aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2018-07-30 09:55:47 +0100
committerPeter Maydell <peter.maydell@linaro.org>2018-07-30 09:55:47 +0100
commit6d9dd5fb9d0e9f4a174f53a0e20a39fbe809c71e (patch)
treea60591188270f2ec5ade8eef780b26da5ddf0efd
parent18a398f6a39df4b08ff86ac0d38384193ca5f4cc (diff)
parentba891d68b4ff17faaea3d3a8bfd82af3eed0a134 (diff)
downloadqemu-arm-6d9dd5fb9d0e9f4a174f53a0e20a39fbe809c71e.tar.gz
Merge remote-tracking branch 'remotes/armbru/tags/pull-qobject-2018-07-27-v2' into staging
QObject patches for 2018-07-27 (3.0.0-rc3) # gpg: Signature made Sat 28 Jul 2018 08:10:39 BST # gpg: using RSA key 3870B400EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-qobject-2018-07-27-v2: qstring: Move qstring_from_substr()'s @end one to the right qstring: Assert size calculations don't overflow qstring: Fix qstring_from_substr() not to provoke int overflow Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-rw-r--r--block/blkdebug.c2
-rw-r--r--block/blkverify.c2
-rw-r--r--block/nbd.c2
-rw-r--r--include/qapi/qmp/qstring.h2
-rw-r--r--qobject/qstring.c12
-rw-r--r--tests/check-qobject.c2
-rw-r--r--tests/check-qstring.c2
7 files changed, 14 insertions, 10 deletions
diff --git a/block/blkdebug.c b/block/blkdebug.c
index 0457bf5b66..0759452925 100644
--- a/block/blkdebug.c
+++ b/block/blkdebug.c
@@ -305,7 +305,7 @@ static void blkdebug_parse_filename(const char *filename, QDict *options,
if (c != filename) {
QString *config_path;
- config_path = qstring_from_substr(filename, 0, c - filename - 1);
+ config_path = qstring_from_substr(filename, 0, c - filename);
qdict_put(options, "config", config_path);
}
diff --git a/block/blkverify.c b/block/blkverify.c
index da97ee5927..89bf4386e3 100644
--- a/block/blkverify.c
+++ b/block/blkverify.c
@@ -80,7 +80,7 @@ static void blkverify_parse_filename(const char *filename, QDict *options,
}
/* TODO Implement option pass-through and set raw.filename here */
- raw_path = qstring_from_substr(filename, 0, c - filename - 1);
+ raw_path = qstring_from_substr(filename, 0, c - filename);
qdict_put(options, "x-raw", raw_path);
/* TODO Allow multi-level nesting and set file.filename here */
diff --git a/block/nbd.c b/block/nbd.c
index b198ad775f..e87699fb73 100644
--- a/block/nbd.c
+++ b/block/nbd.c
@@ -109,7 +109,7 @@ static int nbd_parse_uri(const char *filename, QDict *options)
/* strip braces from literal IPv6 address */
if (uri->server[0] == '[') {
host = qstring_from_substr(uri->server, 1,
- strlen(uri->server) - 2);
+ strlen(uri->server) - 1);
} else {
host = qstring_from_str(uri->server);
}
diff --git a/include/qapi/qmp/qstring.h b/include/qapi/qmp/qstring.h
index b3b3d444d2..3e83e3a95d 100644
--- a/include/qapi/qmp/qstring.h
+++ b/include/qapi/qmp/qstring.h
@@ -24,7 +24,7 @@ struct QString {
QString *qstring_new(void);
QString *qstring_from_str(const char *str);
-QString *qstring_from_substr(const char *str, int start, int end);
+QString *qstring_from_substr(const char *str, size_t start, size_t end);
size_t qstring_get_length(const QString *qstring);
const char *qstring_get_str(const QString *qstring);
const char *qstring_get_try_str(const QString *qstring);
diff --git a/qobject/qstring.c b/qobject/qstring.c
index afca54b47a..0f1510e792 100644
--- a/qobject/qstring.c
+++ b/qobject/qstring.c
@@ -37,21 +37,23 @@ size_t qstring_get_length(const QString *qstring)
*
* Return string reference
*/
-QString *qstring_from_substr(const char *str, int start, int end)
+QString *qstring_from_substr(const char *str, size_t start, size_t end)
{
QString *qstring;
+ assert(start <= end);
+
qstring = g_malloc(sizeof(*qstring));
qobject_init(QOBJECT(qstring), QTYPE_QSTRING);
- qstring->length = end - start + 1;
+ qstring->length = end - start;
qstring->capacity = qstring->length;
+ assert(qstring->capacity < SIZE_MAX);
qstring->string = g_malloc(qstring->capacity + 1);
memcpy(qstring->string, str + start, qstring->length);
qstring->string[qstring->length] = 0;
-
return qstring;
}
@@ -62,13 +64,15 @@ QString *qstring_from_substr(const char *str, int start, int end)
*/
QString *qstring_from_str(const char *str)
{
- return qstring_from_substr(str, 0, strlen(str) - 1);
+ return qstring_from_substr(str, 0, strlen(str));
}
static void capacity_increase(QString *qstring, size_t len)
{
if (qstring->capacity < (qstring->length + len)) {
+ assert(len <= SIZE_MAX - qstring->capacity);
qstring->capacity += len;
+ assert(qstring->capacity <= SIZE_MAX / 2);
qstring->capacity *= 2; /* use exponential growth */
qstring->string = g_realloc(qstring->string, qstring->capacity + 1);
diff --git a/tests/check-qobject.c b/tests/check-qobject.c
index 16ccbde82c..593c3a0618 100644
--- a/tests/check-qobject.c
+++ b/tests/check-qobject.c
@@ -154,7 +154,7 @@ static void qobject_is_equal_string_test(void)
str_case = qstring_from_str("Foo");
/* Should yield "foo" */
- str_built = qstring_from_substr("form", 0, 1);
+ str_built = qstring_from_substr("form", 0, 2);
qstring_append_chr(str_built, 'o');
check_unequal(str_base, str_whitespace_0, str_whitespace_1,
diff --git a/tests/check-qstring.c b/tests/check-qstring.c
index f11a7a8605..2d079921e3 100644
--- a/tests/check-qstring.c
+++ b/tests/check-qstring.c
@@ -66,7 +66,7 @@ static void qstring_from_substr_test(void)
{
QString *qs;
- qs = qstring_from_substr("virtualization", 3, 9);
+ qs = qstring_from_substr("virtualization", 3, 10);
g_assert(qs != NULL);
g_assert(strcmp(qstring_get_str(qs), "tualiza") == 0);