hmp: expr_unary(): check for overflow in strtoul()/strtoull()

It's not checked currently, so something like: (qemu) balloon -100000000000001111114334234 (qemu) Will just "work" (in this case the balloon command will get a random value). Fix it by checking if strtoul()/strtoull() overflowed. Signed-off-by: N Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: N Eric Blake <eblake@redhat.com>

hmp: expr_unary(): check for overflow in strtoul()/strtoull()
It's not checked currently, so something like: (qemu) balloon -100000000000001111114334234 (qemu) Will just "work" (in this case the balloon command will get a random value). Fix it by checking if strtoul()/strtoull() overflowed. Signed-off-by: N Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: N Eric Blake <eblake@redhat.com>
6b0e33be · Luiz Capitulino · 9abc62f6 · 6b0e33be
隐藏空白更改
内联并排

Showing with 4 addition and 0 deletion

monitor.c monitor.c +4 -0

未找到文件。
--- a/monitor.c
+++ b/monitor.c
@@ -3120,11 +3120,15 @@ static int64_t expr_unary(Monitor *mon)
        n = 0;
        break;
    default:
+        errno = 0;
 #if TARGET_PHYS_ADDR_BITS > 32
        n = strtoull(pch, &p, 0);
 #else
        n = strtoul(pch, &p, 0);
 #endif
+        if (errno == ERANGE) {
+            expr_error(mon, "number too large");
+        }
        if (pch == p) {
            expr_error(mon, "invalid char in expression");
        }