From: Hanna Czenczek <hreitz@redhat.com>
To: Eric Blake <eblake@redhat.com>, qemu-devel@nongnu.org
Subject: Re: [PATCH 06/11] test-cutils: Add more coverage to qemu_strtosz
Date: Tue, 9 May 2023 17:15:04 +0200 [thread overview]
Message-ID: <e2aca275-8a19-b0b7-8939-aefd29ce270b@redhat.com> (raw)
In-Reply-To: <20230508200343.791450-7-eblake@redhat.com>
On 08.05.23 22:03, Eric Blake wrote:
> Add some more strings that the user might send our way. In
> particular, some of these additions include FIXME comments showing
> where our parser doesn't quite behave the way we want.
>
> Signed-off-by: Eric Blake <eblake@redhat.com>
> ---
> tests/unit/test-cutils.c | 226 +++++++++++++++++++++++++++++++++++++--
> 1 file changed, 215 insertions(+), 11 deletions(-)
>
> diff --git a/tests/unit/test-cutils.c b/tests/unit/test-cutils.c
> index afae2ee5331..9fa6fb042e8 100644
> --- a/tests/unit/test-cutils.c
> +++ b/tests/unit/test-cutils.c
[...]
> @@ -2875,6 +3056,20 @@ static void test_qemu_strtosz_trailing(void)
> err = qemu_strtosz(str, NULL, &res);
> g_assert_cmpint(err, ==, -EINVAL);
> g_assert_cmphex(res, ==, 0xbaadf00d);
> +
> + /* FIXME overflow in fraction is buggy */
> + str = "1.5E999";
> + endptr = NULL;
> + res = 0xbaadf00d;
> + err = qemu_strtosz(str, &endptr, &res);
> + g_assert_cmpint(err, ==, 0);
> + g_assert_cmpuint(res, ==, EiB /* FIXME EiB * 1.5 */);
> + g_assert(endptr == str + 9 /* FIXME + 4 */);
> +
> + res = 0xbaadf00d;
> + err = qemu_strtosz(str, NULL, &res);
> + g_assert_cmpint(err, ==, -EINVAL);
> + g_assert_cmphex(res, ==, 0xbaadf00d);
Got it now!
Our problem is that `endptr` is beyond the end of the string, precisely
as gcc complains. The data there is undefined, and depending on the
value in the g_assert_cmpuint() (which is converted to strings for the
potential error message) it sometimes is "endptr == str + 9" (the one in
the g_assert()) and sometimes isn’t.
If it is "endptr == str + 9", then the 'e' is taken as a suffix, which
makes `res == EiB`, and `endptr == "ndptr == str + 9"`.
If it isn’t, well, it might be anything, so there often is no valid
suffix, making `res == 1`.
So the solution is to set `str = "1.5E999\0\0"`, so we don’t get out of
bounds and know exactly what will be parsed. Then, at str[8] there is
no valid suffix (it’s \0), so `res == 1` and `endptr == str + 8`. This
will then lead to the qemu_strtosz(str, NULL, &res) below succeed,
because, well, it’s a valid number. I suppose it failed on your end
because the out-of-bounds `str[9]` value was not '\0'.
That was a fun debugging session.
Hanna
next prev parent reply other threads:[~2023-05-09 15:15 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-08 20:03 [PATCH 00/11] Fix qemu_strtosz() read-out-of-bounds Eric Blake
2023-05-08 20:03 ` [PATCH 01/11] test-cutils: Avoid g_assert in unit tests Eric Blake
2023-05-08 20:03 ` [PATCH 02/11] test-cutils: Use g_assert_cmpuint where appropriate Eric Blake
2023-05-08 20:03 ` [PATCH 03/11] test-cutils: Test integral qemu_strto* value on failures Eric Blake
2023-05-08 20:03 ` [PATCH 04/11] test-cutils: Add coverage of qemu_strtod Eric Blake
2023-05-08 20:03 ` [PATCH 05/11] test-cutils: Prepare for upcoming semantic change in qemu_strtosz Eric Blake
2023-05-08 20:03 ` [PATCH 06/11] test-cutils: Add more coverage to qemu_strtosz Eric Blake
2023-05-09 12:31 ` Hanna Czenczek
2023-05-09 12:42 ` Hanna Czenczek
2023-05-09 16:06 ` Eric Blake
2023-05-09 15:15 ` Hanna Czenczek [this message]
2023-05-09 15:50 ` Eric Blake
2023-05-09 16:10 ` Eric Blake
2023-05-08 20:03 ` [PATCH 07/11] numa: Check for qemu_strtosz_MiB error Eric Blake
2023-05-08 21:15 ` Eric Blake
2023-05-08 20:03 ` [PATCH 08/11] cutils: Set value in all qemu_strtosz* error paths Eric Blake
2023-05-08 20:03 ` [PATCH 09/11] cutils: Set value in all integral qemu_strto* " Eric Blake
2023-05-08 20:03 ` [PATCH 10/11] cutils: Improve qemu_strtod* " Eric Blake
2023-05-08 20:03 ` [PATCH 11/11] cutils: Improve qemu_strtosz handling of fractions Eric Blake
2023-05-08 21:21 ` Eric Blake
2023-05-09 17:54 ` Hanna Czenczek
2023-05-09 21:28 ` Eric Blake
2023-05-10 7:46 ` Hanna Czenczek
2023-05-10 7:48 ` Hanna Czenczek
2023-05-09 17:55 ` [PATCH 00/11] Fix qemu_strtosz() read-out-of-bounds Hanna Czenczek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e2aca275-8a19-b0b7-8939-aefd29ce270b@redhat.com \
--to=hreitz@redhat.com \
--cc=eblake@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).