hmp: expr_unary(): check for overflow in strtoul()/strtoull()
authorLuiz Capitulino <lcapitulino@redhat.com>
Thu, 26 Apr 2012 19:48:41 +0000 (16:48 -0300)
committerLuiz Capitulino <lcapitulino@redhat.com>
Tue, 8 May 2012 17:30:22 +0000 (14:30 -0300)
It's not checked currently, so something like:

  (qemu) balloon -100000000000001111114334234
  (qemu)

Will just "work" (in this case the balloon command will get a random
value).

Fix it by checking if strtoul()/strtoull() overflowed.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
monitor.c

index 8946a100c0e61720734019958adf9f2fed6e17b8..bf60984d8f19a729ee5a7a8657f0c3276e261ccd 100644 (file)
--- a/monitor.c
+++ b/monitor.c
@@ -3120,11 +3120,15 @@ static int64_t expr_unary(Monitor *mon)
         n = 0;
         break;
     default:
+        errno = 0;
 #if TARGET_PHYS_ADDR_BITS > 32
         n = strtoull(pch, &p, 0);
 #else
         n = strtoul(pch, &p, 0);
 #endif
+        if (errno == ERANGE) {
+            expr_error(mon, "number too large");
+        }
         if (pch == p) {
             expr_error(mon, "invalid char in expression");
         }