [Qemu-devel] [PATCH v5 2/2] sheepdog: support " Liu Yuan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=527912BF.2040003@redhat.com \
--to=eblake@redhat.com \
--cc=kwolf@redhat.com \
--cc=namei.unix@gmail.com \
--cc=qemu-devel@nongnu.org \
--cc=sheepdog@lists.wpkg.org \
--cc=stefanha@gmail.com \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).