| Message ID | 20221201061311.3619052-3-armbru@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | ui: Move and clean up monitor command code | expand |
On Thu, Dec 01, 2022 at 07:13:04AM +0100, Markus Armbruster wrote: > Keys are int. HMP sendkey assigns them from the value strtoul(), > silently truncating values greater than INT_MAX. Fix to reject them. > > While there, use qemu_strtoul() instead of strtoul() so checkpatch.pl > won't complain. > > Signed-off-by: Markus Armbruster <armbru@redhat.com> > --- > monitor/hmp-cmds.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> With regards, Daniel
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c index 01b789a79e..a7c9ae2520 100644 --- a/monitor/hmp-cmds.c +++ b/monitor/hmp-cmds.c @@ -1666,8 +1666,13 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict) v = g_malloc0(sizeof(*v)); if (strstart(keys, "0x", NULL)) { - char *endp; - int value = strtoul(keys, &endp, 0); + const char *endp; + unsigned long value; + + if (qemu_strtoul(keys, &endp, 0, &value) < 0 + || value >= INT_MAX) { + goto err_out; + } assert(endp <= keys + keyname_len); if (endp != keys + keyname_len) { goto err_out;
Keys are int. HMP sendkey assigns them from the value strtoul(), silently truncating values greater than INT_MAX. Fix to reject them. While there, use qemu_strtoul() instead of strtoul() so checkpatch.pl won't complain. Signed-off-by: Markus Armbruster <armbru@redhat.com> --- monitor/hmp-cmds.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-)