nbd and misc patches for 2023-06-01

- Eric Blake: Fix iotest 104 for NBD
 - Eric Blake: Improve qcow2 spec on padding bytes
 - Eric Blake: Fix read-beyond-bounds bug in qemu_strtosz
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEccLMIrHEYCkn0vOqp6FrSiUnQ2oFAmR6JzEACgkQp6FrSiUn
 Q2oGwgf+PIaN8iedQo5KR08OEf9YxJXab7nL5Oh12+ZvrPOt8XoJcd585KblQ1YI
 3bGC4CO1l4QO3xmKltVHi7hnlX+3/8WMEvh0jBQBG1AjjPCi5Y1A/gGTEJFX60Ux
 /ffEpo8+1vaHQ8srkxBMWIvpF/dYRaMXSm/CP5SNqTllTalTR46YHKL9odXTzIeN
 0Zu9UQw/Jwp5A9/8KB+0M9SYXA6zOEmEqEyOwVESEAU2Lm7titwqdBny6GZc6DH6
 Sa2lKO0qQA/e9ya6jHm2c9ycoNCtQ/2VR8QuCd6WCf9DX8q/9RhdiJir+EK5gqp6
 3JRUFtx783d0BwPnUDUqPawi4txFtw==
 =Cg4e
 -----END PGP SIGNATURE-----

Merge tag 'pull-nbd-2023-06-01-v2' of https://repo.or.cz/qemu/ericb into staging

nbd and misc patches for 2023-06-01

- Eric Blake: Fix iotest 104 for NBD
- Eric Blake: Improve qcow2 spec on padding bytes
- Eric Blake: Fix read-beyond-bounds bug in qemu_strtosz

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEccLMIrHEYCkn0vOqp6FrSiUnQ2oFAmR6JzEACgkQp6FrSiUn
# Q2oGwgf+PIaN8iedQo5KR08OEf9YxJXab7nL5Oh12+ZvrPOt8XoJcd585KblQ1YI
# 3bGC4CO1l4QO3xmKltVHi7hnlX+3/8WMEvh0jBQBG1AjjPCi5Y1A/gGTEJFX60Ux
# /ffEpo8+1vaHQ8srkxBMWIvpF/dYRaMXSm/CP5SNqTllTalTR46YHKL9odXTzIeN
# 0Zu9UQw/Jwp5A9/8KB+0M9SYXA6zOEmEqEyOwVESEAU2Lm7titwqdBny6GZc6DH6
# Sa2lKO0qQA/e9ya6jHm2c9ycoNCtQ/2VR8QuCd6WCf9DX8q/9RhdiJir+EK5gqp6
# 3JRUFtx783d0BwPnUDUqPawi4txFtw==
# =Cg4e
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 02 Jun 2023 10:30:25 AM PDT
# gpg:                using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full]
# gpg:                 aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full]
# gpg:                 aka "[jpeg image of size 6874]" [full]

* tag 'pull-nbd-2023-06-01-v2' of https://repo.or.cz/qemu/ericb: (21 commits)
  cutils: Improve qemu_strtosz handling of fractions
  cutils: Improve qemu_strtod* error paths
  cutils: Use parse_uint in qemu_strtosz for negative rejection
  cutils: Set value in all integral qemu_strto* error paths
  cutils: Set value in all qemu_strtosz* error paths
  test-cutils: Add more coverage to qemu_strtosz
  numa: Check for qemu_strtosz_MiB error
  cutils: Allow NULL str in qemu_strtosz
  test-cutils: Refactor qemu_strtosz tests for less boilerplate
  test-cutils: Prepare for upcoming semantic change in qemu_strtosz
  test-cutils: Add coverage of qemu_strtod
  cutils: Allow NULL endptr in parse_uint()
  cutils: Adjust signature of parse_uint[_full]
  cutils: Document differences between parse_uint and qemu_strtou64
  cutils: Fix wraparound parsing in qemu_strtoui
  test-cutils: Test more integer corner cases
  test-cutils: Test integral qemu_strto* value on failures
  test-cutils: Use g_assert_cmpuint where appropriate
  test-cutils: Avoid g_assert in unit tests
  qcow2: Explicit mention of padding bytes
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
This commit is contained in:
Richard Henderson 2023-06-02 14:57:22 -07:00
commit 24bc242c91
19 changed files with 2048 additions and 795 deletions

View file

@ -35,8 +35,8 @@
static uint32_t toui32(const char *str)
{
unsigned long long ret;
if (parse_uint_full(str, &ret, 10) || ret > UINT32_MAX) {
uint64_t ret;
if (parse_uint_full(str, 10, &ret) || ret > UINT32_MAX) {
dolog("Invalid integer value `%s'\n", str);
exit(1);
}

View file

@ -424,7 +424,7 @@ static struct glfs *qemu_gluster_glfs_init(BlockdevOptionsGluster *gconf,
int ret;
int old_errno;
SocketAddressList *server;
unsigned long long port;
uint64_t port;
glfs = glfs_find_preopened(gconf->volume);
if (glfs) {
@ -445,7 +445,7 @@ static struct glfs *qemu_gluster_glfs_init(BlockdevOptionsGluster *gconf,
server->value->u.q_unix.path, 0);
break;
case SOCKET_ADDRESS_TYPE_INET:
if (parse_uint_full(server->value->u.inet.port, &port, 10) < 0 ||
if (parse_uint_full(server->value->u.inet.port, 10, &port) < 0 ||
port > 65535) {
error_setg(errp, "'%s' is not a valid port number",
server->value->u.inet.port);

View file

@ -114,13 +114,13 @@ static int nfs_parse_uri(const char *filename, QDict *options, Error **errp)
qdict_put_str(options, "path", uri->path);
for (i = 0; i < qp->n; i++) {
unsigned long long val;
uint64_t val;
if (!qp->p[i].value) {
error_setg(errp, "Value for NFS parameter expected: %s",
qp->p[i].name);
goto out;
}
if (parse_uint_full(qp->p[i].value, &val, 0)) {
if (parse_uint_full(qp->p[i].value, 0, &val)) {
error_setg(errp, "Illegal value for NFS parameter: %s",
qp->p[i].name);
goto out;

View file

@ -341,10 +341,10 @@ static bool parse_stats_intervals(BlockAcctStats *stats, QList *intervals,
switch (qobject_type(entry->value)) {
case QTYPE_QSTRING: {
unsigned long long length;
uint64_t length;
const char *str = qstring_get_str(qobject_to(QString,
entry->value));
if (parse_uint_full(str, &length, 10) == 0 &&
if (parse_uint_full(str, 10, &length) == 0 &&
length > 0 && length <= UINT_MAX) {
block_acct_add_interval(stats, (unsigned) length);
} else {

View file

@ -69,7 +69,7 @@ static void
ivshmem_server_parse_args(IvshmemServerArgs *args, int argc, char *argv[])
{
int c;
unsigned long long v;
uint64_t v;
Error *err = NULL;
while ((c = getopt(argc, argv, "hvFp:S:m:M:l:n:")) != -1) {
@ -112,7 +112,7 @@ ivshmem_server_parse_args(IvshmemServerArgs *args, int argc, char *argv[])
break;
case 'n': /* number of vectors */
if (parse_uint_full(optarg, &v, 0) < 0) {
if (parse_uint_full(optarg, 0, &v) < 0) {
fprintf(stderr, "cannot parse n_vectors\n");
ivshmem_server_help(argv[0]);
exit(1);

View file

@ -226,6 +226,7 @@ version 2.
<https://www.zlib.net/> in QEMU. However, clusters with the
deflate compression type do not have zlib headers.
105 - 111: Padding, contents defined below.
=== Header padding ===

View file

@ -531,10 +531,17 @@ static int parse_numa(void *opaque, QemuOpts *opts, Error **errp)
/* Fix up legacy suffix-less format */
if ((object->type == NUMA_OPTIONS_TYPE_NODE) && object->u.node.has_mem) {
const char *mem_str = qemu_opt_get(opts, "mem");
qemu_strtosz_MiB(mem_str, NULL, &object->u.node.mem);
int ret = qemu_strtosz_MiB(mem_str, NULL, &object->u.node.mem);
if (ret < 0) {
error_setg_errno(&err, -ret, "could not parse memory size '%s'",
mem_str);
}
}
set_numa_options(ms, object, &err);
if (!err) {
set_numa_options(ms, object, &err);
}
qapi_free_NumaOptions(object);
if (err) {

View file

@ -163,9 +163,8 @@ int qemu_strtou64(const char *nptr, const char **endptr, int base,
int qemu_strtod(const char *nptr, const char **endptr, double *result);
int qemu_strtod_finite(const char *nptr, const char **endptr, double *result);
int parse_uint(const char *s, unsigned long long *value, char **endptr,
int base);
int parse_uint_full(const char *s, unsigned long long *value, int base);
int parse_uint(const char *s, const char **endptr, int base, uint64_t *value);
int parse_uint_full(const char *s, int base, uint64_t *value);
int qemu_strtosz(const char *nptr, const char **end, uint64_t *result);
int qemu_strtosz_MiB(const char *nptr, const char **end, uint64_t *result);

View file

@ -454,8 +454,8 @@ opts_type_uint64(Visitor *v, const char *name, uint64_t *obj, Error **errp)
OptsVisitor *ov = to_ov(v);
const QemuOpt *opt;
const char *str;
unsigned long long val;
char *endptr;
uint64_t val;
const char *endptr;
if (ov->list_mode == LM_UNSIGNED_INTERVAL) {
*obj = ov->range_next.u;
@ -471,18 +471,18 @@ opts_type_uint64(Visitor *v, const char *name, uint64_t *obj, Error **errp)
/* we've gotten past lookup_scalar() */
assert(ov->list_mode == LM_NONE || ov->list_mode == LM_IN_PROGRESS);
if (parse_uint(str, &val, &endptr, 0) == 0 && val <= UINT64_MAX) {
if (parse_uint(str, &endptr, 0, &val) == 0) {
if (*endptr == '\0') {
*obj = val;
processed(ov, name);
return true;
}
if (*endptr == '-' && ov->list_mode == LM_IN_PROGRESS) {
unsigned long long val2;
uint64_t val2;
str = endptr + 1;
if (parse_uint_full(str, &val2, 0) == 0 &&
val2 <= UINT64_MAX && val <= val2 &&
if (parse_uint_full(str, 0, &val2) == 0 &&
val <= val2 &&
val2 - val < OPTS_VISITOR_RANGE_MAX) {
ov->range_next.u = val;
ov->range_limit.u = val2;

View file

@ -92,13 +92,10 @@ Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off comp
== 3. Invalid sizes ==
qemu-img create -f qcow2 TEST_DIR/t.qcow2 -- -1024
qemu-img: Invalid image size specified. You may use k, M, G, T, P or E suffixes for
qemu-img: kilobytes, megabytes, gigabytes, terabytes, petabytes and exabytes.
qemu-img: Invalid image size specified. Must be between 0 and 9223372036854775807.
qemu-img create -f qcow2 -o size=-1024 TEST_DIR/t.qcow2
qemu-img: TEST_DIR/t.qcow2: Parameter 'size' expects a non-negative number below 2^64
Optional suffix k, M, G, T, P or E means kilo-, mega-, giga-, tera-, peta-
and exabytes, respectively.
qemu-img: TEST_DIR/t.qcow2: Value '-1024' is out of range for parameter 'size'
qemu-img create -f qcow2 TEST_DIR/t.qcow2 -- -1k
qemu-img: Invalid image size specified. You may use k, M, G, T, P or E suffixes for

View file

@ -13,8 +13,7 @@ qemu-img: Invalid option list: ,
qemu-img: Invalid parameter 'snapshot.foo'
qemu-img: Failed in parsing snapshot param 'snapshot.foo=bar'
qemu-img: --output must be used with human or json as argument.
qemu-img: Invalid image size specified. You may use k, M, G, T, P or E suffixes for
qemu-img: kilobytes, megabytes, gigabytes, terabytes, petabytes and exabytes.
qemu-img: Invalid image size specified. Must be between 0 and 9223372036854775807.
qemu-img: Unknown file format 'foo'
== Size calculation for a new file (human) ==

View file

@ -13,8 +13,7 @@ qemu-img: Invalid option list: ,
qemu-img: Invalid parameter 'snapshot.foo'
qemu-img: Failed in parsing snapshot param 'snapshot.foo=bar'
qemu-img: --output must be used with human or json as argument.
qemu-img: Invalid image size specified. You may use k, M, G, T, P or E suffixes for
qemu-img: kilobytes, megabytes, gigabytes, terabytes, petabytes and exabytes.
qemu-img: Invalid image size specified. Must be between 0 and 9223372036854775807.
qemu-img: Unknown file format 'foo'
== Size calculation for a new file (human) ==

View file

@ -1,6 +1,6 @@
#!/usr/bin/env bash
#
# Copyright (C) 2009 Red Hat, Inc.
# Copyright Red Hat
# Copyright (c) 2000-2001 Silicon Graphics, Inc. All Rights Reserved.
#
# This program is free software; you can redistribute it and/or
@ -131,7 +131,6 @@ _filter_img_create_filenames()
-e "s#$SOCK_DIR#SOCK_DIR#g" \
-e 's#SOCK_DIR/fuse-#TEST_DIR/#g' \
-e "s#$IMGFMT#IMGFMT#g" \
-e 's#nbd:127.0.0.1:[0-9]\\+#TEST_DIR/t.IMGFMT#g' \
-e 's#nbd+unix:///\??socket=SOCK_DIR/nbd#TEST_DIR/t.IMGFMT#g'
}
@ -229,7 +228,6 @@ _filter_img_info()
-e "s#$TEST_DIR#TEST_DIR#g" \
-e "s#$SOCK_DIR#SOCK_DIR#g" \
-e "s#$IMGFMT#IMGFMT#g" \
-e 's#nbd://127.0.0.1:[0-9]\\+$#TEST_DIR/t.IMGFMT#g' \
-e 's#nbd+unix:///\??socket=SOCK_DIR/nbd#TEST_DIR/t.IMGFMT#g' \
-e 's#SOCK_DIR/fuse-#TEST_DIR/#g' \
-e "/encrypted: yes/d" \

View file

@ -1,6 +1,6 @@
#!/usr/bin/env bash
#
# Copyright (C) 2009 Red Hat, Inc.
# Copyright Red Hat
# Copyright (c) 2000-2006 Silicon Graphics, Inc. All Rights Reserved.
#
# This program is free software; you can redistribute it and/or modify
@ -717,6 +717,7 @@ _img_info()
-e "s#$IMGPROTO:$TEST_DIR#TEST_DIR#g" \
-e "s#$TEST_DIR#TEST_DIR#g" \
-e "s#$SOCK_DIR/fuse-#TEST_DIR/#g" \
-e "s#$SOCK_DIR/#SOCK_DIR/#g" \
-e "s#$IMGFMT#IMGFMT#g" \
-e 's/\(compression type: \)\(zlib\|zstd\)/\1COMPRESSION_TYPE/' \
-e "/^disk size:/ D" \

File diff suppressed because it is too large Load diff

View file

@ -3728,7 +3728,7 @@ static int vnc_display_get_address(const char *addrstr,
} else {
const char *port;
size_t hostlen;
unsigned long long baseport = 0;
uint64_t baseport = 0;
InetSocketAddress *inet;
port = strrchr(addrstr, ':');
@ -3776,7 +3776,7 @@ static int vnc_display_get_address(const char *addrstr,
}
} else {
int offset = reverse ? 0 : 5900;
if (parse_uint_full(port, &baseport, 10) < 0) {
if (parse_uint_full(port, 10, &baseport) < 0) {
error_setg(errp, "can't convert to a number: %s", port);
goto cleanup;
}

View file

@ -194,46 +194,48 @@ static int64_t suffix_mul(char suffix, int64_t unit)
* - 12345 - decimal, scale determined by @default_suffix and @unit
* - 12345{bBkKmMgGtTpPeE} - decimal, scale determined by suffix and @unit
* - 12345.678{kKmMgGtTpPeE} - decimal, scale determined by suffix, and
* fractional portion is truncated to byte
* fractional portion is truncated to byte, either side of . may be empty
* - 0x7fEE - hexadecimal, unit determined by @default_suffix
*
* The following are intentionally not supported
* - hex with scaling suffix, such as 0x20M
* - octal, such as 08
* - fractional hex, such as 0x1.8
* - floating point exponents, such as 1e3
* - hex with scaling suffix, such as 0x20M or 0x1p3 (both fail with
* -EINVAL), while 0x1b is 27 (not 1 with byte scale)
* - octal, such as 08 (parsed as decimal instead)
* - binary, such as 0b1000 (parsed as 0b with trailing garbage "1000")
* - fractional hex, such as 0x1.8 (parsed as 0 with trailing garbage "x1.8")
* - negative values, including -0 (fail with -ERANGE)
* - floating point exponents, such as 1e3 (parsed as 1e with trailing
* garbage "3") or 0x1p3 (rejected as hex with scaling suffix)
* - non-finite values, such as inf or NaN (fail with -EINVAL)
*
* The end pointer will be returned in *end, if not NULL. If there is
* no fraction, the input can be decimal or hexadecimal; if there is a
* fraction, then the input must be decimal and there must be a suffix
* (possibly by @default_suffix) larger than Byte, and the fractional
* portion may suffer from precision loss or rounding. The input must
* be positive.
* non-zero fraction, then the input must be decimal and there must be
* a suffix (possibly by @default_suffix) larger than Byte, and the
* fractional portion may suffer from precision loss or rounding. The
* input must be positive.
*
* Return -ERANGE on overflow (with *@end advanced), and -EINVAL on
* other error (with *@end left unchanged).
* other error (with *@end at @nptr). Unlike strtoull, *@result is
* set to 0 on all errors, as returning UINT64_MAX on overflow is less
* likely to be usable as a size.
*/
static int do_strtosz(const char *nptr, const char **end,
const char default_suffix, int64_t unit,
uint64_t *result)
{
int retval;
const char *endptr, *f;
const char *endptr;
unsigned char c;
uint64_t val, valf = 0;
uint64_t val = 0, valf = 0;
int64_t mul;
/* Parse integral portion as decimal. */
retval = qemu_strtou64(nptr, &endptr, 10, &val);
if (retval) {
retval = parse_uint(nptr, &endptr, 10, &val);
if (retval == -ERANGE || !nptr) {
goto out;
}
if (memchr(nptr, '-', endptr - nptr) != NULL) {
endptr = nptr;
retval = -EINVAL;
goto out;
}
if (val == 0 && (*endptr == 'x' || *endptr == 'X')) {
if (retval == 0 && val == 0 && (*endptr == 'x' || *endptr == 'X')) {
/* Input looks like hex; reparse, and insist on no fraction or suffix. */
retval = qemu_strtou64(nptr, &endptr, 16, &val);
if (retval) {
@ -244,26 +246,68 @@ static int do_strtosz(const char *nptr, const char **end,
retval = -EINVAL;
goto out;
}
} else if (*endptr == '.') {
} else if (*endptr == '.' || (endptr == nptr && strchr(nptr, '.'))) {
/*
* Input looks like a fraction. Make sure even 1.k works
* without fractional digits. If we see an exponent, treat
* the entire input as invalid instead.
* without fractional digits. strtod tries to treat 'e' as an
* exponent, but we want to treat it as a scaling suffix;
* doing this requires modifying a copy of the fraction.
*/
double fraction;
double fraction = 0.0;
f = endptr;
retval = qemu_strtod_finite(f, &endptr, &fraction);
if (retval) {
if (retval == 0 && *endptr == '.' && !isdigit(endptr[1])) {
/* If we got here, we parsed at least one digit already. */
endptr++;
} else if (memchr(f, 'e', endptr - f) || memchr(f, 'E', endptr - f)) {
endptr = nptr;
retval = -EINVAL;
goto out;
} else {
/* Extract into a 64-bit fixed-point fraction. */
valf = (uint64_t)(fraction * 0x1p64);
char *e;
const char *tail;
g_autofree char *copy = g_strdup(endptr);
e = strchr(copy, 'e');
if (e) {
*e = '\0';
}
e = strchr(copy, 'E');
if (e) {
*e = '\0';
}
/*
* If this is a floating point, we are guaranteed that '.'
* appears before any possible digits in copy. If it is
* not a floating point, strtod will fail. Either way,
* there is now no exponent in copy, so if it parses, we
* know 0.0 <= abs(result) <= 1.0 (after rounding), and
* ERANGE is only possible on underflow which is okay.
*/
retval = qemu_strtod_finite(copy, &tail, &fraction);
endptr += tail - copy;
if (signbit(fraction)) {
retval = -ERANGE;
goto out;
}
}
/* Extract into a 64-bit fixed-point fraction. */
if (fraction == 1.0) {
if (val == UINT64_MAX) {
retval = -ERANGE;
goto out;
}
val++;
} else if (retval == -ERANGE) {
/* See comments above about underflow */
valf = 1;
retval = 0;
} else {
/* We want non-zero valf for any non-zero fraction */
valf = (uint64_t)(fraction * 0x1p64);
if (valf == 0 && fraction > 0.0) {
valf = 1;
}
}
}
if (retval) {
goto out;
}
c = *endptr;
mul = suffix_mul(c, unit);
@ -306,11 +350,16 @@ static int do_strtosz(const char *nptr, const char **end,
out:
if (end) {
*end = endptr;
} else if (*endptr) {
} else if (nptr && *endptr) {
retval = -EINVAL;
}
if (retval == 0) {
*result = val;
} else {
*result = 0;
if (end && retval == -EINVAL) {
*end = nptr;
}
}
return retval;
@ -377,12 +426,13 @@ static int check_strtox_error(const char *nptr, char *ep,
*
* @nptr may be null, and no conversion is performed then.
*
* If no conversion is performed, store @nptr in *@endptr and return
* -EINVAL.
* If no conversion is performed, store @nptr in *@endptr, 0 in
* @result, and return -EINVAL.
*
* If @endptr is null, and the string isn't fully converted, return
* -EINVAL. This is the case when the pointer that would be stored in
* a non-null @endptr points to a character other than '\0'.
* -EINVAL with @result set to the parsed value. This is the case
* when the pointer that would be stored in a non-null @endptr points
* to a character other than '\0'.
*
* If the conversion overflows @result, store INT_MAX in @result,
* and return -ERANGE.
@ -391,6 +441,9 @@ static int check_strtox_error(const char *nptr, char *ep,
* and return -ERANGE.
*
* Else store the converted value in @result, and return zero.
*
* This matches the behavior of strtol() on 32-bit platforms, even on
* platforms where long is 64-bits.
*/
int qemu_strtoi(const char *nptr, const char **endptr, int base,
int *result)
@ -400,6 +453,7 @@ int qemu_strtoi(const char *nptr, const char **endptr, int base,
assert((unsigned) base <= 36 && base != 1);
if (!nptr) {
*result = 0;
if (endptr) {
*endptr = nptr;
}
@ -429,12 +483,13 @@ int qemu_strtoi(const char *nptr, const char **endptr, int base,
*
* @nptr may be null, and no conversion is performed then.
*
* If no conversion is performed, store @nptr in *@endptr and return
* -EINVAL.
* If no conversion is performed, store @nptr in *@endptr, 0 in
* @result, and return -EINVAL.
*
* If @endptr is null, and the string isn't fully converted, return
* -EINVAL. This is the case when the pointer that would be stored in
* a non-null @endptr points to a character other than '\0'.
* -EINVAL with @result set to the parsed value. This is the case
* when the pointer that would be stored in a non-null @endptr points
* to a character other than '\0'.
*
* If the conversion overflows @result, store UINT_MAX in @result,
* and return -ERANGE.
@ -443,16 +498,19 @@ int qemu_strtoi(const char *nptr, const char **endptr, int base,
*
* Note that a number with a leading minus sign gets converted without
* the minus sign, checked for overflow (see above), then negated (in
* @result's type). This is exactly how strtoul() works.
* @result's type). This matches the behavior of strtoul() on 32-bit
* platforms, even on platforms where long is 64-bits.
*/
int qemu_strtoui(const char *nptr, const char **endptr, int base,
unsigned int *result)
{
char *ep;
long long lresult;
unsigned long long lresult;
bool neg;
assert((unsigned) base <= 36 && base != 1);
if (!nptr) {
*result = 0;
if (endptr) {
*endptr = nptr;
}
@ -466,14 +524,22 @@ int qemu_strtoui(const char *nptr, const char **endptr, int base,
if (errno == ERANGE) {
*result = -1;
} else {
/*
* Note that platforms with 32-bit strtoul only accept input
* in the range [-4294967295, 4294967295]; but we used 64-bit
* strtoull which wraps -18446744073709551615 to 1 instead of
* declaring overflow. So we must check if '-' was parsed,
* and if so, undo the negation before doing our bounds check.
*/
neg = memchr(nptr, '-', ep - nptr) != NULL;
if (neg) {
lresult = -lresult;
}
if (lresult > UINT_MAX) {
*result = UINT_MAX;
errno = ERANGE;
} else if (lresult < INT_MIN) {
*result = UINT_MAX;
errno = ERANGE;
} else {
*result = lresult;
*result = neg ? -lresult : lresult;
}
}
return check_strtox_error(nptr, ep, endptr, lresult == 0, errno);
@ -488,12 +554,13 @@ int qemu_strtoui(const char *nptr, const char **endptr, int base,
*
* @nptr may be null, and no conversion is performed then.
*
* If no conversion is performed, store @nptr in *@endptr and return
* -EINVAL.
* If no conversion is performed, store @nptr in *@endptr, 0 in
* @result, and return -EINVAL.
*
* If @endptr is null, and the string isn't fully converted, return
* -EINVAL. This is the case when the pointer that would be stored in
* a non-null @endptr points to a character other than '\0'.
* -EINVAL with @result set to the parsed value. This is the case
* when the pointer that would be stored in a non-null @endptr points
* to a character other than '\0'.
*
* If the conversion overflows @result, store LONG_MAX in @result,
* and return -ERANGE.
@ -510,6 +577,7 @@ int qemu_strtol(const char *nptr, const char **endptr, int base,
assert((unsigned) base <= 36 && base != 1);
if (!nptr) {
*result = 0;
if (endptr) {
*endptr = nptr;
}
@ -530,12 +598,13 @@ int qemu_strtol(const char *nptr, const char **endptr, int base,
*
* @nptr may be null, and no conversion is performed then.
*
* If no conversion is performed, store @nptr in *@endptr and return
* -EINVAL.
* If no conversion is performed, store @nptr in *@endptr, 0 in
* @result, and return -EINVAL.
*
* If @endptr is null, and the string isn't fully converted, return
* -EINVAL. This is the case when the pointer that would be stored in
* a non-null @endptr points to a character other than '\0'.
* -EINVAL with @result set to the parsed value. This is the case
* when the pointer that would be stored in a non-null @endptr points
* to a character other than '\0'.
*
* If the conversion overflows @result, store ULONG_MAX in @result,
* and return -ERANGE.
@ -553,6 +622,7 @@ int qemu_strtoul(const char *nptr, const char **endptr, int base,
assert((unsigned) base <= 36 && base != 1);
if (!nptr) {
*result = 0;
if (endptr) {
*endptr = nptr;
}
@ -581,6 +651,7 @@ int qemu_strtoi64(const char *nptr, const char **endptr, int base,
assert((unsigned) base <= 36 && base != 1);
if (!nptr) {
*result = 0;
if (endptr) {
*endptr = nptr;
}
@ -598,6 +669,8 @@ int qemu_strtoi64(const char *nptr, const char **endptr, int base,
* Convert string @nptr to an uint64_t.
*
* Works like qemu_strtoul(), except it stores UINT64_MAX on overflow.
* (If you want to prohibit negative numbers that wrap around to
* positive, use parse_uint()).
*/
int qemu_strtou64(const char *nptr, const char **endptr, int base,
uint64_t *result)
@ -606,6 +679,7 @@ int qemu_strtou64(const char *nptr, const char **endptr, int base,
assert((unsigned) base <= 36 && base != 1);
if (!nptr) {
*result = 0;
if (endptr) {
*endptr = nptr;
}
@ -632,12 +706,13 @@ int qemu_strtou64(const char *nptr, const char **endptr, int base,
*
* @nptr may be null, and no conversion is performed then.
*
* If no conversion is performed, store @nptr in *@endptr and return
* -EINVAL.
* If no conversion is performed, store @nptr in *@endptr, +0.0 in
* @result, and return -EINVAL.
*
* If @endptr is null, and the string isn't fully converted, return
* -EINVAL. This is the case when the pointer that would be stored in
* a non-null @endptr points to a character other than '\0'.
* -EINVAL with @result set to the parsed value. This is the case
* when the pointer that would be stored in a non-null @endptr points
* to a character other than '\0'.
*
* If the conversion overflows, store +/-HUGE_VAL in @result, depending
* on the sign, and return -ERANGE.
@ -652,6 +727,7 @@ int qemu_strtod(const char *nptr, const char **endptr, double *result)
char *ep;
if (!nptr) {
*result = 0.0;
if (endptr) {
*endptr = nptr;
}
@ -666,24 +742,28 @@ int qemu_strtod(const char *nptr, const char **endptr, double *result)
/**
* Convert string @nptr to a finite double.
*
* Works like qemu_strtod(), except that "NaN" and "inf" are rejected
* with -EINVAL and no conversion is performed.
* Works like qemu_strtod(), except that "NaN", "inf", and strings
* that cause ERANGE overflow errors are rejected with -EINVAL as if
* no conversion is performed, storing 0.0 into @result regardless of
* any sign. -ERANGE failures for underflow still preserve the parsed
* sign.
*/
int qemu_strtod_finite(const char *nptr, const char **endptr, double *result)
{
double tmp;
const char *tmp;
int ret;
ret = qemu_strtod(nptr, endptr, &tmp);
if (!ret && !isfinite(tmp)) {
ret = qemu_strtod(nptr, &tmp, result);
if (!isfinite(*result)) {
if (endptr) {
*endptr = nptr;
}
*result = 0.0;
ret = -EINVAL;
} else if (endptr) {
*endptr = tmp;
} else if (*tmp) {
ret = -EINVAL;
}
if (ret != -EINVAL) {
*result = tmp;
}
return ret;
}
@ -707,32 +787,33 @@ const char *qemu_strchrnul(const char *s, int c)
* parse_uint:
*
* @s: String to parse
* @value: Destination for parsed integer value
* @endptr: Destination for pointer to first character not consumed
* @base: integer base, between 2 and 36 inclusive, or 0
* @value: Destination for parsed integer value
*
* Parse unsigned integer
*
* Parsed syntax is like strtoull()'s: arbitrary whitespace, a single optional
* '+' or '-', an optional "0x" if @base is 0 or 16, one or more digits.
*
* If @s is null, or @base is invalid, or @s doesn't start with an
* integer in the syntax above, set *@value to 0, *@endptr to @s, and
* return -EINVAL.
* If @s is null, or @s doesn't start with an integer in the syntax
* above, set *@value to 0, *@endptr to @s, and return -EINVAL.
*
* Set *@endptr to point right beyond the parsed integer (even if the integer
* overflows or is negative, all digits will be parsed and *@endptr will
* point right beyond them).
* point right beyond them). If @endptr is %NULL, any trailing character
* instead causes a result of -EINVAL with *@value of 0.
*
* If the integer is negative, set *@value to 0, and return -ERANGE.
* (If you want to allow negative numbers that wrap around within
* bounds, use qemu_strtou64()).
*
* If the integer overflows unsigned long long, set *@value to
* ULLONG_MAX, and return -ERANGE.
*
* Else, set *@value to the parsed integer, and return 0.
*/
int parse_uint(const char *s, unsigned long long *value, char **endptr,
int base)
int parse_uint(const char *s, const char **endptr, int base, uint64_t *value)
{
int r = 0;
char *endp = (char *)s;
@ -768,7 +849,12 @@ int parse_uint(const char *s, unsigned long long *value, char **endptr,
out:
*value = val;
*endptr = endp;
if (endptr) {
*endptr = endp;
} else if (s && *endp) {
r = -EINVAL;
*value = 0;
}
return r;
}
@ -776,31 +862,16 @@ out:
* parse_uint_full:
*
* @s: String to parse
* @value: Destination for parsed integer value
* @base: integer base, between 2 and 36 inclusive, or 0
* @value: Destination for parsed integer value
*
* Parse unsigned integer from entire string
* Parse unsigned integer from entire string, rejecting any trailing slop.
*
* Have the same behavior of parse_uint(), but with an additional check
* for additional data after the parsed number. If extra characters are present
* after the parsed number, the function will return -EINVAL, and *@v will
* be set to 0.
* Shorthand for parse_uint(s, NULL, base, value).
*/
int parse_uint_full(const char *s, unsigned long long *value, int base)
int parse_uint_full(const char *s, int base, uint64_t *value)
{
char *endp;
int r;
r = parse_uint(s, value, &endp, base);
if (r < 0) {
return r;
}
if (*endp) {
*value = 0;
return -EINVAL;
}
return 0;
return parse_uint(s, NULL, base, value);
}
int qemu_parse_fd(const char *param)

View file

@ -89,8 +89,8 @@ void qemu_guest_random_seed_thread_part2(uint64_t seed)
int qemu_guest_random_seed_main(const char *optarg, Error **errp)
{
unsigned long long seed;
if (parse_uint_full(optarg, &seed, 0)) {
uint64_t seed;
if (parse_uint_full(optarg, 0, &seed)) {
error_setg(errp, "Invalid seed number: %s", optarg);
return -1;
} else {

View file

@ -249,12 +249,12 @@ static int inet_listen_saddr(InetSocketAddress *saddr,
/* lookup */
if (port_offset) {
unsigned long long baseport;
uint64_t baseport;
if (strlen(port) == 0) {
error_setg(errp, "port not specified");
return -1;
}
if (parse_uint_full(port, &baseport, 10) < 0) {
if (parse_uint_full(port, 10, &baseport) < 0) {
error_setg(errp, "can't convert to a number: %s", port);
return -1;
}
@ -732,19 +732,19 @@ static bool vsock_parse_vaddr_to_sockaddr(const VsockSocketAddress *vaddr,
struct sockaddr_vm *svm,
Error **errp)
{
unsigned long long val;
uint64_t val;
memset(svm, 0, sizeof(*svm));
svm->svm_family = AF_VSOCK;
if (parse_uint_full(vaddr->cid, &val, 10) < 0 ||
if (parse_uint_full(vaddr->cid, 10, &val) < 0 ||
val > UINT32_MAX) {
error_setg(errp, "Failed to parse cid '%s'", vaddr->cid);
return false;
}
svm->svm_cid = val;
if (parse_uint_full(vaddr->port, &val, 10) < 0 ||
if (parse_uint_full(vaddr->port, 10, &val) < 0 ||
val > UINT32_MAX) {
error_setg(errp, "Failed to parse port '%s'", vaddr->port);
return false;