Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing

From:	Michael S. Tsirkin
Subject:	Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing
Date:	Fri, 17 Feb 2012 12:08:10 +0200
User-agent:	Mutt/1.5.21 (2010-09-15)

On Thu, Feb 16, 2012 at 01:39:02PM -0700, Eric Blake wrote:
> On 02/16/2012 12:23 PM, malc wrote:
> > On Thu, 16 Feb 2012, Michael S. Tsirkin wrote:
> > 
> >> Use scanf instead of manual string scanning.
> >>
> >> +
> >> +    /* Parse [[<domain>:]<bus>:]<slot> */
> >> +    sscanf(addr, "%x:%x:%x%n", &dom, &bus, &slot, &n);
> > 
> > sscanf can fail.
> 
> Worse, the *scanf family has undefined behavior on integer overflow.  If
> addr contains "100000000000000:0:0", there's no telling whether it will
> be diagnosed as a parse error, or silently accepted and truncated, in
> which case, there's no telling what dom will contain.
> 
> I cringe any time I see someone using scanf to parse numbers from
> arbitrary user input; I barely tolerate it for parsing things generated
> by the kernel, but even there, I won't ever use scanf myself.
> Same goes
> for atoi.  _Only_ strtol and friends can robustly parse arbitrary input
> into integers.

Seems easy to fix: I'll just set maximum field width of 8.
Any other issues?


> -- 
> Eric Blake   address@hidden    +1-919-301-3266
> Libvirt virtualization library http://libvirt.org
>

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 0/2] pci devaddr parsing cleanups, Michael S. Tsirkin, 2012/02/16
- [Qemu-devel] [PATCH 1/2] pci: don't export an internal function, Michael S. Tsirkin, 2012/02/16
- [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, Michael S. Tsirkin, 2012/02/16
  - Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, malc, 2012/02/16
    - Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, Eric Blake, 2012/02/16
    - Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, malc, 2012/02/16
    - Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, Michael S. Tsirkin <=
    - Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, Markus Armbruster, 2012/02/17
    - Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, Michael S. Tsirkin, 2012/02/19
    - Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, Michael S. Tsirkin, 2012/02/19
    - Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, Michael S. Tsirkin, 2012/02/17
    - Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, malc, 2012/02/17
    - Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing, Michael S. Tsirkin, 2012/02/17

Prev by Date: Re: [Qemu-devel] [PATCH RFC v3 14/21] target-arm: Move the PXA270's iwMMXt reset to pxa270_reset()
Next by Date: Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing
Previous by thread: Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing
Next by thread: Re: [Qemu-devel] [PATCH 2/2] pci: rewrite devaddr parsing
Index(es):
- Date
- Thread