Kevin Wolf <[email protected]> writes: > Am 02.03.2017 um 22:43 hat Markus Armbruster geschrieben: >> sd_parse_uri() and sd_snapshot_goto() screw up error checking after >> strtoul(), and truncate long tag names silently. Fix by replacing >> those parts by new sd_parse_snapid_or_tag(), which checks more >> carefully. >> >> sd_snapshot_delete() also parses snapshot IDs, but is currently too >> broken for me to touch. Mark TODO. >> >> Two calls of strtol() without error checking remain in >> parse_redundancy(). Mark them FIXME. >> >> More silent truncation of configuration strings remains elsewhere. >> Not marked. >> >> Signed-off-by: Markus Armbruster <[email protected]> >> --- >> block/sheepdog.c | 66 >> ++++++++++++++++++++++++++++++++++++++++++++++---------- >> 1 file changed, 55 insertions(+), 11 deletions(-) >> >> diff --git a/block/sheepdog.c b/block/sheepdog.c >> index 5554f47..deb110e 100644 >> --- a/block/sheepdog.c >> +++ b/block/sheepdog.c >> @@ -914,6 +914,49 @@ static int get_sheep_fd(BDRVSheepdogState *s, Error >> **errp) >> return fd; >> } >> >> +/* >> + * Parse numeric snapshot ID in @str >> + * If @str can't be parsed as number, return false. >> + * Else, if the number is zero or too large, set *@snapid to zero and >> + * return true. >> + * Else, set *@snapid to the number and return true. >> + */ >> +static bool sd_parse_snapid(const char *str, uint32_t *snapid) >> +{ >> + unsigned long ul; >> + int ret; >> + >> + ret = qemu_strtoul(str, NULL, 10, &ul); >> + if (ret == -ERANGE) { >> + ul = ret = 0; >> + } >> + if (ret) { >> + return false; >> + } >> + if (ul > UINT32_MAX) { >> + ul = 0; >> + } >> + >> + *snapid = ul; > > Redundant space.
Will clean up. >> + return true; >> +} > > Looks good otherwise. > > Kevin Thanks!
