diff mbox

[PULL,5/6] hmp: expr_unary(): check for overflow in strtoul()/strtoull()

Message ID 1336499418-12722-6-git-send-email-lcapitulino@redhat.com
State New
Headers show

Commit Message

Luiz Capitulino May 8, 2012, 5:50 p.m. UTC 
It's not checked currently, so something like:

  (qemu) balloon -100000000000001111114334234
  (qemu)

Will just "work" (in this case the balloon command will get a random
value).

Fix it by checking if strtoul()/strtoull() overflowed.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
---
 monitor.c |    4 ++++
 1 file changed, 4 insertions(+)
diff mbox

Patch

diff --git a/monitor.c b/monitor.c
index 8946a10..bf60984 100644
--- a/monitor.c
+++ b/monitor.c
@@ -3120,11 +3120,15 @@  static int64_t expr_unary(Monitor *mon)
         n = 0;
         break;
     default:
+        errno = 0;
 #if TARGET_PHYS_ADDR_BITS > 32
         n = strtoull(pch, &p, 0);
 #else
         n = strtoul(pch, &p, 0);
 #endif
+        if (errno == ERANGE) {
+            expr_error(mon, "number too large");
+        }
         if (pch == p) {
             expr_error(mon, "invalid char in expression");
         }