From patchwork Thu May 21 12:24:11 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Dr. David Alan Gilbert" X-Patchwork-Id: 474989 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id D9C2514075F for ; Thu, 21 May 2015 22:24:55 +1000 (AEST) Received: from localhost ([::1]:57307 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YvPWv-0001o2-JD for incoming@patchwork.ozlabs.org; Thu, 21 May 2015 08:24:53 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54814) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YvPWU-000115-Dk for qemu-devel@nongnu.org; Thu, 21 May 2015 08:24:27 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YvPWS-0001jk-PF for qemu-devel@nongnu.org; Thu, 21 May 2015 08:24:26 -0400 Received: from mx1.redhat.com ([209.132.183.28]:58835) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YvPWS-0001jW-HQ for qemu-devel@nongnu.org; Thu, 21 May 2015 08:24:24 -0400 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t4LCOLcY021775 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 21 May 2015 08:24:21 -0400 Received: from dgilbert-t530.redhat.com (ovpn-116-101.ams2.redhat.com [10.36.116.101]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t4LCOHsB002227; Thu, 21 May 2015 08:24:20 -0400 From: "Dr. David Alan Gilbert (git)" To: qemu-devel@nongnu.org Date: Thu, 21 May 2015 13:24:11 +0100 Message-Id: <1432211056-6265-2-git-send-email-dgilbert@redhat.com> In-Reply-To: <1432211056-6265-1-git-send-email-dgilbert@redhat.com> References: <1432211056-6265-1-git-send-email-dgilbert@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 209.132.183.28 Cc: amit.shah@redhat.com, david@gibson.dropbear.id.au, quintela@redhat.com Subject: [Qemu-devel] [PATCH 1/6] Add qemu_get_counted_string to read a string prefixed by a count byte X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org From: "Dr. David Alan Gilbert" and use it in loadvm_state and ram_load. Where ever it's used, check the return and error if it failed. Minor: ram_load was using a 257 byte array for its string, the maximum length is 255 bytes + 0 terminator, so fix to 256 Signed-off-by: Dr. David Alan Gilbert Reviewed-by: Amit Shah Reviewed-by: David Gibson Reviewed-by: Juan Quintela --- arch_init.c | 9 +++++---- include/migration/qemu-file.h | 3 +++ migration/qemu-file.c | 17 +++++++++++++++++ savevm.c | 11 ++++++----- 4 files changed, 31 insertions(+), 9 deletions(-) diff --git a/arch_init.c b/arch_init.c index 23d3feb..7e97eb1 100644 --- a/arch_init.c +++ b/arch_init.c @@ -1593,13 +1593,14 @@ static int ram_load(QEMUFile *f, void *opaque, int version_id) total_ram_bytes = addr; while (!ret && total_ram_bytes) { RAMBlock *block; - uint8_t len; char id[256]; ram_addr_t length; - len = qemu_get_byte(f); - qemu_get_buffer(f, (uint8_t *)id, len); - id[len] = 0; + if (!qemu_get_counted_string(f, id)) { + error_report("Failed to read ID string of RAM Block"); + ret = -EINVAL; + break; + } length = qemu_get_be64(f); QLIST_FOREACH_RCU(block, &ram_list.blocks, next) { diff --git a/include/migration/qemu-file.h b/include/migration/qemu-file.h index a01c5b8..318aa1e 100644 --- a/include/migration/qemu-file.h +++ b/include/migration/qemu-file.h @@ -312,4 +312,7 @@ static inline void qemu_get_sbe64s(QEMUFile *f, int64_t *pv) { qemu_get_be64s(f, (uint64_t *)pv); } + +size_t qemu_get_counted_string(QEMUFile *f, char buf[256]); + #endif diff --git a/migration/qemu-file.c b/migration/qemu-file.c index 2750365..0ef543a 100644 --- a/migration/qemu-file.c +++ b/migration/qemu-file.c @@ -585,3 +585,20 @@ int qemu_put_qemu_file(QEMUFile *f_des, QEMUFile *f_src) } return len; } + +/* + * Get a string whose length is determined by a single preceding byte + * A preallocated 256 byte buffer must be passed in. + * Returns: len on success and a 0 terminated string in the buffer + * else 0 + * (Note a 0 length string will return 0 either way) + */ +size_t qemu_get_counted_string(QEMUFile *f, char buf[256]) +{ + size_t len = qemu_get_byte(f); + size_t res = qemu_get_buffer(f, (uint8_t *)buf, len); + + buf[res] = 0; + + return res == len ? res : 0; +} diff --git a/savevm.c b/savevm.c index 3b0e222..c162dfd 100644 --- a/savevm.c +++ b/savevm.c @@ -964,8 +964,7 @@ int qemu_loadvm_state(QEMUFile *f) while ((section_type = qemu_get_byte(f)) != QEMU_VM_EOF) { uint32_t instance_id, version_id, section_id; SaveStateEntry *se; - char idstr[257]; - int len; + char idstr[256]; trace_qemu_loadvm_state_section(section_type); switch (section_type) { @@ -973,9 +972,11 @@ int qemu_loadvm_state(QEMUFile *f) case QEMU_VM_SECTION_FULL: /* Read section start */ section_id = qemu_get_be32(f); - len = qemu_get_byte(f); - qemu_get_buffer(f, (uint8_t *)idstr, len); - idstr[len] = 0; + if (!qemu_get_counted_string(f, idstr)) { + error_report("Unable to read ID string for section %u", + section_id); + return -EINVAL; + } instance_id = qemu_get_be32(f); version_id = qemu_get_be32(f);