| Message ID | 1335532712-11899-2-git-send-email-lcapitulino@redhat.com |
|---|---|
| State | New |
| Headers | show |
Luiz Capitulino <lcapitulino@redhat.com> writes: > It's not checked currently, so something like: > > (qemu) balloon -100000000000001111114334234 > (qemu) > > Will just "work" (in this case the balloon command will get a random > value). > > Fix it by checking if strtoul()/strtoull() overflowed. > > Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> > --- > monitor.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/monitor.c b/monitor.c > index 8946a10..56ee971 100644 > --- a/monitor.c > +++ b/monitor.c > @@ -3120,10 +3120,17 @@ static int64_t expr_unary(Monitor *mon) > n = 0; > break; > default: > + errno = 0; > #if TARGET_PHYS_ADDR_BITS > 32 > n = strtoull(pch, &p, 0); > + if (n == ULLONG_MAX && errno == ERANGE) { > + expr_error(mon, "number too large"); > + } > #else > n = strtoul(pch, &p, 0); > + if (n == ULONG_MAX && errno == ERANGE) { > + expr_error(mon, "number too large"); > + } > #endif > if (pch == p) { > expr_error(mon, "invalid char in expression"); Roundabout way to do + errno = 0; #if TARGET_PHYS_ADDR_BITS > 32 n = strtoull(pch, &p, 0); #else n = strtoul(pch, &p, 0); #endif + if (errno == ERANGE) { + expr_error(mon, "number too large"); + } if (pch == p) { expr_error(mon, "invalid char in expression");
On Fri, 27 Apr 2012 15:28:56 +0200 Markus Armbruster <armbru@redhat.com> wrote: > Luiz Capitulino <lcapitulino@redhat.com> writes: > > > It's not checked currently, so something like: > > > > (qemu) balloon -100000000000001111114334234 > > (qemu) > > > > Will just "work" (in this case the balloon command will get a random > > value). > > > > Fix it by checking if strtoul()/strtoull() overflowed. > > > > Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> > > --- > > monitor.c | 7 +++++++ > > 1 file changed, 7 insertions(+) > > > > diff --git a/monitor.c b/monitor.c > > index 8946a10..56ee971 100644 > > --- a/monitor.c > > +++ b/monitor.c > > @@ -3120,10 +3120,17 @@ static int64_t expr_unary(Monitor *mon) > > n = 0; > > break; > > default: > > + errno = 0; > > #if TARGET_PHYS_ADDR_BITS > 32 > > n = strtoull(pch, &p, 0); > > + if (n == ULLONG_MAX && errno == ERANGE) { > > + expr_error(mon, "number too large"); > > + } > > #else > > n = strtoul(pch, &p, 0); > > + if (n == ULONG_MAX && errno == ERANGE) { > > + expr_error(mon, "number too large"); > > + } > > #endif > > if (pch == p) { > > expr_error(mon, "invalid char in expression"); > > Roundabout way to do > > + errno = 0; > #if TARGET_PHYS_ADDR_BITS > 32 > n = strtoull(pch, &p, 0); > #else > n = strtoul(pch, &p, 0); > #endif > + if (errno == ERANGE) { > + expr_error(mon, "number too large"); > + } > if (pch == p) { > expr_error(mon, "invalid char in expression"); I really have a preference for doing what's described by the standard. At the same time I think this is really minor. The duplication you're fixing is going to be fixed once we introduce a wrapper for strtoul()/stroull().
diff --git a/monitor.c b/monitor.c index 8946a10..56ee971 100644 --- a/monitor.c +++ b/monitor.c @@ -3120,10 +3120,17 @@ static int64_t expr_unary(Monitor *mon) n = 0; break; default: + errno = 0; #if TARGET_PHYS_ADDR_BITS > 32 n = strtoull(pch, &p, 0); + if (n == ULLONG_MAX && errno == ERANGE) { + expr_error(mon, "number too large"); + } #else n = strtoul(pch, &p, 0); + if (n == ULONG_MAX && errno == ERANGE) { + expr_error(mon, "number too large"); + } #endif if (pch == p) { expr_error(mon, "invalid char in expression");
It's not checked currently, so something like: (qemu) balloon -100000000000001111114334234 (qemu) Will just "work" (in this case the balloon command will get a random value). Fix it by checking if strtoul()/strtoull() overflowed. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> --- monitor.c | 7 +++++++ 1 file changed, 7 insertions(+)