From e9c5c1f40c949c5d2d7e1eeddf3caaed32e1c641 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Thu, 10 Apr 2014 10:24:30 +0200 Subject: cutils: tighten qemu_parse_fd() qemu_parse_fd() used to handle at least the following strings incorrectly: o "-2": simply let through o "2147483648": returned as LONG_MAX==INT_MAX on ILP32 (with ERANGE ignored); implementation-defined behavior on LP64 Signed-off-by: Laszlo Ersek Reviewed-by: Eric Blake Signed-off-by: Luiz Capitulino --- util/cutils.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'util') diff --git a/util/cutils.c b/util/cutils.c index b337293..dbe7412 100644 --- a/util/cutils.c +++ b/util/cutils.c @@ -24,6 +24,8 @@ #include "qemu-common.h" #include "qemu/host-utils.h" #include +#include +#include #include "qemu/sockets.h" #include "qemu/iov.h" @@ -457,11 +459,16 @@ int parse_uint_full(const char *s, unsigned long long *value, int base) int qemu_parse_fd(const char *param) { - int fd; - char *endptr = NULL; + long fd; + char *endptr; + errno = 0; fd = strtol(param, &endptr, 10); - if (*endptr || (fd == 0 && param == endptr)) { + if (param == endptr /* no conversion performed */ || + errno != 0 /* not representable as long; possibly others */ || + *endptr != '\0' /* final string not empty */ || + fd < 0 /* invalid as file descriptor */ || + fd > INT_MAX /* not representable as int */) { return -1; } return fd; -- cgit v1.1 From 64dfefed169465c5d0fc20fda7b06104406e390c Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Fri, 2 May 2014 13:26:32 +0200 Subject: error: Consistently name Error ** objects errp, and not err Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake Signed-off-by: Luiz Capitulino --- util/error.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'util') diff --git a/util/error.c b/util/error.c index 2bb42e1..66245cc 100644 --- a/util/error.c +++ b/util/error.c @@ -165,13 +165,13 @@ void error_free(Error *err) } } -void error_propagate(Error **dst_err, Error *local_err) +void error_propagate(Error **dst_errp, Error *local_err) { - if (local_err && dst_err == &error_abort) { + if (local_err && dst_errp == &error_abort) { error_report("%s", error_get_pretty(local_err)); abort(); - } else if (dst_err && !*dst_err) { - *dst_err = local_err; + } else if (dst_errp && !*dst_errp) { + *dst_errp = local_err; } else if (local_err) { error_free(local_err); } -- cgit v1.1 From 2767ceec4ed1d6ac9785d9866c80dc7d674a3631 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Fri, 2 May 2014 13:26:40 +0200 Subject: qemu-option: Clean up fragile use of error_is_set() Using error_is_set(ERRP) to find out whether to bail out due to previous error is either wrong, fragile, or unnecessarily opaque. It's wrong when ERRP may be null, because errors go undetected when it is. It's fragile when proving ERRP non-null involves a non-local argument. Else, it's unnecessarily opaque (see commit 84d18f0). The error_is_set(state->errp) in qemu_opts_from_qdict_1() is merely fragile, because the callers never pass state argument with null state->errp. Make the code more robust and more obviously correct: test *state->errp directly. Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake Signed-off-by: Luiz Capitulino --- util/qemu-option.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'util') diff --git a/util/qemu-option.c b/util/qemu-option.c index 8bbc3ad..324e4c5 100644 --- a/util/qemu-option.c +++ b/util/qemu-option.c @@ -1036,7 +1036,7 @@ static void qemu_opts_from_qdict_1(const char *key, QObject *obj, void *opaque) const char *value; int n; - if (!strcmp(key, "id") || error_is_set(state->errp)) { + if (!strcmp(key, "id") || *state->errp) { return; } -- cgit v1.1