From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:55704) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vdipi-0002Y2-Tq for qemu-devel@nongnu.org; Tue, 05 Nov 2013 10:46:27 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Vdipd-0004qP-Ak for qemu-devel@nongnu.org; Tue, 05 Nov 2013 10:46:22 -0500 Received: from mx1.redhat.com ([209.132.183.28]:57078) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vdipd-0004qA-3X for qemu-devel@nongnu.org; Tue, 05 Nov 2013 10:46:17 -0500 Message-ID: <527912BF.2040003@redhat.com> Date: Tue, 05 Nov 2013 08:46:07 -0700 From: Eric Blake MIME-Version: 1.0 References: <1383318613-490-1-git-send-email-namei.unix@gmail.com> <1383318613-490-3-git-send-email-namei.unix@gmail.com> <20131105143759.GE16457@stefanha-thinkpad.redhat.com> In-Reply-To: <20131105143759.GE16457@stefanha-thinkpad.redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="BMRiA1w4l2NnJqIg1PBImxBcqRcXQcl7p" Subject: Re: [Qemu-devel] [PATCH v5 2/2] sheepdog: support user-defined redundancy option List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefan Hajnoczi , Liu Yuan Cc: Kevin Wolf , sheepdog@lists.wpkg.org, qemu-devel@nongnu.org, Stefan Hajnoczi This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --BMRiA1w4l2NnJqIg1PBImxBcqRcXQcl7p Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/05/2013 07:37 AM, Stefan Hajnoczi wrote: >> + >> + copy =3D strtol(n1, NULL, 10); >> + if (copy > SD_MAX_COPIES) { >> + return -EINVAL; >> + } >=20 > The string manipulation can be simplified using sscanf(3) and > is_numeric() can be dropped: >=20 > static int parse_redundancy(BDRVSheepdogState *s, const char *opt) > { > struct SheepdogInode *inode =3D &s->inode; > uint8_t copy, parity; > int n; >=20 > n =3D sscanf(opt, "%hhu:%hhu", ©, &parity); Personally, I detest the use of sscanf() to parse integers out of strings, because POSIX says that behavior is undefined if overflow occurs. For internal strings, you can get away with it. But for untrusted input that did not originate in your process, a user can mess you up by passing a string that parses larger than the integer you are trying to store into, where the behavior is unspecified whether it wraps around module 256, parses additional digits, or any other odd behavior. By the time you've added code to sanitize untrusted input, it's just as fast to use strtol() anyways. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --BMRiA1w4l2NnJqIg1PBImxBcqRcXQcl7p Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSeRK/AAoJEKeha0olJ0NqbukIAJfBkTeBVFC/bUfWiOU2KrQI /NfAJCYekX/FuKIHXzGelvz3UgmNkPqIa8IlPv4R1BfJkeBI/c0yMXdmk+QOKTCr idSVE/LxUpvuCxR7WgkTXfXq77zdNsXvAcpCsXn6JfNpsqhas9oN+pYSP70xxLs+ ghJTCoIWDfmjepRW5/MDNpAHJkYrFYg4STikIeF9FlKBpiaT5GcKe6PLrVK3H2Dx nk/FAkv7i2gt3qnfVPbdeJukSMdy5IdPv1zJgghp5Z6z+6ceP17mjq7Ak8OrRjuW 0olnCZAIG/cxdSlwS4h5W+RWHnOuwwMplLgjwjBi9Wd0dPHM/I07pcL/WwD6MiQ= =zTNK -----END PGP SIGNATURE----- --BMRiA1w4l2NnJqIg1PBImxBcqRcXQcl7p--