8 жил өмнө · f46bfdbfc8
--- a/hmp.c
+++ b/hmp.c
@@ -1344,7 +1344,7 @@ void hmp_migrate_set_parameter(Monitor *mon, const QDict *qdict)
 
				 {
			
 
				     const char *param = qdict_get_str(qdict, "parameter");
			
 
				     const char *valuestr = qdict_get_str(qdict, "value");
			
 
				-    int64_t valuebw = 0;
			
 
				+    uint64_t valuebw = 0;
			
 
				     long valueint = 0;
			
 
				     Error *err = NULL;
			
 
				     bool use_int_value = false;
			
@@ -1385,7 +1385,8 @@ void hmp_migrate_set_parameter(Monitor *mon, const QDict *qdict)
 
				             case MIGRATION_PARAMETER_MAX_BANDWIDTH:
			
 
				                 p.has_max_bandwidth = true;
			
 
				                 ret = qemu_strtosz_MiB(valuestr, NULL, &valuebw);
			
 
				-                if (ret < 0 || (size_t)valuebw != valuebw) {
			
 
				+                if (ret < 0 || valuebw > INT64_MAX
			
 
				+                    || (size_t)valuebw != valuebw) {
			
 
				                     error_setg(&err, "Invalid size %s", valuestr);
			
 
				                     goto cleanup;
			
 
				                 }
			
--- a/hw/misc/ivshmem.c
+++ b/hw/misc/ivshmem.c
@@ -1268,7 +1268,7 @@ static void ivshmem_realize(PCIDevice *dev, Error **errp)
 
				         s->legacy_size = 4 << 20; /* 4 MB default */
			
 
				     } else {
			
 
				         int ret;
			
 
				-        int64_t size;
			
 
				+        uint64_t size;
			
 
				 
			
 
				         ret = qemu_strtosz_MiB(s->sizearg, NULL, &size);
			
 
				         if (ret < 0 || (size_t)size != size || !is_power_of_2(size)) {
			
--- a/include/qemu/cutils.h
+++ b/include/qemu/cutils.h
@@ -139,9 +139,9 @@ int parse_uint(const char *s, unsigned long long *value, char **endptr,
 
				                int base);
			
 
				 int parse_uint_full(const char *s, unsigned long long *value, int base);
			
 
				 
			
 
				-int qemu_strtosz(const char *nptr, char **end, int64_t *result);
			
 
				-int qemu_strtosz_MiB(const char *nptr, char **end, int64_t *result);
			
 
				-int qemu_strtosz_metric(const char *nptr, char **end, int64_t *result);
			
 
				+int qemu_strtosz(const char *nptr, char **end, uint64_t *result);
			
 
				+int qemu_strtosz_MiB(const char *nptr, char **end, uint64_t *result);
			
 
				+int qemu_strtosz_metric(const char *nptr, char **end, uint64_t *result);
			
 
				 
			
 
				 #define K_BYTE     (1ULL << 10)
			
 
				 #define M_BYTE     (1ULL << 20)
			
--- a/monitor.c
+++ b/monitor.c
@@ -2800,7 +2800,7 @@ static QDict *monitor_parse_arguments(Monitor *mon,
 
				         case 'o':
			
 
				             {
			
 
				                 int ret;
			
 
				-                int64_t val;
			
 
				+                uint64_t val;
			
 
				                 char *end;
			
 
				 
			
 
				                 while (qemu_isspace(*p)) {
			
@@ -2813,7 +2813,7 @@ static QDict *monitor_parse_arguments(Monitor *mon,
 
				                     }
			
 
				                 }
			
 
				                 ret = qemu_strtosz_MiB(p, &end, &val);
			
 
				-                if (ret < 0) {
			
 
				+                if (ret < 0 || val > INT64_MAX) {
			
 
				                     monitor_printf(mon, "invalid size\n");
			
 
				                     goto fail;
			
 
				                 }
			
--- a/qapi/opts-visitor.c
+++ b/qapi/opts-visitor.c
@@ -481,7 +481,6 @@ opts_type_size(Visitor *v, const char *name, uint64_t *obj, Error **errp)
 
				 {
			
 
				     OptsVisitor *ov = to_ov(v);
			
 
				     const QemuOpt *opt;
			
 
				-    int64_t val;
			
 
				     int err;
			
 
				 
			
 
				     opt = lookup_scalar(ov, name, errp);
			
@@ -489,14 +488,13 @@ opts_type_size(Visitor *v, const char *name, uint64_t *obj, Error **errp)
 
				         return;
			
 
				     }
			
 
				 
			
 
				-    err = qemu_strtosz(opt->str ? opt->str : "", NULL, &val);
			
 
				+    err = qemu_strtosz(opt->str ? opt->str : "", NULL, obj);
			
 
				     if (err < 0) {
			
 
				         error_setg(errp, QERR_INVALID_PARAMETER_VALUE, opt->name,
			
 
				-                   "a size value representible as a non-negative int64");
			
 
				+                   "a size value");
			
 
				         return;
			
 
				     }
			
 
				 
			
 
				-    *obj = val;
			
 
				     processed(ov, name);
			
 
				 }
			
 
				 
			
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -371,12 +371,15 @@ static int add_old_style_options(const char *fmt, QemuOpts *opts,
 
				 static int64_t cvtnum(const char *s)
			
 
				 {
			
 
				     int err;
			
 
				-    int64_t value;
			
 
				+    uint64_t value;
			
 
				 
			
 
				     err = qemu_strtosz(s, NULL, &value);
			
 
				     if (err < 0) {
			
 
				         return err;
			
 
				     }
			
 
				+    if (value > INT64_MAX) {
			
 
				+        return -ERANGE;
			
 
				+    }
			
 
				     return value;
			
 
				 }
			
 
				 
			
--- a/qemu-io-cmds.c
+++ b/qemu-io-cmds.c
@@ -138,12 +138,15 @@ static char **breakline(char *input, int *count)
 
				 static int64_t cvtnum(const char *s)
			
 
				 {
			
 
				     int err;
			
 
				-    int64_t value;
			
 
				+    uint64_t value;
			
 
				 
			
 
				     err = qemu_strtosz(s, NULL, &value);
			
 
				     if (err < 0) {
			
 
				         return err;
			
 
				     }
			
 
				+    if (value > INT64_MAX) {
			
 
				+        return -ERANGE;
			
 
				+    }
			
 
				     return value;
			
 
				 }
			
 
				 
			
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -2034,10 +2034,10 @@ static void x86_cpu_parse_featurestr(const char *typename, char *features,
 
				         /* Special case: */
			
 
				         if (!strcmp(name, "tsc-freq")) {
			
 
				             int ret;
			
 
				-            int64_t tsc_freq;
			
 
				+            uint64_t tsc_freq;
			
 
				 
			
 
				             ret = qemu_strtosz_metric(val, NULL, &tsc_freq);
			
 
				-            if (ret < 0) {
			
 
				+            if (ret < 0 || tsc_freq > INT64_MAX) {
			
 
				                 error_setg(errp, "bad numerical value %s", val);
			
 
				                 return;
			
 
				             }
			
--- a/tests/test-cutils.c
+++ b/tests/test-cutils.c
@@ -1374,7 +1374,7 @@ static void test_qemu_strtosz_simple(void)
 
				     const char *str;
			
 
				     char *endptr = NULL;
			
 
				     int err;
			
 
				-    int64_t res = 0xbaadf00d;
			
 
				+    uint64_t res = 0xbaadf00d;
			
 
				 
			
 
				     str = "0";
			
 
				     err = qemu_strtosz(str, &endptr, &res);
			
@@ -1412,17 +1412,17 @@ static void test_qemu_strtosz_simple(void)
 
				     g_assert_cmpint(res, ==, 0x20000000000000); /* rounded to 53 bits */
			
 
				     g_assert(endptr == str + 16);
			
 
				 
			
 
				-    str = "9223372036854774784"; /* 0x7ffffffffffffc00 (53 msbs set) */
			
 
				+    str = "18446744073709549568"; /* 0xfffffffffffff800 (53 msbs set) */
			
 
				     err = qemu_strtosz(str, &endptr, &res);
			
 
				     g_assert_cmpint(err, ==, 0);
			
 
				-    g_assert_cmpint(res, ==, 0x7ffffffffffffc00);
			
 
				-    g_assert(endptr == str + 19);
			
 
				+    g_assert_cmpint(res, ==, 0xfffffffffffff800);
			
 
				+    g_assert(endptr == str + 20);
			
 
				 
			
 
				-    str = "9223372036854775295"; /* 0x7ffffffffffffdff */
			
 
				+    str = "18446744073709550591"; /* 0xfffffffffffffbff */
			
 
				     err = qemu_strtosz(str, &endptr, &res);
			
 
				     g_assert_cmpint(err, ==, 0);
			
 
				-    g_assert_cmpint(res, ==, 0x7ffffffffffffc00); /* rounded to 53 bits */
			
 
				-    g_assert(endptr == str + 19);
			
 
				+    g_assert_cmpint(res, ==, 0xfffffffffffff800); /* rounded to 53 bits */
			
 
				+    g_assert(endptr == str + 20);
			
 
				 
			
 
				     /* 0x7ffffffffffffe00..0x7fffffffffffffff get rounded to
			
 
				      * 0x8000000000000000, thus -ERANGE; see test_qemu_strtosz_erange() */
			
@@ -1440,7 +1440,7 @@ static void test_qemu_strtosz_units(void)
 
				     const char *e = "1E";
			
 
				     int err;
			
 
				     char *endptr = NULL;
			
 
				-    int64_t res = 0xbaadf00d;
			
 
				+    uint64_t res = 0xbaadf00d;
			
 
				 
			
 
				     /* default is M */
			
 
				     err = qemu_strtosz_MiB(none, &endptr, &res);
			
@@ -1489,7 +1489,7 @@ static void test_qemu_strtosz_float(void)
 
				     const char *str = "12.345M";
			
 
				     int err;
			
 
				     char *endptr = NULL;
			
 
				-    int64_t res = 0xbaadf00d;
			
 
				+    uint64_t res = 0xbaadf00d;
			
 
				 
			
 
				     err = qemu_strtosz(str, &endptr, &res);
			
 
				     g_assert_cmpint(err, ==, 0);
			
@@ -1502,7 +1502,7 @@ static void test_qemu_strtosz_invalid(void)
 
				     const char *str;
			
 
				     char *endptr = NULL;
			
 
				     int err;
			
 
				-    int64_t res = 0xbaadf00d;
			
 
				+    uint64_t res = 0xbaadf00d;
			
 
				 
			
 
				     str = "";
			
 
				     err = qemu_strtosz(str, &endptr, &res);
			
@@ -1525,7 +1525,7 @@ static void test_qemu_strtosz_trailing(void)
 
				     const char *str;
			
 
				     char *endptr = NULL;
			
 
				     int err;
			
 
				-    int64_t res = 0xbaadf00d;
			
 
				+    uint64_t res = 0xbaadf00d;
			
 
				 
			
 
				     str = "123xxx";
			
 
				     err = qemu_strtosz_MiB(str, &endptr, &res);
			
@@ -1550,29 +1550,29 @@ static void test_qemu_strtosz_erange(void)
 
				     const char *str;
			
 
				     char *endptr = NULL;
			
 
				     int err;
			
 
				-    int64_t res = 0xbaadf00d;
			
 
				+    uint64_t res = 0xbaadf00d;
			
 
				 
			
 
				     str = "-1";
			
 
				     err = qemu_strtosz(str, &endptr, &res);
			
 
				     g_assert_cmpint(err, ==, -ERANGE);
			
 
				     g_assert(endptr == str + 2);
			
 
				 
			
 
				-    str = "9223372036854775296"; /* 0x7ffffffffffffe00 */
			
 
				+    str = "18446744073709550592"; /* 0xfffffffffffffc00 */
			
 
				     err = qemu_strtosz(str, &endptr, &res);
			
 
				     g_assert_cmpint(err, ==, -ERANGE);
			
 
				-    g_assert(endptr == str + 19);
			
 
				+    g_assert(endptr == str + 20);
			
 
				 
			
 
				-    str = "9223372036854775807"; /* 2^63-1 */
			
 
				+    str = "18446744073709551615"; /* 2^64-1 */
			
 
				     err = qemu_strtosz(str, &endptr, &res);
			
 
				     g_assert_cmpint(err, ==, -ERANGE);
			
 
				-    g_assert(endptr == str + 19);
			
 
				+    g_assert(endptr == str + 20);
			
 
				 
			
 
				-    str = "9223372036854775808"; /* 2^63 */
			
 
				+    str = "18446744073709551616"; /* 2^64 */
			
 
				     err = qemu_strtosz(str, &endptr, &res);
			
 
				     g_assert_cmpint(err, ==, -ERANGE);
			
 
				-    g_assert(endptr == str + 19);
			
 
				+    g_assert(endptr == str + 20);
			
 
				 
			
 
				-    str = "10E";
			
 
				+    str = "20E";
			
 
				     err = qemu_strtosz(str, &endptr, &res);
			
 
				     g_assert_cmpint(err, ==, -ERANGE);
			
 
				     g_assert(endptr == str + 3);
			
@@ -1583,7 +1583,7 @@ static void test_qemu_strtosz_metric(void)
 
				     const char *str = "12345k";
			
 
				     int err;
			
 
				     char *endptr = NULL;
			
 
				-    int64_t res = 0xbaadf00d;
			
 
				+    uint64_t res = 0xbaadf00d;
			
 
				 
			
 
				     err = qemu_strtosz_metric(str, &endptr, &res);
			
 
				     g_assert_cmpint(err, ==, 0);
			
--- a/util/cutils.c
+++ b/util/cutils.c
@@ -207,7 +207,7 @@ static int64_t suffix_mul(char suffix, int64_t unit)
 
				  */
			
 
				 static int do_strtosz(const char *nptr, char **end,
			
 
				                       const char default_suffix, int64_t unit,
			
 
				-                      int64_t *result)
			
 
				+                      uint64_t *result)
			
 
				 {
			
 
				     int retval;
			
 
				     char *endptr;
			
@@ -237,7 +237,11 @@ static int do_strtosz(const char *nptr, char **end,
 
				         retval = -EINVAL;
			
 
				         goto out;
			
 
				     }
			
 
				-    if ((val * mul >= INT64_MAX) || val < 0) {
			
 
				+    /*
			
 
				+     * Values >= 0xfffffffffffffc00 overflow uint64_t after their trip
			
 
				+     * through double (53 bits of precision).
			
 
				+     */
			
 
				+    if ((val * mul >= 0xfffffffffffffc00) || val < 0) {
			
 
				         retval = -ERANGE;
			
 
				         goto out;
			
 
				     }
			
@@ -254,17 +258,17 @@ out:
 
				     return retval;
			
 
				 }
			
 
				 
			
 
				-int qemu_strtosz(const char *nptr, char **end, int64_t *result)
			
 
				+int qemu_strtosz(const char *nptr, char **end, uint64_t *result)
			
 
				 {
			
 
				     return do_strtosz(nptr, end, 'B', 1024, result);
			
 
				 }
			
 
				 
			
 
				-int qemu_strtosz_MiB(const char *nptr, char **end, int64_t *result)
			
 
				+int qemu_strtosz_MiB(const char *nptr, char **end, uint64_t *result)
			
 
				 {
			
 
				     return do_strtosz(nptr, end, 'M', 1024, result);
			
 
				 }
			
 
				 
			
 
				-int qemu_strtosz_metric(const char *nptr, char **end, int64_t *result)
			
 
				+int qemu_strtosz_metric(const char *nptr, char **end, uint64_t *result)
			
 
				 {
			
 
				     return do_strtosz(nptr, end, 'B', 1000, result);
			
 
				 }