| Message ID | 20230512021033.1378730-13-eblake@redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | Fix qemu_strtosz() read-out-of-bounds | expand |
On 12/5/23 04:10, Eric Blake wrote: > All the other qemu_strto* and parse_uint allow a NULL str. Having > qemu_strtosz crash on qemu_strtosz(NULL, NULL, &value) is an easy fix > that adds some consistency between our string parsers. > > Signed-off-by: Eric Blake <eblake@redhat.com> > --- > tests/unit/test-cutils.c | 3 +++ > util/cutils.c | 2 +- > 2 files changed, 4 insertions(+), 1 deletion(-) Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
On 12.05.23 04:10, Eric Blake wrote: > All the other qemu_strto* and parse_uint allow a NULL str. Having > qemu_strtosz crash on qemu_strtosz(NULL, NULL, &value) is an easy fix > that adds some consistency between our string parsers. > > Signed-off-by: Eric Blake <eblake@redhat.com> > --- > tests/unit/test-cutils.c | 3 +++ > util/cutils.c | 2 +- > 2 files changed, 4 insertions(+), 1 deletion(-) Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
diff --git a/tests/unit/test-cutils.c b/tests/unit/test-cutils.c index 5c9ed78be93..1936c7b5795 100644 --- a/tests/unit/test-cutils.c +++ b/tests/unit/test-cutils.c @@ -3260,6 +3260,9 @@ static void test_qemu_strtosz_float(void) static void test_qemu_strtosz_invalid(void) { + do_strtosz(NULL, -EINVAL, 0xbaadf00d, 0); + + /* Must parse at least one digit */ do_strtosz("", -EINVAL, 0xbaadf00d, 0); do_strtosz(" \t ", -EINVAL, 0xbaadf00d, 0); do_strtosz("crap", -EINVAL, 0xbaadf00d, 0); diff --git a/util/cutils.c b/util/cutils.c index e599924a0c4..91c90673aba 100644 --- a/util/cutils.c +++ b/util/cutils.c @@ -306,7 +306,7 @@ static int do_strtosz(const char *nptr, const char **end, out: if (end) { *end = endptr; - } else if (*endptr) { + } else if (nptr && *endptr) { retval = -EINVAL; } if (retval == 0) {
All the other qemu_strto* and parse_uint allow a NULL str. Having qemu_strtosz crash on qemu_strtosz(NULL, NULL, &value) is an easy fix that adds some consistency between our string parsers. Signed-off-by: Eric Blake <eblake@redhat.com> --- tests/unit/test-cutils.c | 3 +++ util/cutils.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-)