ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

qemu-io: fix cvtnum lval types 

cvtnum() returns int64_t: we should not be storing this
result inside of an int.

In a few cases, we need an extra sprinkling of error handling
where we expect to pass this number on towards a function that
expects something smaller than int64_t.

Reported-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This commit is contained in:
John Snow 2015-11-05 18:53:02 -05:00 committed by Kevin Wolf
parent 3fa123d059
commit 9b0beaf3de
1 changed files with 89 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
qemu-io-cmds.c
View File

@ -294,9 +294,10 @@ static void qemu_io_free(void *p)
qemu_vfree(p); qemu_vfree(p);
} }
static void dump_buffer(const void *buffer, int64_t offset, int len) static void dump_buffer(const void *buffer, int64_t offset, int64_t len)
{ {
int i, j; uint64_t i;
int j;
const uint8_t *p; const uint8_t *p;
for (i = 0, p = buffer; i < len; i += 16) { for (i = 0, p = buffer; i < len; i += 16) {
@ -319,7 +320,7 @@ static void dump_buffer(const void *buffer, int64_t offset, int len)
} }
static void print_report(const char *op, struct timeval *t, int64_t offset, static void print_report(const char *op, struct timeval *t, int64_t offset,
int count, int total, int cnt, int Cflag) int64_t count, int64_t total, int cnt, int Cflag)
{ {
char s1[64], s2[64], ts[64]; char s1[64], s2[64], ts[64];
@ -327,12 +328,12 @@ static void print_report(const char *op, struct timeval *t, int64_t offset,
if (!Cflag) { if (!Cflag) {
cvtstr((double)total, s1, sizeof(s1)); cvtstr((double)total, s1, sizeof(s1));
cvtstr(tdiv((double)total, *t), s2, sizeof(s2)); cvtstr(tdiv((double)total, *t), s2, sizeof(s2));
printf("%s %d/%d bytes at offset %" PRId64 "\n", printf("%s %"PRId64"/%"PRId64" bytes at offset %" PRId64 "\n",
op, total, count, offset); op, total, count, offset);
printf("%s, %d ops; %s (%s/sec and %.4f ops/sec)\n", printf("%s, %d ops; %s (%s/sec and %.4f ops/sec)\n",
s1, cnt, ts, s2, tdiv((double)cnt, *t)); s1, cnt, ts, s2, tdiv((double)cnt, *t));
} else {/* bytes,ops,time,bytes/sec,ops/sec */ } else {/* bytes,ops,time,bytes/sec,ops/sec */
printf("%d,%d,%s,%.3f,%.3f\n", printf("%"PRId64",%d,%s,%.3f,%.3f\n",
total, cnt, ts, total, cnt, ts,
tdiv((double)total, *t), tdiv((double)total, *t),
tdiv((double)cnt, *t)); tdiv((double)cnt, *t));
@ -393,11 +394,15 @@ fail:
return buf; return buf;
} }
static int do_read(BlockBackend *blk, char *buf, int64_t offset, int count, static int do_read(BlockBackend *blk, char *buf, int64_t offset, int64_t count,
int *total) int64_t *total)
{ {
int ret; int ret;
if (count >> 9 > INT_MAX) {
return -ERANGE;
}
ret = blk_read(blk, offset >> 9, (uint8_t *)buf, count >> 9); ret = blk_read(blk, offset >> 9, (uint8_t *)buf, count >> 9);
if (ret < 0) { if (ret < 0) {
return ret; return ret;
@ -406,11 +411,15 @@ static int do_read(BlockBackend *blk, char *buf, int64_t offset, int count,
return 1; return 1;
} }
static int do_write(BlockBackend *blk, char *buf, int64_t offset, int count, static int do_write(BlockBackend *blk, char *buf, int64_t offset, int64_t count,
int *total) int64_t *total)
{ {
int ret; int ret;
if (count >> 9 > INT_MAX) {
return -ERANGE;
}
ret = blk_write(blk, offset >> 9, (uint8_t *)buf, count >> 9); ret = blk_write(blk, offset >> 9, (uint8_t *)buf, count >> 9);
if (ret < 0) { if (ret < 0) {
return ret; return ret;
@ -419,9 +428,13 @@ static int do_write(BlockBackend *blk, char *buf, int64_t offset, int count,
return 1; return 1;
} }
static int do_pread(BlockBackend *blk, char *buf, int64_t offset, int count, static int do_pread(BlockBackend *blk, char *buf, int64_t offset,
int *total) int64_t count, int64_t *total)
{ {
if (count > INT_MAX) {
return -ERANGE;
}
*total = blk_pread(blk, offset, (uint8_t *)buf, count); *total = blk_pread(blk, offset, (uint8_t *)buf, count);
if (*total < 0) { if (*total < 0) {
return *total; return *total;
@ -429,9 +442,13 @@ static int do_pread(BlockBackend *blk, char *buf, int64_t offset, int count,
return 1; return 1;
} }
static int do_pwrite(BlockBackend *blk, char *buf, int64_t offset, int count, static int do_pwrite(BlockBackend *blk, char *buf, int64_t offset,
int *total) int64_t count, int64_t *total)
{ {
if (count > INT_MAX) {
return -ERANGE;
}
*total = blk_pwrite(blk, offset, (uint8_t *)buf, count); *total = blk_pwrite(blk, offset, (uint8_t *)buf, count);
if (*total < 0) { if (*total < 0) {
return *total; return *total;
@ -442,8 +459,8 @@ static int do_pwrite(BlockBackend *blk, char *buf, int64_t offset, int count,
typedef struct { typedef struct {
BlockBackend *blk; BlockBackend *blk;
int64_t offset; int64_t offset;
int count; int64_t count;
int *total; int64_t *total;
int ret; int ret;
bool done; bool done;
} CoWriteZeroes; } CoWriteZeroes;
@ -463,8 +480,8 @@ static void coroutine_fn co_write_zeroes_entry(void *opaque)
*data->total = data->count; *data->total = data->count;
} }
static int do_co_write_zeroes(BlockBackend *blk, int64_t offset, int count, static int do_co_write_zeroes(BlockBackend *blk, int64_t offset, int64_t count,
int *total) int64_t *total)
{ {
Coroutine *co; Coroutine *co;
CoWriteZeroes data = { CoWriteZeroes data = {
@ -475,6 +492,10 @@ static int do_co_write_zeroes(BlockBackend *blk, int64_t offset, int count,
.done = false, .done = false,
}; };
if (count >> BDRV_SECTOR_BITS > INT_MAX) {
return -ERANGE;
}
co = qemu_coroutine_create(co_write_zeroes_entry); co = qemu_coroutine_create(co_write_zeroes_entry);
qemu_coroutine_enter(co, &data); qemu_coroutine_enter(co, &data);
while (!data.done) { while (!data.done) {
@ -488,10 +509,14 @@ static int do_co_write_zeroes(BlockBackend *blk, int64_t offset, int count,
} }
static int do_write_compressed(BlockBackend *blk, char *buf, int64_t offset, static int do_write_compressed(BlockBackend *blk, char *buf, int64_t offset,
int count, int *total) int64_t count, int64_t *total)
{ {
int ret; int ret;
if (count >> 9 > INT_MAX) {
return -ERANGE;
}
ret = blk_write_compressed(blk, offset >> 9, (uint8_t *)buf, count >> 9); ret = blk_write_compressed(blk, offset >> 9, (uint8_t *)buf, count >> 9);
if (ret < 0) { if (ret < 0) {
return ret; return ret;
@ -501,8 +526,12 @@ static int do_write_compressed(BlockBackend *blk, char *buf, int64_t offset,
} }
static int do_load_vmstate(BlockBackend *blk, char *buf, int64_t offset, static int do_load_vmstate(BlockBackend *blk, char *buf, int64_t offset,
int count, int *total) int64_t count, int64_t *total)
{ {
if (count > INT_MAX) {
return -ERANGE;
}
*total = blk_load_vmstate(blk, (uint8_t *)buf, offset, count); *total = blk_load_vmstate(blk, (uint8_t *)buf, offset, count);
if (*total < 0) { if (*total < 0) {
return *total; return *total;
@ -511,8 +540,12 @@ static int do_load_vmstate(BlockBackend *blk, char *buf, int64_t offset,
} }
static int do_save_vmstate(BlockBackend *blk, char *buf, int64_t offset, static int do_save_vmstate(BlockBackend *blk, char *buf, int64_t offset,
int count, int *total) int64_t count, int64_t *total)
{ {
if (count > INT_MAX) {
return -ERANGE;
}
*total = blk_save_vmstate(blk, (uint8_t *)buf, offset, count); *total = blk_save_vmstate(blk, (uint8_t *)buf, offset, count);
if (*total < 0) { if (*total < 0) {
return *total; return *total;
@ -642,10 +675,11 @@ static int read_f(BlockBackend *blk, int argc, char **argv)
int c, cnt; int c, cnt;
char *buf; char *buf;
int64_t offset; int64_t offset;
int count; int64_t count;
/* Some compilers get confused and warn if this is not initialized. */ /* Some compilers get confused and warn if this is not initialized. */
int total = 0; int64_t total = 0;
int pattern = 0, pattern_offset = 0, pattern_count = 0; int pattern = 0;
int64_t pattern_offset = 0, pattern_count = 0;
while ((c = getopt(argc, argv, "bCl:pP:qs:v")) != -1) { while ((c = getopt(argc, argv, "bCl:pP:qs:v")) != -1) {
switch (c) { switch (c) {
@ -712,6 +746,10 @@ static int read_f(BlockBackend *blk, int argc, char **argv)
if (count < 0) { if (count < 0) {
printf("non-numeric length argument -- %s\n", argv[optind]); printf("non-numeric length argument -- %s\n", argv[optind]);
return 0; return 0;
} else if (count > SIZE_MAX) {
printf("length cannot exceed %" PRIu64 ", given %s\n",
(uint64_t) SIZE_MAX, argv[optind]);
return 0;
} }
if (!Pflag && (lflag || sflag)) { if (!Pflag && (lflag || sflag)) {
@ -734,7 +772,7 @@ static int read_f(BlockBackend *blk, int argc, char **argv)
return 0; return 0;
} }
if (count & 0x1ff) { if (count & 0x1ff) {
printf("count %d is not sector aligned\n", printf("count %"PRId64" is not sector aligned\n",
count); count);
return 0; return 0;
} }
@ -762,7 +800,7 @@ static int read_f(BlockBackend *blk, int argc, char **argv)
memset(cmp_buf, pattern, pattern_count); memset(cmp_buf, pattern, pattern_count);
if (memcmp(buf + pattern_offset, cmp_buf, pattern_count)) { if (memcmp(buf + pattern_offset, cmp_buf, pattern_count)) {
printf("Pattern verification failed at offset %" printf("Pattern verification failed at offset %"
PRId64 ", %d bytes\n", PRId64 ", %"PRId64" bytes\n",
offset + pattern_offset, pattern_count); offset + pattern_offset, pattern_count);
} }
g_free(cmp_buf); g_free(cmp_buf);
@ -957,9 +995,9 @@ static int write_f(BlockBackend *blk, int argc, char **argv)
int c, cnt; int c, cnt;
char *buf = NULL; char *buf = NULL;
int64_t offset; int64_t offset;
int count; int64_t count;
/* Some compilers get confused and warn if this is not initialized. */ /* Some compilers get confused and warn if this is not initialized. */
int total = 0; int64_t total = 0;
int pattern = 0xcd; int pattern = 0xcd;
while ((c = getopt(argc, argv, "bcCpP:qz")) != -1) { while ((c = getopt(argc, argv, "bcCpP:qz")) != -1) {
@ -1019,6 +1057,10 @@ static int write_f(BlockBackend *blk, int argc, char **argv)
if (count < 0) { if (count < 0) {
printf("non-numeric length argument -- %s\n", argv[optind]); printf("non-numeric length argument -- %s\n", argv[optind]);
return 0; return 0;
} else if (count > SIZE_MAX) {
printf("length cannot exceed %" PRIu64 ", given %s\n",
(uint64_t) SIZE_MAX, argv[optind]);
return 0;
} }
if (!pflag) { if (!pflag) {
@ -1029,7 +1071,7 @@ static int write_f(BlockBackend *blk, int argc, char **argv)
} }
if (count & 0x1ff) { if (count & 0x1ff) {
printf("count %d is not sector aligned\n", printf("count %"PRId64" is not sector aligned\n",
count); count);
return 0; return 0;
} }
@ -1777,8 +1819,7 @@ static int discard_f(BlockBackend *blk, int argc, char **argv)
struct timeval t1, t2; struct timeval t1, t2;
int Cflag = 0, qflag = 0; int Cflag = 0, qflag = 0;
int c, ret; int c, ret;
int64_t offset; int64_t offset, count;
int count;
while ((c = getopt(argc, argv, "Cq")) != -1) { while ((c = getopt(argc, argv, "Cq")) != -1) {
switch (c) { switch (c) {
@ -1808,6 +1849,11 @@ static int discard_f(BlockBackend *blk, int argc, char **argv)
if (count < 0) { if (count < 0) {
printf("non-numeric length argument -- %s\n", argv[optind]); printf("non-numeric length argument -- %s\n", argv[optind]);
return 0; return 0;
} else if (count >> BDRV_SECTOR_BITS > INT_MAX) {
printf("length cannot exceed %"PRIu64", given %s\n",
(uint64_t)INT_MAX << BDRV_SECTOR_BITS,
argv[optind]);
return 0;
} }
gettimeofday(&t1, NULL); gettimeofday(&t1, NULL);
@ -1833,11 +1879,10 @@ out:
static int alloc_f(BlockBackend *blk, int argc, char **argv) static int alloc_f(BlockBackend *blk, int argc, char **argv)
{ {
BlockDriverState *bs = blk_bs(blk); BlockDriverState *bs = blk_bs(blk);
int64_t offset, sector_num; int64_t offset, sector_num, nb_sectors, remaining;
int nb_sectors, remaining;
char s1[64]; char s1[64];
int num, sum_alloc; int num, ret;
int ret; int64_t sum_alloc;
offset = cvtnum(argv[1]); offset = cvtnum(argv[1]);
if (offset < 0) { if (offset < 0) {
@ -1854,6 +1899,10 @@ static int alloc_f(BlockBackend *blk, int argc, char **argv)
if (nb_sectors < 0) { if (nb_sectors < 0) {
printf("non-numeric length argument -- %s\n", argv[2]); printf("non-numeric length argument -- %s\n", argv[2]);
return 0; return 0;
} else if (nb_sectors > INT_MAX) {
printf("length argument cannot exceed %d, given %s\n",
INT_MAX, argv[2]);
return 0;
} }
} else { } else {
nb_sectors = 1; nb_sectors = 1;
@ -1881,7 +1930,7 @@ static int alloc_f(BlockBackend *blk, int argc, char **argv)
cvtstr(offset, s1, sizeof(s1)); cvtstr(offset, s1, sizeof(s1));
printf("%d/%d sectors allocated at offset %s\n", printf("%"PRId64"/%"PRId64" sectors allocated at offset %s\n",
sum_alloc, nb_sectors, s1); sum_alloc, nb_sectors, s1);
return 0; return 0;
} }
@ -2191,10 +2240,14 @@ static const cmdinfo_t sigraise_cmd = {
static int sigraise_f(BlockBackend *blk, int argc, char **argv) static int sigraise_f(BlockBackend *blk, int argc, char **argv)
{ {
int sig = cvtnum(argv[1]); int64_t sig = cvtnum(argv[1]);
if (sig < 0) { if (sig < 0) {
printf("non-numeric signal number argument -- %s\n", argv[1]); printf("non-numeric signal number argument -- %s\n", argv[1]);
return 0; return 0;
} else if (sig > NSIG) {
printf("signal argument '%s' is too large to be a valid signal\n",
argv[1]);
return 0;
} }
/* Using raise() to kill this process does not necessarily flush all open /* Using raise() to kill this process does not necessarily flush all open