From a5226789eaaedf06f50f2faf14b506c17deb5435 Mon Sep 17 00:00:00 2001 From: John Snow Date: Mon, 23 Nov 2015 17:38:37 +0100 Subject: [PATCH 18/27] qemu-io: fix cvtnum lval types RH-Author: John Snow Message-id: <1448300320-7772-19-git-send-email-jsnow@redhat.com> Patchwork-id: 68445 O-Subject: [RHEL-7.3 qemu-kvm PATCH v2 18/21] qemu-io: fix cvtnum lval types Bugzilla: 1272523 RH-Acked-by: Thomas Huth RH-Acked-by: Laszlo Ersek RH-Acked-by: Max Reitz cvtnum() returns int64_t: we should not be storing this result inside of an int. In a few cases, we need an extra sprinkling of error handling where we expect to pass this number on towards a function that expects something smaller than int64_t. Reported-by: Max Reitz Signed-off-by: John Snow Signed-off-by: Kevin Wolf (cherry picked from commit 9b0beaf3de1396a23d5c287283e6f36c4b5d4385) Signed-off-by: John Snow Signed-off-by: Miroslav Rezanina Conflicts: qemu-io-cmds.c: - Upstream uses blk_xxx commands, while downstream uses bdrv_xxx - Fixes to sigraise are not backported. Signed-off-by: John Snow --- qemu-io-cmds.c | 119 ++++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 84 insertions(+), 35 deletions(-) diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c index 1f21ce9..95345fe 100644 --- a/qemu-io-cmds.c +++ b/qemu-io-cmds.c @@ -282,9 +282,10 @@ static void qemu_io_free(void *p) qemu_vfree(p); } -static void dump_buffer(const void *buffer, int64_t offset, int len) +static void dump_buffer(const void *buffer, int64_t offset, int64_t len) { - int i, j; + uint64_t i; + int j; const uint8_t *p; for (i = 0, p = buffer; i < len; i += 16) { @@ -307,7 +308,7 @@ static void dump_buffer(const void *buffer, int64_t offset, int len) } static void print_report(const char *op, struct timeval *t, int64_t offset, - int count, int total, int cnt, int Cflag) + int64_t count, int64_t total, int cnt, int Cflag) { char s1[64], s2[64], ts[64]; @@ -315,12 +316,12 @@ static void print_report(const char *op, struct timeval *t, int64_t offset, if (!Cflag) { cvtstr((double)total, s1, sizeof(s1)); cvtstr(tdiv((double)total, *t), s2, sizeof(s2)); - printf("%s %d/%d bytes at offset %" PRId64 "\n", + printf("%s %"PRId64"/%"PRId64" bytes at offset %" PRId64 "\n", op, total, count, offset); printf("%s, %d ops; %s (%s/sec and %.4f ops/sec)\n", s1, cnt, ts, s2, tdiv((double)cnt, *t)); } else {/* bytes,ops,time,bytes/sec,ops/sec */ - printf("%d,%d,%s,%.3f,%.3f\n", + printf("%"PRId64",%d,%s,%.3f,%.3f\n", total, cnt, ts, tdiv((double)total, *t), tdiv((double)cnt, *t)); @@ -381,11 +382,15 @@ fail: return buf; } -static int do_read(BlockDriverState *bs, char *buf, int64_t offset, int count, - int *total) +static int do_read(BlockDriverState *bs, char *buf, int64_t offset, + int64_t count, int64_t *total) { int ret; + if (count >> 9 > INT_MAX) { + return -ERANGE; + } + ret = bdrv_read(bs, offset >> 9, (uint8_t *)buf, count >> 9); if (ret < 0) { return ret; @@ -394,11 +399,15 @@ static int do_read(BlockDriverState *bs, char *buf, int64_t offset, int count, return 1; } -static int do_write(BlockDriverState *bs, char *buf, int64_t offset, int count, - int *total) +static int do_write(BlockDriverState *bs, char *buf, int64_t offset, + int64_t count, int64_t *total) { int ret; + if (count >> 9 > INT_MAX) { + return -ERANGE; + } + ret = bdrv_write(bs, offset >> 9, (uint8_t *)buf, count >> 9); if (ret < 0) { return ret; @@ -407,9 +416,13 @@ static int do_write(BlockDriverState *bs, char *buf, int64_t offset, int count, return 1; } -static int do_pread(BlockDriverState *bs, char *buf, int64_t offset, int count, - int *total) +static int do_pread(BlockDriverState *bs, char *buf, int64_t offset, + int64_t count, int64_t *total) { + if (count > INT_MAX) { + return -ERANGE; + } + *total = bdrv_pread(bs, offset, (uint8_t *)buf, count); if (*total < 0) { return *total; @@ -417,9 +430,13 @@ static int do_pread(BlockDriverState *bs, char *buf, int64_t offset, int count, return 1; } -static int do_pwrite(BlockDriverState *bs, char *buf, int64_t offset, int count, - int *total) +static int do_pwrite(BlockDriverState *bs, char *buf, int64_t offset, + int64_t count, int64_t *total) { + if (count > INT_MAX) { + return -ERANGE; + } + *total = bdrv_pwrite(bs, offset, (uint8_t *)buf, count); if (*total < 0) { return *total; @@ -430,8 +447,8 @@ static int do_pwrite(BlockDriverState *bs, char *buf, int64_t offset, int count, typedef struct { BlockDriverState *bs; int64_t offset; - int count; - int *total; + int64_t count; + int64_t *total; int ret; bool done; } CoWriteZeroes; @@ -451,8 +468,8 @@ static void coroutine_fn co_write_zeroes_entry(void *opaque) *data->total = data->count; } -static int do_co_write_zeroes(BlockDriverState *bs, int64_t offset, int count, - int *total) +static int do_co_write_zeroes(BlockDriverState *bs, int64_t offset, + int64_t count, int64_t *total) { Coroutine *co; CoWriteZeroes data = { @@ -463,6 +480,10 @@ static int do_co_write_zeroes(BlockDriverState *bs, int64_t offset, int count, .done = false, }; + if (count >> BDRV_SECTOR_BITS > INT_MAX) { + return -ERANGE; + } + co = qemu_coroutine_create(co_write_zeroes_entry); qemu_coroutine_enter(co, &data); while (!data.done) { @@ -476,10 +497,14 @@ static int do_co_write_zeroes(BlockDriverState *bs, int64_t offset, int count, } static int do_write_compressed(BlockDriverState *bs, char *buf, int64_t offset, - int count, int *total) + int64_t count, int64_t *total) { int ret; + if (count >> 9 > INT_MAX) { + return -ERANGE; + } + ret = bdrv_write_compressed(bs, offset >> 9, (uint8_t *)buf, count >> 9); if (ret < 0) { return ret; @@ -489,8 +514,12 @@ static int do_write_compressed(BlockDriverState *bs, char *buf, int64_t offset, } static int do_load_vmstate(BlockDriverState *bs, char *buf, int64_t offset, - int count, int *total) + int64_t count, int64_t *total) { + if (count > INT_MAX) { + return -ERANGE; + } + *total = bdrv_load_vmstate(bs, (uint8_t *)buf, offset, count); if (*total < 0) { return *total; @@ -499,8 +528,12 @@ static int do_load_vmstate(BlockDriverState *bs, char *buf, int64_t offset, } static int do_save_vmstate(BlockDriverState *bs, char *buf, int64_t offset, - int count, int *total) + int64_t count, int64_t *total) { + if (count > INT_MAX) { + return -ERANGE; + } + *total = bdrv_save_vmstate(bs, (uint8_t *)buf, offset, count); if (*total < 0) { return *total; @@ -630,10 +663,11 @@ static int read_f(BlockDriverState *bs, int argc, char **argv) int c, cnt; char *buf; int64_t offset; - int count; + int64_t count; /* Some compilers get confused and warn if this is not initialized. */ - int total = 0; - int pattern = 0, pattern_offset = 0, pattern_count = 0; + int64_t total = 0; + int pattern = 0; + int64_t pattern_offset = 0, pattern_count = 0; while ((c = getopt(argc, argv, "bCl:pP:qs:v")) != EOF) { switch (c) { @@ -700,6 +734,10 @@ static int read_f(BlockDriverState *bs, int argc, char **argv) if (count < 0) { printf("non-numeric length argument -- %s\n", argv[optind]); return 0; + } else if (count > SIZE_MAX) { + printf("length cannot exceed %" PRIu64 ", given %s\n", + (uint64_t) SIZE_MAX, argv[optind]); + return 0; } if (!Pflag && (lflag || sflag)) { @@ -722,7 +760,7 @@ static int read_f(BlockDriverState *bs, int argc, char **argv) return 0; } if (count & 0x1ff) { - printf("count %d is not sector aligned\n", + printf("count %"PRId64" is not sector aligned\n", count); return 0; } @@ -750,7 +788,7 @@ static int read_f(BlockDriverState *bs, int argc, char **argv) memset(cmp_buf, pattern, pattern_count); if (memcmp(buf + pattern_offset, cmp_buf, pattern_count)) { printf("Pattern verification failed at offset %" - PRId64 ", %d bytes\n", + PRId64 ", %"PRId64" bytes\n", offset + pattern_offset, pattern_count); } g_free(cmp_buf); @@ -945,9 +983,9 @@ static int write_f(BlockDriverState *bs, int argc, char **argv) int c, cnt; char *buf = NULL; int64_t offset; - int count; + int64_t count; /* Some compilers get confused and warn if this is not initialized. */ - int total = 0; + int64_t total = 0; int pattern = 0xcd; while ((c = getopt(argc, argv, "bcCpP:qz")) != EOF) { @@ -1007,6 +1045,10 @@ static int write_f(BlockDriverState *bs, int argc, char **argv) if (count < 0) { printf("non-numeric length argument -- %s\n", argv[optind]); return 0; + } else if (count > SIZE_MAX) { + printf("length cannot exceed %" PRIu64 ", given %s\n", + (uint64_t) SIZE_MAX, argv[optind]); + return 0; } if (!pflag) { @@ -1017,7 +1059,7 @@ static int write_f(BlockDriverState *bs, int argc, char **argv) } if (count & 0x1ff) { - printf("count %d is not sector aligned\n", + printf("count %"PRId64" is not sector aligned\n", count); return 0; } @@ -1752,8 +1794,7 @@ static int discard_f(BlockDriverState *bs, int argc, char **argv) struct timeval t1, t2; int Cflag = 0, qflag = 0; int c, ret; - int64_t offset; - int count; + int64_t offset, count; while ((c = getopt(argc, argv, "Cq")) != EOF) { switch (c) { @@ -1783,6 +1824,11 @@ static int discard_f(BlockDriverState *bs, int argc, char **argv) if (count < 0) { printf("non-numeric length argument -- %s\n", argv[optind]); return 0; + } else if (count >> BDRV_SECTOR_BITS > INT_MAX) { + printf("length cannot exceed %"PRIu64", given %s\n", + (uint64_t)INT_MAX << BDRV_SECTOR_BITS, + argv[optind]); + return 0; } gettimeofday(&t1, NULL); @@ -1807,11 +1853,10 @@ out: static int alloc_f(BlockDriverState *bs, int argc, char **argv) { - int64_t offset, sector_num; - int nb_sectors, remaining; + int64_t offset, sector_num, nb_sectors, remaining; char s1[64]; - int num, sum_alloc; - int ret; + int num, ret; + int64_t sum_alloc; offset = cvtnum(argv[1]); if (offset < 0) { @@ -1828,6 +1873,10 @@ static int alloc_f(BlockDriverState *bs, int argc, char **argv) if (nb_sectors < 0) { printf("non-numeric length argument -- %s\n", argv[2]); return 0; + } else if (nb_sectors > INT_MAX) { + printf("length argument cannot exceed %d, given %s\n", + INT_MAX, argv[2]); + return 0; } } else { nb_sectors = 1; @@ -1855,7 +1904,7 @@ static int alloc_f(BlockDriverState *bs, int argc, char **argv) cvtstr(offset, s1, sizeof(s1)); - printf("%d/%d sectors allocated at offset %s\n", + printf("%"PRId64"/%"PRId64" sectors allocated at offset %s\n", sum_alloc, nb_sectors, s1); return 0; } -- 1.8.3.1