summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarkus Armbruster2020-04-22 15:07:09 +0200
committerMarkus Armbruster2020-04-29 08:01:52 +0200
commit9ec374a781c34daa6e70fcd885ef30e090cc2384 (patch)
treeab9586712a191596b64f3dbdc07816cd7e1b3f4b
parentcpus: Fix configure_icount() error API violation (diff)
downloadqemu-9ec374a781c34daa6e70fcd885ef30e090cc2384.tar.gz
qemu-9ec374a781c34daa6e70fcd885ef30e090cc2384.tar.xz
qemu-9ec374a781c34daa6e70fcd885ef30e090cc2384.zip
cpus: Proper range-checking for -icount shift=N
timers_state.icount_time_shift must be in [0,63] to avoid undefined behavior when shifting by it, e.g. in cpu_icount_to_ns(). icount_adjust() clamps it to [0,MAX_ICOUNT_SHIFT], with MAX_ICOUNT_SHIFT = 10. configure_icount() doesn't. Fix that. Fixes: a8bfac37085c3372366d722f131a7e18d664ee4d Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20200422130719.28225-5-armbru@redhat.com>
-rw-r--r--cpus.c7
1 files changed, 3 insertions, 4 deletions
diff --git a/cpus.c b/cpus.c
index 1b542b37f9..5670c96bcf 100644
--- a/cpus.c
+++ b/cpus.c
@@ -25,6 +25,7 @@
#include "qemu/osdep.h"
#include "qemu-common.h"
#include "qemu/config-file.h"
+#include "qemu/cutils.h"
#include "migration/vmstate.h"
#include "monitor/monitor.h"
#include "qapi/error.h"
@@ -801,7 +802,6 @@ void configure_icount(QemuOpts *opts, Error **errp)
bool sleep = qemu_opt_get_bool(opts, "sleep", true);
bool align = qemu_opt_get_bool(opts, "align", false);
long time_shift = -1;
- char *rem_str = NULL;
if (!option && qemu_opt_get(opts, "align")) {
error_setg(errp, "Please specify shift option when using align");
@@ -814,9 +814,8 @@ void configure_icount(QemuOpts *opts, Error **errp)
}
if (strcmp(option, "auto") != 0) {
- errno = 0;
- time_shift = strtol(option, &rem_str, 0);
- if (errno != 0 || *rem_str != '\0' || !strlen(option)) {
+ if (qemu_strtol(option, NULL, 0, &time_shift) < 0
+ || time_shift < 0 || time_shift > MAX_ICOUNT_SHIFT) {
error_setg(errp, "icount: Invalid shift value");
return;
}