From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:51761)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mreitz@redhat.com>) id 1ab9dl-0001Az-07
	for qemu-devel@nongnu.org; Wed, 02 Mar 2016 11:28:45 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mreitz@redhat.com>) id 1ab9dk-0008WJ-6d
	for qemu-devel@nongnu.org; Wed, 02 Mar 2016 11:28:44 -0500
References: <e56fc50abedd9a112e0683342c8eafda063cd2f9.1456935548.git.jcody@redhat.com>
From: Max Reitz <mreitz@redhat.com>
Message-ID: <56D714B3.3020206@redhat.com>
Date: Wed, 2 Mar 2016 17:28:35 +0100
MIME-Version: 1.0
In-Reply-To: <e56fc50abedd9a112e0683342c8eafda063cd2f9.1456935548.git.jcody@redhat.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="XJugnAHCMJM7wr2RMvh28g9cafJgFFg6c"
Subject: Re: [Qemu-devel] [PATCH v3 1/1] block/sheepdog: fix argument passed
 to qemu_strtoul()
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Jeff Cody <jcody@redhat.com>, qemu-block@nongnu.org
Cc: kwolf@redhat.com, mitake.hitoshi@lab.ntt.co.jp, qemu-devel@nongnu.org, v.tolstov@selfip.ru, pbonzini@redhat.com, namei.unix@gmail.com

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--XJugnAHCMJM7wr2RMvh28g9cafJgFFg6c
Content-Type: multipart/mixed; boundary="rR87VWnlBPdhFPEeDjwi0scQomM6xC9jm"
From: Max Reitz <mreitz@redhat.com>
To: Jeff Cody <jcody@redhat.com>, qemu-block@nongnu.org
Cc: qemu-devel@nongnu.org, kwolf@redhat.com, namei.unix@gmail.com,
 mitake.hitoshi@lab.ntt.co.jp, v.tolstov@selfip.ru, pbonzini@redhat.com
Message-ID: <56D714B3.3020206@redhat.com>
Subject: Re: [PATCH v3 1/1] block/sheepdog: fix argument passed to
 qemu_strtoul()
References: <e56fc50abedd9a112e0683342c8eafda063cd2f9.1456935548.git.jcody@redhat.com>
In-Reply-To: <e56fc50abedd9a112e0683342c8eafda063cd2f9.1456935548.git.jcody@redhat.com>

--rR87VWnlBPdhFPEeDjwi0scQomM6xC9jm
Content-Type: text/plain; charset=iso-8859-15
Content-Transfer-Encoding: quoted-printable

On 02.03.2016 17:24, Jeff Cody wrote:
> The function qemu_strtoul() reads 'unsigned long' sized data,
> which is larger than uint32_t on 64-bit machines.
>=20
> Even though the snap_id field in the header is 32-bits, we must
> accomodate the full size in qemu_strtoul().
>=20
> This patch also adds more meaningful error handling to the
> qemu_strtoul() call, and subsequent results.
>=20
> Reported-by: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Jeff Cody <jcody@redhat.com>
> ---
>  block/sheepdog.c | 11 +++++++----
>  1 file changed, 7 insertions(+), 4 deletions(-)
>=20
> diff --git a/block/sheepdog.c b/block/sheepdog.c
> index 8739acc..87f0027 100644
> --- a/block/sheepdog.c
> +++ b/block/sheepdog.c
> @@ -2543,7 +2543,7 @@ static int sd_snapshot_delete(BlockDriverState *b=
s,
>                                const char *name,
>                                Error **errp)
>  {
> -    uint32_t snap_id =3D 0;
> +    unsigned long snap_id =3D 0;
>      char snap_tag[SD_MAX_VDI_TAG_LEN];
>      Error *local_err =3D NULL;
>      int fd, ret;
> @@ -2565,12 +2565,15 @@ static int sd_snapshot_delete(BlockDriverState =
*bs,
>      memset(buf, 0, sizeof(buf));
>      memset(snap_tag, 0, sizeof(snap_tag));
>      pstrcpy(buf, SD_MAX_VDI_LEN, s->name);
> -    if (qemu_strtoul(snapshot_id, NULL, 10, (unsigned long *)&snap_id)=
) {
> -        return -1;
> +    ret =3D qemu_strtoul(snapshot_id, NULL, 10, &snap_id);
> +    if (ret || snap_id > UINT32_MAX) {
> +        error_setg(errp, "Invalid snapshot ID: %s",
> +                         snapshot_id ? snapshot_id : "<null>");
> +        return -EINVAL;
>      }
> =20
>      if (snap_id) {
> -        hdr.snapid =3D snap_id;
> +        hdr.snapid =3D (uint32_t) snap_id;

BTW, not so sure why you are doing an explicit cast to uint32_t here but
not in the call to find_vdi_name() below. But I'll spare you a v4 :-)

Reviewed-by: Max Reitz <mreitz@redhat.com>

>      } else {
>          pstrcpy(snap_tag, sizeof(snap_tag), snapshot_id);
>          pstrcpy(buf + SD_MAX_VDI_LEN, SD_MAX_VDI_TAG_LEN, snap_tag);
>=20



--rR87VWnlBPdhFPEeDjwi0scQomM6xC9jm--

--XJugnAHCMJM7wr2RMvh28g9cafJgFFg6c
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJW1xSzAAoJEDuxQgLoOKytk1cH/jJ1pu+4BIQy6fNbfC+dHs2n
tQ3hO2WZ3pDizQCYimVfqoQSFehjegRLz/mPd86NyvmygqYqfnDQ9c6tCxkb4jPo
LA73AEyxWeAU/pmdd7qj0KZqKvUJo0r/Vs3yPsb77xx/mvwR6R9ngnmkA1QF9Ik0
5Qs11HhovV6T66x5wzvZ4PadkV4hYvuDSgBUWnRA9LNPAFdFkoXLWQmaEUGQSPCs
2QbcUBZbo8jY4hUAqm6mWEG6Sn4kZqRuF4VB0toZv9v6UrnRstB7nLAocbyDoNKH
7Eq2vKz9q/ZgfSx7p1io7QRN5UQv8sekKtPxXwJurD9cHqfKEvAGWOPh/h2JFeA=
=bIym
-----END PGP SIGNATURE-----

--XJugnAHCMJM7wr2RMvh28g9cafJgFFg6c--