diff options
author | Luiz Capitulino <lcapitulino@redhat.com> | 2012-04-26 16:48:41 -0300 |
---|---|---|
committer | Luiz Capitulino <lcapitulino@redhat.com> | 2012-05-08 14:30:22 -0300 |
commit | 6b0e33be88bbccc3bcb987026089aa09f9622de9 (patch) | |
tree | 95cafe05c9f612826f68ec52581e2a9d129774d4 | |
parent | 9abc62f6445795522d1bf5bf17f642e44eaf032d (diff) | |
download | qemu-6b0e33be88bbccc3bcb987026089aa09f9622de9.zip qemu-6b0e33be88bbccc3bcb987026089aa09f9622de9.tar.gz qemu-6b0e33be88bbccc3bcb987026089aa09f9622de9.tar.bz2 |
hmp: expr_unary(): check for overflow in strtoul()/strtoull()
It's not checked currently, so something like:
(qemu) balloon -100000000000001111114334234
(qemu)
Will just "work" (in this case the balloon command will get a random
value).
Fix it by checking if strtoul()/strtoull() overflowed.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
-rw-r--r-- | monitor.c | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -3120,11 +3120,15 @@ static int64_t expr_unary(Monitor *mon) n = 0; break; default: + errno = 0; #if TARGET_PHYS_ADDR_BITS > 32 n = strtoull(pch, &p, 0); #else n = strtoul(pch, &p, 0); #endif + if (errno == ERANGE) { + expr_error(mon, "number too large"); + } if (pch == p) { expr_error(mon, "invalid char in expression"); } |