x86/cpuid: Tighten parsing of tsc_freq=FREQ

cpu_x86_find_by_name() uses strtosz_suffix_unit(), but screws up the error checking. It detects some failures, but not all. Undetected failures result in a zero tsc_khz value (error value -1 divided by 1000), which means "no tsc_freq set". To reproduce, try "-cpu qemu64,tsc_freq=9999999T". strtosz_suffix_unit() fails, because the value overflows int64_t, Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
author: Markus Armbruster 2011-11-22 09:46:04 +0100
committer: Anthony Liguori 2011-11-28 23:20:52 +0100
commit: 45009a3087b4acd8b1c91fcd0b1ee723ac3b0aec (patch)
tree: 099d7eb5b00d02ea24d403d6c3ccb5327a2e82ce /target-i386
parent: vl: Tighten parsing of -m argument (diff)
download: qemu-45009a3087b4acd8b1c91fcd0b1ee723ac3b0aec.tar.gz
qemu-45009a3087b4acd8b1c91fcd0b1ee723ac3b0aec.tar.xz
qemu-45009a3087b4acd8b1c91fcd0b1ee723ac3b0aec.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/target-i386/cpuid.c b/target-i386/cpuid.c
index 9fc9769edd..0b3af9060c 100644
--- a/target-i386/cpuid.c
+++ b/target-i386/cpuid.c
@@ -711,7 +711,7 @@ static int cpu_x86_find_by_name(x86_def_t *x86_cpu_def, const char *cpu_model)
 
                 tsc_freq = strtosz_suffix_unit(val, &err,
                                                STRTOSZ_DEFSUFFIX_B, 1000);
-                if (!*val || *err) {
+                if (tsc_freq < 0 || *err) {
                     fprintf(stderr, "bad numerical value %s\n", val);
                     goto error;
                 }
author	Markus Armbruster	2011-11-22 09:46:04 +0100
committer	Anthony Liguori	2011-11-28 23:20:52 +0100
commit	45009a3087b4acd8b1c91fcd0b1ee723ac3b0aec (patch)
tree	099d7eb5b00d02ea24d403d6c3ccb5327a2e82ce /target-i386
parent	vl: Tighten parsing of -m argument (diff)
download	qemu-45009a3087b4acd8b1c91fcd0b1ee723ac3b0aec.tar.gz qemu-45009a3087b4acd8b1c91fcd0b1ee723ac3b0aec.tar.xz qemu-45009a3087b4acd8b1c91fcd0b1ee723ac3b0aec.zip