From: Luiz Capitulino <lcapitulino@redhat.com>
Date: Thu, 26 Apr 2012 19:48:41 +0000 (-0300)
Subject: hmp: expr_unary(): check for overflow in strtoul()/strtoull()
X-Git-Tag: Tizen_Studio_1.3_Release_p2.3.1~1405^2~17^2~479^2~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=6b0e33be88bbccc3bcb987026089aa09f9622de9;p=sdk%2Femulator%2Fqemu.git

hmp: expr_unary(): check for overflow in strtoul()/strtoull()

It's not checked currently, so something like:

  (qemu) balloon -100000000000001111114334234
  (qemu)

Will just "work" (in this case the balloon command will get a random
value).

Fix it by checking if strtoul()/strtoull() overflowed.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
---

diff --git a/monitor.c b/monitor.c
index 8946a100c0..bf60984d8f 100644
--- a/monitor.c
+++ b/monitor.c
@@ -3120,11 +3120,15 @@ static int64_t expr_unary(Monitor *mon)
         n = 0;
         break;
     default:
+        errno = 0;
 #if TARGET_PHYS_ADDR_BITS > 32
         n = strtoull(pch, &p, 0);
 #else
         n = strtoul(pch, &p, 0);
 #endif
+        if (errno == ERANGE) {
+            expr_error(mon, "number too large");
+        }
         if (pch == p) {
             expr_error(mon, "invalid char in expression");
         }