ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

nbd and misc patches for 2023-06-01 

- Eric Blake: Fix iotest 104 for NBD
 - Eric Blake: Improve qcow2 spec on padding bytes
 - Eric Blake: Fix read-beyond-bounds bug in qemu_strtosz
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEccLMIrHEYCkn0vOqp6FrSiUnQ2oFAmR6JzEACgkQp6FrSiUn
 Q2oGwgf+PIaN8iedQo5KR08OEf9YxJXab7nL5Oh12+ZvrPOt8XoJcd585KblQ1YI
 3bGC4CO1l4QO3xmKltVHi7hnlX+3/8WMEvh0jBQBG1AjjPCi5Y1A/gGTEJFX60Ux
 /ffEpo8+1vaHQ8srkxBMWIvpF/dYRaMXSm/CP5SNqTllTalTR46YHKL9odXTzIeN
 0Zu9UQw/Jwp5A9/8KB+0M9SYXA6zOEmEqEyOwVESEAU2Lm7titwqdBny6GZc6DH6
 Sa2lKO0qQA/e9ya6jHm2c9ycoNCtQ/2VR8QuCd6WCf9DX8q/9RhdiJir+EK5gqp6
 3JRUFtx783d0BwPnUDUqPawi4txFtw==
 =Cg4e
 -----END PGP SIGNATURE-----

Merge tag 'pull-nbd-2023-06-01-v2' of https://repo.or.cz/qemu/ericb into staging

nbd and misc patches for 2023-06-01

- Eric Blake: Fix iotest 104 for NBD
- Eric Blake: Improve qcow2 spec on padding bytes
- Eric Blake: Fix read-beyond-bounds bug in qemu_strtosz

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEccLMIrHEYCkn0vOqp6FrSiUnQ2oFAmR6JzEACgkQp6FrSiUn
# Q2oGwgf+PIaN8iedQo5KR08OEf9YxJXab7nL5Oh12+ZvrPOt8XoJcd585KblQ1YI
# 3bGC4CO1l4QO3xmKltVHi7hnlX+3/8WMEvh0jBQBG1AjjPCi5Y1A/gGTEJFX60Ux
# /ffEpo8+1vaHQ8srkxBMWIvpF/dYRaMXSm/CP5SNqTllTalTR46YHKL9odXTzIeN
# 0Zu9UQw/Jwp5A9/8KB+0M9SYXA6zOEmEqEyOwVESEAU2Lm7titwqdBny6GZc6DH6
# Sa2lKO0qQA/e9ya6jHm2c9ycoNCtQ/2VR8QuCd6WCf9DX8q/9RhdiJir+EK5gqp6
# 3JRUFtx783d0BwPnUDUqPawi4txFtw==
# =Cg4e
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 02 Jun 2023 10:30:25 AM PDT
# gpg:                using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full]
# gpg:                 aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full]
# gpg:                 aka "[jpeg image of size 6874]" [full]

* tag 'pull-nbd-2023-06-01-v2' of https://repo.or.cz/qemu/ericb: (21 commits)
  cutils: Improve qemu_strtosz handling of fractions
  cutils: Improve qemu_strtod* error paths
  cutils: Use parse_uint in qemu_strtosz for negative rejection
  cutils: Set value in all integral qemu_strto* error paths
  cutils: Set value in all qemu_strtosz* error paths
  test-cutils: Add more coverage to qemu_strtosz
  numa: Check for qemu_strtosz_MiB error
  cutils: Allow NULL str in qemu_strtosz
  test-cutils: Refactor qemu_strtosz tests for less boilerplate
  test-cutils: Prepare for upcoming semantic change in qemu_strtosz
  test-cutils: Add coverage of qemu_strtod
  cutils: Allow NULL endptr in parse_uint()
  cutils: Adjust signature of parse_uint[_full]
  cutils: Document differences between parse_uint and qemu_strtou64
  cutils: Fix wraparound parsing in qemu_strtoui
  test-cutils: Test more integer corner cases
  test-cutils: Test integral qemu_strto* value on failures
  test-cutils: Use g_assert_cmpuint where appropriate
  test-cutils: Avoid g_assert in unit tests
  qcow2: Explicit mention of padding bytes
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
This commit is contained in:
Richard Henderson 2023-06-02 14:57:22 -07:00
parent a86d7b9ec0 42cc08d13a
commit 24bc242c91
19 changed files with 2048 additions and 795 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
audio/audio_legacy.c
View File

@ -35,8 +35,8 @@
static uint32_t toui32(const char *str) static uint32_t toui32(const char *str)
{ {
unsigned long long ret; uint64_t ret;
if (parse_uint_full(str, &ret, 10) || ret > UINT32_MAX) { if (parse_uint_full(str, 10, &ret) || ret > UINT32_MAX) {
dolog("Invalid integer value `%s'\n", str); dolog("Invalid integer value `%s'\n", str);
exit(1); exit(1);
} }

4
block/gluster.c
View File

@ -424,7 +424,7 @@ static struct glfs *qemu_gluster_glfs_init(BlockdevOptionsGluster *gconf,
int ret; int ret;
int old_errno; int old_errno;
SocketAddressList *server; SocketAddressList *server;
unsigned long long port; uint64_t port;
glfs = glfs_find_preopened(gconf->volume); glfs = glfs_find_preopened(gconf->volume);
if (glfs) { if (glfs) {
@ -445,7 +445,7 @@ static struct glfs *qemu_gluster_glfs_init(BlockdevOptionsGluster *gconf,
server->value->u.q_unix.path, 0); server->value->u.q_unix.path, 0);
break; break;
case SOCKET_ADDRESS_TYPE_INET: case SOCKET_ADDRESS_TYPE_INET:
if (parse_uint_full(server->value->u.inet.port, &port, 10) < 0 || if (parse_uint_full(server->value->u.inet.port, 10, &port) < 0 ||
port > 65535) { port > 65535) {
error_setg(errp, "'%s' is not a valid port number", error_setg(errp, "'%s' is not a valid port number",
server->value->u.inet.port); server->value->u.inet.port);

4
block/nfs.c
View File

@ -114,13 +114,13 @@ static int nfs_parse_uri(const char *filename, QDict *options, Error **errp)
qdict_put_str(options, "path", uri->path); qdict_put_str(options, "path", uri->path);
for (i = 0; i < qp->n; i++) { for (i = 0; i < qp->n; i++) {
unsigned long long val; uint64_t val;
if (!qp->p[i].value) { if (!qp->p[i].value) {
error_setg(errp, "Value for NFS parameter expected: %s", error_setg(errp, "Value for NFS parameter expected: %s",
qp->p[i].name); qp->p[i].name);
goto out; goto out;
} }
if (parse_uint_full(qp->p[i].value, &val, 0)) { if (parse_uint_full(qp->p[i].value, 0, &val)) {
error_setg(errp, "Illegal value for NFS parameter: %s", error_setg(errp, "Illegal value for NFS parameter: %s",
qp->p[i].name); qp->p[i].name);
goto out; goto out;

4
blockdev.c
View File

@ -341,10 +341,10 @@ static bool parse_stats_intervals(BlockAcctStats *stats, QList *intervals,
switch (qobject_type(entry->value)) { switch (qobject_type(entry->value)) {
case QTYPE_QSTRING: { case QTYPE_QSTRING: {
unsigned long long length; uint64_t length;
const char *str = qstring_get_str(qobject_to(QString, const char *str = qstring_get_str(qobject_to(QString,
entry->value)); entry->value));
if (parse_uint_full(str, &length, 10) == 0 && if (parse_uint_full(str, 10, &length) == 0 &&
length > 0 && length <= UINT_MAX) { length > 0 && length <= UINT_MAX) {
block_acct_add_interval(stats, (unsigned) length); block_acct_add_interval(stats, (unsigned) length);
} else { } else {

4
contrib/ivshmem-server/main.c
View File

@ -69,7 +69,7 @@ static void
ivshmem_server_parse_args(IvshmemServerArgs *args, int argc, char *argv[]) ivshmem_server_parse_args(IvshmemServerArgs *args, int argc, char *argv[])
{ {
int c; int c;
unsigned long long v; uint64_t v;
Error *err = NULL; Error *err = NULL;
while ((c = getopt(argc, argv, "hvFp:S:m:M:l:n:")) != -1) { while ((c = getopt(argc, argv, "hvFp:S:m:M:l:n:")) != -1) {
@ -112,7 +112,7 @@ ivshmem_server_parse_args(IvshmemServerArgs *args, int argc, char *argv[])
break; break;
case 'n': /* number of vectors */ case 'n': /* number of vectors */
if (parse_uint_full(optarg, &v, 0) < 0) { if (parse_uint_full(optarg, 0, &v) < 0) {
fprintf(stderr, "cannot parse n_vectors\n"); fprintf(stderr, "cannot parse n_vectors\n");
ivshmem_server_help(argv[0]); ivshmem_server_help(argv[0]);
exit(1); exit(1);

1
docs/interop/qcow2.txt
View File

@ -226,6 +226,7 @@ version 2.
<https://www.zlib.net/> in QEMU. However, clusters with the <https://www.zlib.net/> in QEMU. However, clusters with the
deflate compression type do not have zlib headers. deflate compression type do not have zlib headers.
105 - 111: Padding, contents defined below.
=== Header padding === === Header padding ===

11
hw/core/numa.c
View File

@ -531,10 +531,17 @@ static int parse_numa(void *opaque, QemuOpts *opts, Error **errp)
/* Fix up legacy suffix-less format */ /* Fix up legacy suffix-less format */
if ((object->type == NUMA_OPTIONS_TYPE_NODE) && object->u.node.has_mem) { if ((object->type == NUMA_OPTIONS_TYPE_NODE) && object->u.node.has_mem) {
const char *mem_str = qemu_opt_get(opts, "mem"); const char *mem_str = qemu_opt_get(opts, "mem");
qemu_strtosz_MiB(mem_str, NULL, &object->u.node.mem); int ret = qemu_strtosz_MiB(mem_str, NULL, &object->u.node.mem);
if (ret < 0) {
error_setg_errno(&err, -ret, "could not parse memory size '%s'",
mem_str);
}
} }
set_numa_options(ms, object, &err); if (!err) {
set_numa_options(ms, object, &err);
}
qapi_free_NumaOptions(object); qapi_free_NumaOptions(object);
if (err) { if (err) {

5
include/qemu/cutils.h
View File

@ -163,9 +163,8 @@ int qemu_strtou64(const char *nptr, const char **endptr, int base,
int qemu_strtod(const char *nptr, const char **endptr, double *result); int qemu_strtod(const char *nptr, const char **endptr, double *result);
int qemu_strtod_finite(const char *nptr, const char **endptr, double *result); int qemu_strtod_finite(const char *nptr, const char **endptr, double *result);
int parse_uint(const char *s, unsigned long long *value, char **endptr, int parse_uint(const char *s, const char **endptr, int base, uint64_t *value);
int base); int parse_uint_full(const char *s, int base, uint64_t *value);
int parse_uint_full(const char *s, unsigned long long *value, int base);
int qemu_strtosz(const char *nptr, const char **end, uint64_t *result); int qemu_strtosz(const char *nptr, const char **end, uint64_t *result);
int qemu_strtosz_MiB(const char *nptr, const char **end, uint64_t *result); int qemu_strtosz_MiB(const char *nptr, const char **end, uint64_t *result);

12
qapi/opts-visitor.c
View File

@ -454,8 +454,8 @@ opts_type_uint64(Visitor *v, const char *name, uint64_t *obj, Error **errp)
OptsVisitor *ov = to_ov(v); OptsVisitor *ov = to_ov(v);
const QemuOpt *opt; const QemuOpt *opt;
const char *str; const char *str;
unsigned long long val; uint64_t val;
char *endptr; const char *endptr;
if (ov->list_mode == LM_UNSIGNED_INTERVAL) { if (ov->list_mode == LM_UNSIGNED_INTERVAL) {
*obj = ov->range_next.u; *obj = ov->range_next.u;
@ -471,18 +471,18 @@ opts_type_uint64(Visitor *v, const char *name, uint64_t *obj, Error **errp)
/* we've gotten past lookup_scalar() */ /* we've gotten past lookup_scalar() */
assert(ov->list_mode == LM_NONE || ov->list_mode == LM_IN_PROGRESS); assert(ov->list_mode == LM_NONE || ov->list_mode == LM_IN_PROGRESS);
if (parse_uint(str, &val, &endptr, 0) == 0 && val <= UINT64_MAX) { if (parse_uint(str, &endptr, 0, &val) == 0) {
if (*endptr == '\0') { if (*endptr == '\0') {
*obj = val; *obj = val;
processed(ov, name); processed(ov, name);
return true; return true;
} }
if (*endptr == '-' && ov->list_mode == LM_IN_PROGRESS) { if (*endptr == '-' && ov->list_mode == LM_IN_PROGRESS) {
unsigned long long val2; uint64_t val2;
str = endptr + 1; str = endptr + 1;
if (parse_uint_full(str, &val2, 0) == 0 && if (parse_uint_full(str, 0, &val2) == 0 &&
val2 <= UINT64_MAX && val <= val2 && val <= val2 &&
val2 - val < OPTS_VISITOR_RANGE_MAX) { val2 - val < OPTS_VISITOR_RANGE_MAX) {
ov->range_next.u = val; ov->range_next.u = val;
ov->range_limit.u = val2; ov->range_limit.u = val2;

7
tests/qemu-iotests/049.out
View File

@ -92,13 +92,10 @@ Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off comp
== 3. Invalid sizes == == 3. Invalid sizes ==
qemu-img create -f qcow2 TEST_DIR/t.qcow2 -- -1024 qemu-img create -f qcow2 TEST_DIR/t.qcow2 -- -1024
qemu-img: Invalid image size specified. You may use k, M, G, T, P or E suffixes for qemu-img: Invalid image size specified. Must be between 0 and 9223372036854775807.
qemu-img: kilobytes, megabytes, gigabytes, terabytes, petabytes and exabytes.
qemu-img create -f qcow2 -o size=-1024 TEST_DIR/t.qcow2 qemu-img create -f qcow2 -o size=-1024 TEST_DIR/t.qcow2
qemu-img: TEST_DIR/t.qcow2: Parameter 'size' expects a non-negative number below 2^64 qemu-img: TEST_DIR/t.qcow2: Value '-1024' is out of range for parameter 'size'
Optional suffix k, M, G, T, P or E means kilo-, mega-, giga-, tera-, peta-
and exabytes, respectively.
qemu-img create -f qcow2 TEST_DIR/t.qcow2 -- -1k qemu-img create -f qcow2 TEST_DIR/t.qcow2 -- -1k
qemu-img: Invalid image size specified. You may use k, M, G, T, P or E suffixes for qemu-img: Invalid image size specified. You may use k, M, G, T, P or E suffixes for

3
tests/qemu-iotests/178.out.qcow2
View File

@ -13,8 +13,7 @@ qemu-img: Invalid option list: ,
qemu-img: Invalid parameter 'snapshot.foo' qemu-img: Invalid parameter 'snapshot.foo'
qemu-img: Failed in parsing snapshot param 'snapshot.foo=bar' qemu-img: Failed in parsing snapshot param 'snapshot.foo=bar'
qemu-img: --output must be used with human or json as argument. qemu-img: --output must be used with human or json as argument.
qemu-img: Invalid image size specified. You may use k, M, G, T, P or E suffixes for qemu-img: Invalid image size specified. Must be between 0 and 9223372036854775807.
qemu-img: kilobytes, megabytes, gigabytes, terabytes, petabytes and exabytes.
qemu-img: Unknown file format 'foo' qemu-img: Unknown file format 'foo'
== Size calculation for a new file (human) == == Size calculation for a new file (human) ==

3
tests/qemu-iotests/178.out.raw
View File

@ -13,8 +13,7 @@ qemu-img: Invalid option list: ,
qemu-img: Invalid parameter 'snapshot.foo' qemu-img: Invalid parameter 'snapshot.foo'
qemu-img: Failed in parsing snapshot param 'snapshot.foo=bar' qemu-img: Failed in parsing snapshot param 'snapshot.foo=bar'
qemu-img: --output must be used with human or json as argument. qemu-img: --output must be used with human or json as argument.
qemu-img: Invalid image size specified. You may use k, M, G, T, P or E suffixes for qemu-img: Invalid image size specified. Must be between 0 and 9223372036854775807.
qemu-img: kilobytes, megabytes, gigabytes, terabytes, petabytes and exabytes.
qemu-img: Unknown file format 'foo' qemu-img: Unknown file format 'foo'
== Size calculation for a new file (human) == == Size calculation for a new file (human) ==

4
tests/qemu-iotests/common.filter
View File

@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# #
# Copyright (C) 2009 Red Hat, Inc. # Copyright Red Hat
# Copyright (c) 2000-2001 Silicon Graphics, Inc. All Rights Reserved. # Copyright (c) 2000-2001 Silicon Graphics, Inc. All Rights Reserved.
# #
# This program is free software; you can redistribute it and/or # This program is free software; you can redistribute it and/or
@ -131,7 +131,6 @@ _filter_img_create_filenames()
-e "s#$SOCK_DIR#SOCK_DIR#g" \ -e "s#$SOCK_DIR#SOCK_DIR#g" \
-e 's#SOCK_DIR/fuse-#TEST_DIR/#g' \ -e 's#SOCK_DIR/fuse-#TEST_DIR/#g' \
-e "s#$IMGFMT#IMGFMT#g" \ -e "s#$IMGFMT#IMGFMT#g" \
-e 's#nbd:127.0.0.1:[0-9]\\+#TEST_DIR/t.IMGFMT#g' \
-e 's#nbd+unix:///\??socket=SOCK_DIR/nbd#TEST_DIR/t.IMGFMT#g' -e 's#nbd+unix:///\??socket=SOCK_DIR/nbd#TEST_DIR/t.IMGFMT#g'
} }
@ -229,7 +228,6 @@ _filter_img_info()
-e "s#$TEST_DIR#TEST_DIR#g" \ -e "s#$TEST_DIR#TEST_DIR#g" \
-e "s#$SOCK_DIR#SOCK_DIR#g" \ -e "s#$SOCK_DIR#SOCK_DIR#g" \
-e "s#$IMGFMT#IMGFMT#g" \ -e "s#$IMGFMT#IMGFMT#g" \
-e 's#nbd://127.0.0.1:[0-9]\\+$#TEST_DIR/t.IMGFMT#g' \
-e 's#nbd+unix:///\??socket=SOCK_DIR/nbd#TEST_DIR/t.IMGFMT#g' \ -e 's#nbd+unix:///\??socket=SOCK_DIR/nbd#TEST_DIR/t.IMGFMT#g' \
-e 's#SOCK_DIR/fuse-#TEST_DIR/#g' \ -e 's#SOCK_DIR/fuse-#TEST_DIR/#g' \
-e "/encrypted: yes/d" \ -e "/encrypted: yes/d" \

3
tests/qemu-iotests/common.rc
View File

@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# #
# Copyright (C) 2009 Red Hat, Inc. # Copyright Red Hat
# Copyright (c) 2000-2006 Silicon Graphics, Inc. All Rights Reserved. # Copyright (c) 2000-2006 Silicon Graphics, Inc. All Rights Reserved.
# #
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
@ -717,6 +717,7 @@ _img_info()
-e "s#$IMGPROTO:$TEST_DIR#TEST_DIR#g" \ -e "s#$IMGPROTO:$TEST_DIR#TEST_DIR#g" \
-e "s#$TEST_DIR#TEST_DIR#g" \ -e "s#$TEST_DIR#TEST_DIR#g" \
-e "s#$SOCK_DIR/fuse-#TEST_DIR/#g" \ -e "s#$SOCK_DIR/fuse-#TEST_DIR/#g" \
-e "s#$SOCK_DIR/#SOCK_DIR/#g" \
-e "s#$IMGFMT#IMGFMT#g" \ -e "s#$IMGFMT#IMGFMT#g" \
-e 's/\(compression type: \)\(zlib\|zstd\)/\1COMPRESSION_TYPE/' \ -e 's/\(compression type: \)\(zlib\|zstd\)/\1COMPRESSION_TYPE/' \
-e "/^disk size:/ D" \ -e "/^disk size:/ D" \

2491
tests/unit/test-cutils.c
View File

File diff suppressed because it is too large Load Diff

4
ui/vnc.c
View File

@ -3728,7 +3728,7 @@ static int vnc_display_get_address(const char *addrstr,
} else { } else {
const char *port; const char *port;
size_t hostlen; size_t hostlen;
unsigned long long baseport = 0; uint64_t baseport = 0;
InetSocketAddress *inet; InetSocketAddress *inet;
port = strrchr(addrstr, ':'); port = strrchr(addrstr, ':');
@ -3776,7 +3776,7 @@ static int vnc_display_get_address(const char *addrstr,
} }
} else { } else {
int offset = reverse ? 0 : 5900; int offset = reverse ? 0 : 5900;
if (parse_uint_full(port, &baseport, 10) < 0) { if (parse_uint_full(port, 10, &baseport) < 0) {
error_setg(errp, "can't convert to a number: %s", port); error_setg(errp, "can't convert to a number: %s", port);
goto cleanup; goto cleanup;
} }

265
util/cutils.c
View File

@ -194,46 +194,48 @@ static int64_t suffix_mul(char suffix, int64_t unit)
* - 12345 - decimal, scale determined by @default_suffix and @unit * - 12345 - decimal, scale determined by @default_suffix and @unit
* - 12345{bBkKmMgGtTpPeE} - decimal, scale determined by suffix and @unit * - 12345{bBkKmMgGtTpPeE} - decimal, scale determined by suffix and @unit
* - 12345.678{kKmMgGtTpPeE} - decimal, scale determined by suffix, and * - 12345.678{kKmMgGtTpPeE} - decimal, scale determined by suffix, and
* fractional portion is truncated to byte * fractional portion is truncated to byte, either side of . may be empty
* - 0x7fEE - hexadecimal, unit determined by @default_suffix * - 0x7fEE - hexadecimal, unit determined by @default_suffix
* *
* The following are intentionally not supported * The following are intentionally not supported
* - hex with scaling suffix, such as 0x20M * - hex with scaling suffix, such as 0x20M or 0x1p3 (both fail with
* - octal, such as 08 * -EINVAL), while 0x1b is 27 (not 1 with byte scale)
* - fractional hex, such as 0x1.8 * - octal, such as 08 (parsed as decimal instead)
* - floating point exponents, such as 1e3 * - binary, such as 0b1000 (parsed as 0b with trailing garbage "1000")
* - fractional hex, such as 0x1.8 (parsed as 0 with trailing garbage "x1.8")
* - negative values, including -0 (fail with -ERANGE)
* - floating point exponents, such as 1e3 (parsed as 1e with trailing
* garbage "3") or 0x1p3 (rejected as hex with scaling suffix)
* - non-finite values, such as inf or NaN (fail with -EINVAL)
* *
* The end pointer will be returned in *end, if not NULL. If there is * The end pointer will be returned in *end, if not NULL. If there is
* no fraction, the input can be decimal or hexadecimal; if there is a * no fraction, the input can be decimal or hexadecimal; if there is a
* fraction, then the input must be decimal and there must be a suffix * non-zero fraction, then the input must be decimal and there must be
* (possibly by @default_suffix) larger than Byte, and the fractional * a suffix (possibly by @default_suffix) larger than Byte, and the
* portion may suffer from precision loss or rounding. The input must * fractional portion may suffer from precision loss or rounding. The
* be positive. * input must be positive.
* *
* Return -ERANGE on overflow (with *@end advanced), and -EINVAL on * Return -ERANGE on overflow (with *@end advanced), and -EINVAL on
* other error (with *@end left unchanged). * other error (with *@end at @nptr). Unlike strtoull, *@result is
* set to 0 on all errors, as returning UINT64_MAX on overflow is less
* likely to be usable as a size.
*/ */
static int do_strtosz(const char *nptr, const char **end, static int do_strtosz(const char *nptr, const char **end,
const char default_suffix, int64_t unit, const char default_suffix, int64_t unit,
uint64_t *result) uint64_t *result)
{ {
int retval; int retval;
const char *endptr, *f; const char *endptr;
unsigned char c; unsigned char c;
uint64_t val, valf = 0; uint64_t val = 0, valf = 0;
int64_t mul; int64_t mul;
/* Parse integral portion as decimal. */ /* Parse integral portion as decimal. */
retval = qemu_strtou64(nptr, &endptr, 10, &val); retval = parse_uint(nptr, &endptr, 10, &val);
if (retval) { if (retval == -ERANGE || !nptr) {
goto out; goto out;
} }
if (memchr(nptr, '-', endptr - nptr) != NULL) { if (retval == 0 && val == 0 && (*endptr == 'x' || *endptr == 'X')) {
endptr = nptr;
retval = -EINVAL;
goto out;
}
if (val == 0 && (*endptr == 'x' || *endptr == 'X')) {
/* Input looks like hex; reparse, and insist on no fraction or suffix. */ /* Input looks like hex; reparse, and insist on no fraction or suffix. */
retval = qemu_strtou64(nptr, &endptr, 16, &val); retval = qemu_strtou64(nptr, &endptr, 16, &val);
if (retval) { if (retval) {
@ -244,26 +246,68 @@ static int do_strtosz(const char *nptr, const char **end,
retval = -EINVAL; retval = -EINVAL;
goto out; goto out;
} }
} else if (*endptr == '.') { } else if (*endptr == '.' || (endptr == nptr && strchr(nptr, '.'))) {
/* /*
* Input looks like a fraction. Make sure even 1.k works * Input looks like a fraction. Make sure even 1.k works
* without fractional digits. If we see an exponent, treat * without fractional digits. strtod tries to treat 'e' as an
* the entire input as invalid instead. * exponent, but we want to treat it as a scaling suffix;
* doing this requires modifying a copy of the fraction.
*/ */
double fraction; double fraction = 0.0;
f = endptr; if (retval == 0 && *endptr == '.' && !isdigit(endptr[1])) {
retval = qemu_strtod_finite(f, &endptr, &fraction); /* If we got here, we parsed at least one digit already. */
if (retval) {
endptr++; endptr++;
} else if (memchr(f, 'e', endptr - f) || memchr(f, 'E', endptr - f)) {
endptr = nptr;
retval = -EINVAL;
goto out;
} else { } else {
/* Extract into a 64-bit fixed-point fraction. */ char *e;
valf = (uint64_t)(fraction * 0x1p64); const char *tail;
g_autofree char *copy = g_strdup(endptr);
e = strchr(copy, 'e');
if (e) {
*e = '\0';
}
e = strchr(copy, 'E');
if (e) {
*e = '\0';
}
/*
* If this is a floating point, we are guaranteed that '.'
* appears before any possible digits in copy. If it is
* not a floating point, strtod will fail. Either way,
* there is now no exponent in copy, so if it parses, we
* know 0.0 <= abs(result) <= 1.0 (after rounding), and
* ERANGE is only possible on underflow which is okay.
*/
retval = qemu_strtod_finite(copy, &tail, &fraction);
endptr += tail - copy;
if (signbit(fraction)) {
retval = -ERANGE;
goto out;
}
} }
/* Extract into a 64-bit fixed-point fraction. */
if (fraction == 1.0) {
if (val == UINT64_MAX) {
retval = -ERANGE;
goto out;
}
val++;
} else if (retval == -ERANGE) {
/* See comments above about underflow */
valf = 1;
retval = 0;
} else {
/* We want non-zero valf for any non-zero fraction */
valf = (uint64_t)(fraction * 0x1p64);
if (valf == 0 && fraction > 0.0) {
valf = 1;
}
}
}
if (retval) {
goto out;
} }
c = *endptr; c = *endptr;
mul = suffix_mul(c, unit); mul = suffix_mul(c, unit);
@ -306,11 +350,16 @@ static int do_strtosz(const char *nptr, const char **end,
out: out:
if (end) { if (end) {
*end = endptr; *end = endptr;
} else if (*endptr) { } else if (nptr && *endptr) {
retval = -EINVAL; retval = -EINVAL;
} }
if (retval == 0) { if (retval == 0) {
*result = val; *result = val;
} else {
*result = 0;
if (end && retval == -EINVAL) {
*end = nptr;
}
} }
return retval; return retval;
@ -377,12 +426,13 @@ static int check_strtox_error(const char *nptr, char *ep,
* *
* @nptr may be null, and no conversion is performed then. * @nptr may be null, and no conversion is performed then.
* *
* If no conversion is performed, store @nptr in *@endptr and return * If no conversion is performed, store @nptr in *@endptr, 0 in
* -EINVAL. * @result, and return -EINVAL.
* *
* If @endptr is null, and the string isn't fully converted, return * If @endptr is null, and the string isn't fully converted, return
* -EINVAL. This is the case when the pointer that would be stored in * -EINVAL with @result set to the parsed value. This is the case
* a non-null @endptr points to a character other than '\0'. * when the pointer that would be stored in a non-null @endptr points
* to a character other than '\0'.
* *
* If the conversion overflows @result, store INT_MAX in @result, * If the conversion overflows @result, store INT_MAX in @result,
* and return -ERANGE. * and return -ERANGE.
@ -391,6 +441,9 @@ static int check_strtox_error(const char *nptr, char *ep,
* and return -ERANGE. * and return -ERANGE.
* *
* Else store the converted value in @result, and return zero. * Else store the converted value in @result, and return zero.
*
* This matches the behavior of strtol() on 32-bit platforms, even on
* platforms where long is 64-bits.
*/ */
int qemu_strtoi(const char *nptr, const char **endptr, int base, int qemu_strtoi(const char *nptr, const char **endptr, int base,
int *result) int *result)
@ -400,6 +453,7 @@ int qemu_strtoi(const char *nptr, const char **endptr, int base,
assert((unsigned) base <= 36 && base != 1); assert((unsigned) base <= 36 && base != 1);
if (!nptr) { if (!nptr) {
*result = 0;
if (endptr) { if (endptr) {
*endptr = nptr; *endptr = nptr;
} }
@ -429,12 +483,13 @@ int qemu_strtoi(const char *nptr, const char **endptr, int base,
* *
* @nptr may be null, and no conversion is performed then. * @nptr may be null, and no conversion is performed then.
* *
* If no conversion is performed, store @nptr in *@endptr and return * If no conversion is performed, store @nptr in *@endptr, 0 in
* -EINVAL. * @result, and return -EINVAL.
* *
* If @endptr is null, and the string isn't fully converted, return * If @endptr is null, and the string isn't fully converted, return
* -EINVAL. This is the case when the pointer that would be stored in * -EINVAL with @result set to the parsed value. This is the case
* a non-null @endptr points to a character other than '\0'. * when the pointer that would be stored in a non-null @endptr points
* to a character other than '\0'.
* *
* If the conversion overflows @result, store UINT_MAX in @result, * If the conversion overflows @result, store UINT_MAX in @result,
* and return -ERANGE. * and return -ERANGE.
@ -443,16 +498,19 @@ int qemu_strtoi(const char *nptr, const char **endptr, int base,
* *
* Note that a number with a leading minus sign gets converted without * Note that a number with a leading minus sign gets converted without
* the minus sign, checked for overflow (see above), then negated (in * the minus sign, checked for overflow (see above), then negated (in
* @result's type). This is exactly how strtoul() works. * @result's type). This matches the behavior of strtoul() on 32-bit
* platforms, even on platforms where long is 64-bits.
*/ */
int qemu_strtoui(const char *nptr, const char **endptr, int base, int qemu_strtoui(const char *nptr, const char **endptr, int base,
unsigned int *result) unsigned int *result)
{ {
char *ep; char *ep;
long long lresult; unsigned long long lresult;
bool neg;
assert((unsigned) base <= 36 && base != 1); assert((unsigned) base <= 36 && base != 1);
if (!nptr) { if (!nptr) {
*result = 0;
if (endptr) { if (endptr) {
*endptr = nptr; *endptr = nptr;
} }
@ -466,14 +524,22 @@ int qemu_strtoui(const char *nptr, const char **endptr, int base,
if (errno == ERANGE) { if (errno == ERANGE) {
*result = -1; *result = -1;
} else { } else {
/*
* Note that platforms with 32-bit strtoul only accept input
* in the range [-4294967295, 4294967295]; but we used 64-bit
* strtoull which wraps -18446744073709551615 to 1 instead of
* declaring overflow. So we must check if '-' was parsed,
* and if so, undo the negation before doing our bounds check.
*/
neg = memchr(nptr, '-', ep - nptr) != NULL;
if (neg) {
lresult = -lresult;
}
if (lresult > UINT_MAX) { if (lresult > UINT_MAX) {
*result = UINT_MAX; *result = UINT_MAX;
errno = ERANGE; errno = ERANGE;
} else if (lresult < INT_MIN) {
*result = UINT_MAX;
errno = ERANGE;
} else { } else {
*result = lresult; *result = neg ? -lresult : lresult;
} }
} }
return check_strtox_error(nptr, ep, endptr, lresult == 0, errno); return check_strtox_error(nptr, ep, endptr, lresult == 0, errno);
@ -488,12 +554,13 @@ int qemu_strtoui(const char *nptr, const char **endptr, int base,
* *
* @nptr may be null, and no conversion is performed then. * @nptr may be null, and no conversion is performed then.
* *
* If no conversion is performed, store @nptr in *@endptr and return * If no conversion is performed, store @nptr in *@endptr, 0 in
* -EINVAL. * @result, and return -EINVAL.
* *
* If @endptr is null, and the string isn't fully converted, return * If @endptr is null, and the string isn't fully converted, return
* -EINVAL. This is the case when the pointer that would be stored in * -EINVAL with @result set to the parsed value. This is the case
* a non-null @endptr points to a character other than '\0'. * when the pointer that would be stored in a non-null @endptr points
* to a character other than '\0'.
* *
* If the conversion overflows @result, store LONG_MAX in @result, * If the conversion overflows @result, store LONG_MAX in @result,
* and return -ERANGE. * and return -ERANGE.
@ -510,6 +577,7 @@ int qemu_strtol(const char *nptr, const char **endptr, int base,
assert((unsigned) base <= 36 && base != 1); assert((unsigned) base <= 36 && base != 1);
if (!nptr) { if (!nptr) {
*result = 0;
if (endptr) { if (endptr) {
*endptr = nptr; *endptr = nptr;
} }
@ -530,12 +598,13 @@ int qemu_strtol(const char *nptr, const char **endptr, int base,
* *
* @nptr may be null, and no conversion is performed then. * @nptr may be null, and no conversion is performed then.
* *
* If no conversion is performed, store @nptr in *@endptr and return * If no conversion is performed, store @nptr in *@endptr, 0 in
* -EINVAL. * @result, and return -EINVAL.
* *
* If @endptr is null, and the string isn't fully converted, return * If @endptr is null, and the string isn't fully converted, return
* -EINVAL. This is the case when the pointer that would be stored in * -EINVAL with @result set to the parsed value. This is the case
* a non-null @endptr points to a character other than '\0'. * when the pointer that would be stored in a non-null @endptr points
* to a character other than '\0'.
* *
* If the conversion overflows @result, store ULONG_MAX in @result, * If the conversion overflows @result, store ULONG_MAX in @result,
* and return -ERANGE. * and return -ERANGE.
@ -553,6 +622,7 @@ int qemu_strtoul(const char *nptr, const char **endptr, int base,
assert((unsigned) base <= 36 && base != 1); assert((unsigned) base <= 36 && base != 1);
if (!nptr) { if (!nptr) {
*result = 0;
if (endptr) { if (endptr) {
*endptr = nptr; *endptr = nptr;
} }
@ -581,6 +651,7 @@ int qemu_strtoi64(const char *nptr, const char **endptr, int base,
assert((unsigned) base <= 36 && base != 1); assert((unsigned) base <= 36 && base != 1);
if (!nptr) { if (!nptr) {
*result = 0;
if (endptr) { if (endptr) {
*endptr = nptr; *endptr = nptr;
} }
@ -598,6 +669,8 @@ int qemu_strtoi64(const char *nptr, const char **endptr, int base,
* Convert string @nptr to an uint64_t. * Convert string @nptr to an uint64_t.
* *
* Works like qemu_strtoul(), except it stores UINT64_MAX on overflow. * Works like qemu_strtoul(), except it stores UINT64_MAX on overflow.
* (If you want to prohibit negative numbers that wrap around to
* positive, use parse_uint()).
*/ */
int qemu_strtou64(const char *nptr, const char **endptr, int base, int qemu_strtou64(const char *nptr, const char **endptr, int base,
uint64_t *result) uint64_t *result)
@ -606,6 +679,7 @@ int qemu_strtou64(const char *nptr, const char **endptr, int base,
assert((unsigned) base <= 36 && base != 1); assert((unsigned) base <= 36 && base != 1);
if (!nptr) { if (!nptr) {
*result = 0;
if (endptr) { if (endptr) {
*endptr = nptr; *endptr = nptr;
} }
@ -632,12 +706,13 @@ int qemu_strtou64(const char *nptr, const char **endptr, int base,
* *
* @nptr may be null, and no conversion is performed then. * @nptr may be null, and no conversion is performed then.
* *
* If no conversion is performed, store @nptr in *@endptr and return * If no conversion is performed, store @nptr in *@endptr, +0.0 in
* -EINVAL. * @result, and return -EINVAL.
* *
* If @endptr is null, and the string isn't fully converted, return * If @endptr is null, and the string isn't fully converted, return
* -EINVAL. This is the case when the pointer that would be stored in * -EINVAL with @result set to the parsed value. This is the case
* a non-null @endptr points to a character other than '\0'. * when the pointer that would be stored in a non-null @endptr points
* to a character other than '\0'.
* *
* If the conversion overflows, store +/-HUGE_VAL in @result, depending * If the conversion overflows, store +/-HUGE_VAL in @result, depending
* on the sign, and return -ERANGE. * on the sign, and return -ERANGE.
@ -652,6 +727,7 @@ int qemu_strtod(const char *nptr, const char **endptr, double *result)
char *ep; char *ep;
if (!nptr) { if (!nptr) {
*result = 0.0;
if (endptr) { if (endptr) {
*endptr = nptr; *endptr = nptr;
} }
@ -666,24 +742,28 @@ int qemu_strtod(const char *nptr, const char **endptr, double *result)
/** /**
* Convert string @nptr to a finite double. * Convert string @nptr to a finite double.
* *
* Works like qemu_strtod(), except that "NaN" and "inf" are rejected * Works like qemu_strtod(), except that "NaN", "inf", and strings
* with -EINVAL and no conversion is performed. * that cause ERANGE overflow errors are rejected with -EINVAL as if
* no conversion is performed, storing 0.0 into @result regardless of
* any sign. -ERANGE failures for underflow still preserve the parsed
* sign.
*/ */
int qemu_strtod_finite(const char *nptr, const char **endptr, double *result) int qemu_strtod_finite(const char *nptr, const char **endptr, double *result)
{ {
double tmp; const char *tmp;
int ret; int ret;
ret = qemu_strtod(nptr, endptr, &tmp); ret = qemu_strtod(nptr, &tmp, result);
if (!ret && !isfinite(tmp)) { if (!isfinite(*result)) {
if (endptr) { if (endptr) {
*endptr = nptr; *endptr = nptr;
} }
*result = 0.0;
ret = -EINVAL;
} else if (endptr) {
*endptr = tmp;
} else if (*tmp) {
ret = -EINVAL; ret = -EINVAL;
}
if (ret != -EINVAL) {
*result = tmp;
} }
return ret; return ret;
} }
@ -707,32 +787,33 @@ const char *qemu_strchrnul(const char *s, int c)
* parse_uint: * parse_uint:
* *
* @s: String to parse * @s: String to parse
* @value: Destination for parsed integer value
* @endptr: Destination for pointer to first character not consumed * @endptr: Destination for pointer to first character not consumed
* @base: integer base, between 2 and 36 inclusive, or 0 * @base: integer base, between 2 and 36 inclusive, or 0
* @value: Destination for parsed integer value
* *
* Parse unsigned integer * Parse unsigned integer
* *
* Parsed syntax is like strtoull()'s: arbitrary whitespace, a single optional * Parsed syntax is like strtoull()'s: arbitrary whitespace, a single optional
* '+' or '-', an optional "0x" if @base is 0 or 16, one or more digits. * '+' or '-', an optional "0x" if @base is 0 or 16, one or more digits.
* *
* If @s is null, or @base is invalid, or @s doesn't start with an * If @s is null, or @s doesn't start with an integer in the syntax
* integer in the syntax above, set *@value to 0, *@endptr to @s, and * above, set *@value to 0, *@endptr to @s, and return -EINVAL.
* return -EINVAL.
* *
* Set *@endptr to point right beyond the parsed integer (even if the integer * Set *@endptr to point right beyond the parsed integer (even if the integer
* overflows or is negative, all digits will be parsed and *@endptr will * overflows or is negative, all digits will be parsed and *@endptr will
* point right beyond them). * point right beyond them). If @endptr is %NULL, any trailing character
* instead causes a result of -EINVAL with *@value of 0.
* *
* If the integer is negative, set *@value to 0, and return -ERANGE. * If the integer is negative, set *@value to 0, and return -ERANGE.
* (If you want to allow negative numbers that wrap around within
* bounds, use qemu_strtou64()).
* *
* If the integer overflows unsigned long long, set *@value to * If the integer overflows unsigned long long, set *@value to
* ULLONG_MAX, and return -ERANGE. * ULLONG_MAX, and return -ERANGE.
* *
* Else, set *@value to the parsed integer, and return 0. * Else, set *@value to the parsed integer, and return 0.
*/ */
int parse_uint(const char *s, unsigned long long *value, char **endptr, int parse_uint(const char *s, const char **endptr, int base, uint64_t *value)
int base)
{ {
int r = 0; int r = 0;
char *endp = (char *)s; char *endp = (char *)s;
@ -768,7 +849,12 @@ int parse_uint(const char *s, unsigned long long *value, char **endptr,
out: out:
*value = val; *value = val;
*endptr = endp; if (endptr) {
*endptr = endp;
} else if (s && *endp) {
r = -EINVAL;
*value = 0;
}
return r; return r;
} }
@ -776,31 +862,16 @@ out:
* parse_uint_full: * parse_uint_full:
* *
* @s: String to parse * @s: String to parse
* @value: Destination for parsed integer value
* @base: integer base, between 2 and 36 inclusive, or 0 * @base: integer base, between 2 and 36 inclusive, or 0
* @value: Destination for parsed integer value
* *
* Parse unsigned integer from entire string * Parse unsigned integer from entire string, rejecting any trailing slop.
* *
* Have the same behavior of parse_uint(), but with an additional check * Shorthand for parse_uint(s, NULL, base, value).
* for additional data after the parsed number. If extra characters are present
* after the parsed number, the function will return -EINVAL, and *@v will
* be set to 0.
*/ */
int parse_uint_full(const char *s, unsigned long long *value, int base) int parse_uint_full(const char *s, int base, uint64_t *value)
{ {
char *endp; return parse_uint(s, NULL, base, value);
int r;
r = parse_uint(s, value, &endp, base);
if (r < 0) {
return r;
}
if (*endp) {
*value = 0;
return -EINVAL;
}
return 0;
} }
int qemu_parse_fd(const char *param) int qemu_parse_fd(const char *param)

4
util/guest-random.c
View File

@ -89,8 +89,8 @@ void qemu_guest_random_seed_thread_part2(uint64_t seed)
int qemu_guest_random_seed_main(const char *optarg, Error **errp) int qemu_guest_random_seed_main(const char *optarg, Error **errp)
{ {
unsigned long long seed; uint64_t seed;
if (parse_uint_full(optarg, &seed, 0)) { if (parse_uint_full(optarg, 0, &seed)) {
error_setg(errp, "Invalid seed number: %s", optarg); error_setg(errp, "Invalid seed number: %s", optarg);
return -1; return -1;
} else { } else {

10
util/qemu-sockets.c
View File

@ -249,12 +249,12 @@ static int inet_listen_saddr(InetSocketAddress *saddr,
/* lookup */ /* lookup */
if (port_offset) { if (port_offset) {
unsigned long long baseport; uint64_t baseport;
if (strlen(port) == 0) { if (strlen(port) == 0) {
error_setg(errp, "port not specified"); error_setg(errp, "port not specified");
return -1; return -1;
} }
if (parse_uint_full(port, &baseport, 10) < 0) { if (parse_uint_full(port, 10, &baseport) < 0) {
error_setg(errp, "can't convert to a number: %s", port); error_setg(errp, "can't convert to a number: %s", port);
return -1; return -1;
} }
@ -732,19 +732,19 @@ static bool vsock_parse_vaddr_to_sockaddr(const VsockSocketAddress *vaddr,
struct sockaddr_vm *svm, struct sockaddr_vm *svm,
Error **errp) Error **errp)
{ {
unsigned long long val; uint64_t val;
memset(svm, 0, sizeof(*svm)); memset(svm, 0, sizeof(*svm));
svm->svm_family = AF_VSOCK; svm->svm_family = AF_VSOCK;
if (parse_uint_full(vaddr->cid, &val, 10) < 0 || if (parse_uint_full(vaddr->cid, 10, &val) < 0 ||
val > UINT32_MAX) { val > UINT32_MAX) {
error_setg(errp, "Failed to parse cid '%s'", vaddr->cid); error_setg(errp, "Failed to parse cid '%s'", vaddr->cid);
return false; return false;
} }
svm->svm_cid = val; svm->svm_cid = val;
if (parse_uint_full(vaddr->port, &val, 10) < 0 || if (parse_uint_full(vaddr->port, 10, &val) < 0 ||
val > UINT32_MAX) { val > UINT32_MAX) {
error_setg(errp, "Failed to parse port '%s'", vaddr->port); error_setg(errp, "Failed to parse port '%s'", vaddr->port);
return false; return false;