aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuiz Capitulino <lcapitulino@redhat.com>2012-04-26 16:48:41 -0300
committerLuiz Capitulino <lcapitulino@redhat.com>2012-05-08 14:30:22 -0300
commit6b0e33be88bbccc3bcb987026089aa09f9622de9 (patch)
tree95cafe05c9f612826f68ec52581e2a9d129774d4
parent9abc62f6445795522d1bf5bf17f642e44eaf032d (diff)
downloadqemu-6b0e33be88bbccc3bcb987026089aa09f9622de9.zip
qemu-6b0e33be88bbccc3bcb987026089aa09f9622de9.tar.gz
qemu-6b0e33be88bbccc3bcb987026089aa09f9622de9.tar.bz2
hmp: expr_unary(): check for overflow in strtoul()/strtoull()
It's not checked currently, so something like: (qemu) balloon -100000000000001111114334234 (qemu) Will just "work" (in this case the balloon command will get a random value). Fix it by checking if strtoul()/strtoull() overflowed. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
-rw-r--r--monitor.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/monitor.c b/monitor.c
index 8946a10..bf60984 100644
--- a/monitor.c
+++ b/monitor.c
@@ -3120,11 +3120,15 @@ static int64_t expr_unary(Monitor *mon)
n = 0;
break;
default:
+ errno = 0;
#if TARGET_PHYS_ADDR_BITS > 32
n = strtoull(pch, &p, 0);
#else
n = strtoul(pch, &p, 0);
#endif
+ if (errno == ERANGE) {
+ expr_error(mon, "number too large");
+ }
if (pch == p) {
expr_error(mon, "invalid char in expression");
}