From 3403e5eb884f3a74c40fe7cccc103f848c040215 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 21 Feb 2017 21:13:53 +0100 Subject: [PATCH] option: Fix to reject invalid and overflowing numbers parse_option_number() fails to check for these errors after strtoull(). Has always been broken. Fix that. Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake Message-Id: <1487708048-2131-10-git-send-email-armbru@redhat.com> --- tests/test-qemu-opts.c | 19 ++++++++----------- util/qemu-option.c | 11 ++++++++--- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/tests/test-qemu-opts.c b/tests/test-qemu-opts.c index 310485bb2e..8b92f7b0dc 100644 --- a/tests/test-qemu-opts.c +++ b/tests/test-qemu-opts.c @@ -603,17 +603,15 @@ static void test_opts_parse_number(void) /* Above upper limit */ opts = qemu_opts_parse(&opts_list_01, "number1=18446744073709551616", - false, &error_abort); - /* BUG: should reject */ - g_assert_cmpuint(opts_count(opts), ==, 1); - g_assert_cmpuint(qemu_opt_get_number(opts, "number1", 1), ==, UINT64_MAX); + false, &err); + error_free_or_abort(&err); + g_assert(!opts); /* Below lower limit */ opts = qemu_opts_parse(&opts_list_01, "number1=-18446744073709551616", - false, &error_abort); - /* BUG: should reject */ - g_assert_cmpuint(opts_count(opts), ==, 1); - g_assert_cmpuint(qemu_opt_get_number(opts, "number1", 1), ==, UINT64_MAX); + false, &err); + error_free_or_abort(&err); + g_assert(!opts); /* Hex and octal */ opts = qemu_opts_parse(&opts_list_01, "number1=0x2a,number2=052", @@ -624,9 +622,8 @@ static void test_opts_parse_number(void) /* Invalid */ opts = qemu_opts_parse(&opts_list_01, "number1=", false, &err); - /* BUG: should reject */ - g_assert_cmpuint(opts_count(opts), ==, 1); - g_assert_cmpuint(qemu_opt_get_number(opts, "number1", 1), ==, 0); + error_free_or_abort(&err); + g_assert(!opts); opts = qemu_opts_parse(&opts_list_01, "number1=eins", false, &err); error_free_or_abort(&err); g_assert(!opts); diff --git a/util/qemu-option.c b/util/qemu-option.c index 9708668847..273d00d485 100644 --- a/util/qemu-option.c +++ b/util/qemu-option.c @@ -141,11 +141,16 @@ static void parse_option_bool(const char *name, const char *value, bool *ret, static void parse_option_number(const char *name, const char *value, uint64_t *ret, Error **errp) { - char *postfix; uint64_t number; + int err; - number = strtoull(value, &postfix, 0); - if (*postfix != '\0') { + err = qemu_strtou64(value, NULL, 0, &number); + if (err == -ERANGE) { + error_setg(errp, "Value '%s' is too large for parameter '%s'", + value, name); + return; + } + if (err) { error_setg(errp, QERR_INVALID_PARAMETER_VALUE, name, "a number"); return; }