提交 6b0e33be 编写于 作者: L Luiz Capitulino

hmp: expr_unary(): check for overflow in strtoul()/strtoull()

It's not checked currently, so something like:

  (qemu) balloon -100000000000001111114334234
  (qemu)

Will just "work" (in this case the balloon command will get a random
value).

Fix it by checking if strtoul()/strtoull() overflowed.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
上级 9abc62f6
...@@ -3120,11 +3120,15 @@ static int64_t expr_unary(Monitor *mon) ...@@ -3120,11 +3120,15 @@ static int64_t expr_unary(Monitor *mon)
n = 0; n = 0;
break; break;
default: default:
errno = 0;
#if TARGET_PHYS_ADDR_BITS > 32 #if TARGET_PHYS_ADDR_BITS > 32
n = strtoull(pch, &p, 0); n = strtoull(pch, &p, 0);
#else #else
n = strtoul(pch, &p, 0); n = strtoul(pch, &p, 0);
#endif #endif
if (errno == ERANGE) {
expr_error(mon, "number too large");
}
if (pch == p) { if (pch == p) {
expr_error(mon, "invalid char in expression"); expr_error(mon, "invalid char in expression");
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册