From patchwork Wed Apr 25 09:23:24 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Andreas_F=C3=A4rber?= <afaerber@suse.de>
X-Patchwork-Id: 154867
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 4C8ACB6FBD
	for <incoming@patchwork.ozlabs.org>;
	Wed, 25 Apr 2012 20:25:10 +1000 (EST)
Received: from localhost ([::1]:40768 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1SMySx-0007U9-2M
	for incoming@patchwork.ozlabs.org; Wed, 25 Apr 2012 05:24:51 -0400
Received: from eggs.gnu.org ([208.118.235.92]:37887)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <afaerber@suse.de>) id 1SMyRz-0005Ax-07
	for qemu-devel@nongnu.org; Wed, 25 Apr 2012 05:23:55 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <afaerber@suse.de>) id 1SMyRr-0005NG-1b
	for qemu-devel@nongnu.org; Wed, 25 Apr 2012 05:23:50 -0400
Received: from cantor2.suse.de ([195.135.220.15]:38140 helo=mx2.suse.de)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <afaerber@suse.de>) id 1SMyRq-0005Mw-SE
	for qemu-devel@nongnu.org; Wed, 25 Apr 2012 05:23:42 -0400
Received: from relay2.suse.de (unknown [195.135.220.254])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx2.suse.de (Postfix) with ESMTP id C61E1A398E;
	Wed, 25 Apr 2012 11:23:41 +0200 (CEST)
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
To: qemu-devel@nongnu.org
Date: Wed, 25 Apr 2012 11:23:24 +0200
Message-Id: <1335345816-22452-4-git-send-email-afaerber@suse.de>
X-Mailer: git-send-email 1.7.7
In-Reply-To: <1335345816-22452-1-git-send-email-afaerber@suse.de>
References: <1335345816-22452-1-git-send-email-afaerber@suse.de>
MIME-Version: 1.0
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4-2.6
X-Received-From: 195.135.220.15
Cc: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>,
	Anthony Liguori <anthony@codemonkey.ws>
Subject: [Qemu-devel] [PATCH v3 03/15] target-i386: Add range check for -cpu
	, family=x
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

A family field value of 0xf and extended family field value of 0xff is
the maximum representable unsigned family number.
All other CPUID property values are bounds-checked, so add a check here
for symmetry before we adopt it in a property setter.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
---
 target-i386/cpu.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 3dc0f80..5cebb3d 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -691,7 +691,7 @@ static int cpu_x86_find_by_name(x86_def_t *x86_cpu_def, const char *cpu_model)
             if (!strcmp(featurestr, "family")) {
                 char *err;
                 numvalue = strtoul(val, &err, 0);
-                if (!*val || *err) {
+                if (!*val || *err || numvalue > 0xff + 0xf) {
                     fprintf(stderr, "bad numerical value %s\n", val);
                     goto error;
                 }