On 4/18/19 4:53 PM, Markus Armbruster wrote: > parse_acl_file() passes char values to isspace(). Undefined behavior > when the value is negative. Not a security issue, because the > characters come from trusted $prefix/etc/qemu/bridge.conf and the > files it includes. > > Fix by using qemu_isspace() instead.
Can we use g_ascii_isspace() and remove qemu_isspace()? > Signed-off-by: Markus Armbruster <[email protected]> > --- > qemu-bridge-helper.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c > index 5396fbfbb6..0d60c07655 100644 > --- a/qemu-bridge-helper.c > +++ b/qemu-bridge-helper.c > @@ -29,6 +29,7 @@ > #include <linux/if_bridge.h> > #endif > > +#include "qemu-common.h" > #include "qemu/queue.h" > > #include "net/tap-linux.h" > @@ -75,7 +76,7 @@ static int parse_acl_file(const char *filename, ACLList > *acl_list) > char *ptr = line; > char *cmd, *arg, *argend; > > - while (isspace(*ptr)) { > + while (qemu_isspace(*ptr)) { > ptr++; > } > > @@ -99,12 +100,12 @@ static int parse_acl_file(const char *filename, ACLList > *acl_list) > > *arg = 0; > arg++; > - while (isspace(*arg)) { > + while (qemu_isspace(*arg)) { > arg++; > } > > argend = arg + strlen(arg); > - while (arg != argend && isspace(*(argend - 1))) { > + while (arg != argend && qemu_isspace(*(argend - 1))) { > argend--; > } > *argend = 0; >
