diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2018-07-30 09:55:47 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2018-07-30 09:55:47 +0100 |
| commit | 6d9dd5fb9d0e9f4a174f53a0e20a39fbe809c71e (patch) | |
| tree | a60591188270f2ec5ade8eef780b26da5ddf0efd | |
| parent | 18a398f6a39df4b08ff86ac0d38384193ca5f4cc (diff) | |
| parent | ba891d68b4ff17faaea3d3a8bfd82af3eed0a134 (diff) | |
Merge remote-tracking branch 'remotes/armbru/tags/pull-qobject-2018-07-27-v2' into staging
QObject patches for 2018-07-27 (3.0.0-rc3)
# gpg: Signature made Sat 28 Jul 2018 08:10:39 BST
# gpg: using RSA key 3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653
* remotes/armbru/tags/pull-qobject-2018-07-27-v2:
qstring: Move qstring_from_substr()'s @end one to the right
qstring: Assert size calculations don't overflow
qstring: Fix qstring_from_substr() not to provoke int overflow
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| -rw-r--r-- | block/blkdebug.c | 2 | ||||
| -rw-r--r-- | block/blkverify.c | 2 | ||||
| -rw-r--r-- | block/nbd.c | 2 | ||||
| -rw-r--r-- | include/qapi/qmp/qstring.h | 2 | ||||
| -rw-r--r-- | qobject/qstring.c | 12 | ||||
| -rw-r--r-- | tests/check-qobject.c | 2 | ||||
| -rw-r--r-- | tests/check-qstring.c | 2 |
7 files changed, 14 insertions, 10 deletions
diff --git a/block/blkdebug.c b/block/blkdebug.c index 0457bf5b66..0759452925 100644 --- a/block/blkdebug.c +++ b/block/blkdebug.c @@ -305,7 +305,7 @@ static void blkdebug_parse_filename(const char *filename, QDict *options, if (c != filename) { QString *config_path; - config_path = qstring_from_substr(filename, 0, c - filename - 1); + config_path = qstring_from_substr(filename, 0, c - filename); qdict_put(options, "config", config_path); } diff --git a/block/blkverify.c b/block/blkverify.c index da97ee5927..89bf4386e3 100644 --- a/block/blkverify.c +++ b/block/blkverify.c @@ -80,7 +80,7 @@ static void blkverify_parse_filename(const char *filename, QDict *options, } /* TODO Implement option pass-through and set raw.filename here */ - raw_path = qstring_from_substr(filename, 0, c - filename - 1); + raw_path = qstring_from_substr(filename, 0, c - filename); qdict_put(options, "x-raw", raw_path); /* TODO Allow multi-level nesting and set file.filename here */ diff --git a/block/nbd.c b/block/nbd.c index b198ad775f..e87699fb73 100644 --- a/block/nbd.c +++ b/block/nbd.c @@ -109,7 +109,7 @@ static int nbd_parse_uri(const char *filename, QDict *options) /* strip braces from literal IPv6 address */ if (uri->server[0] == '[') { host = qstring_from_substr(uri->server, 1, - strlen(uri->server) - 2); + strlen(uri->server) - 1); } else { host = qstring_from_str(uri->server); } diff --git a/include/qapi/qmp/qstring.h b/include/qapi/qmp/qstring.h index b3b3d444d2..3e83e3a95d 100644 --- a/include/qapi/qmp/qstring.h +++ b/include/qapi/qmp/qstring.h @@ -24,7 +24,7 @@ struct QString { QString *qstring_new(void); QString *qstring_from_str(const char *str); -QString *qstring_from_substr(const char *str, int start, int end); +QString *qstring_from_substr(const char *str, size_t start, size_t end); size_t qstring_get_length(const QString *qstring); const char *qstring_get_str(const QString *qstring); const char *qstring_get_try_str(const QString *qstring); diff --git a/qobject/qstring.c b/qobject/qstring.c index afca54b47a..0f1510e792 100644 --- a/qobject/qstring.c +++ b/qobject/qstring.c @@ -37,21 +37,23 @@ size_t qstring_get_length(const QString *qstring) * * Return string reference */ -QString *qstring_from_substr(const char *str, int start, int end) +QString *qstring_from_substr(const char *str, size_t start, size_t end) { QString *qstring; + assert(start <= end); + qstring = g_malloc(sizeof(*qstring)); qobject_init(QOBJECT(qstring), QTYPE_QSTRING); - qstring->length = end - start + 1; + qstring->length = end - start; qstring->capacity = qstring->length; + assert(qstring->capacity < SIZE_MAX); qstring->string = g_malloc(qstring->capacity + 1); memcpy(qstring->string, str + start, qstring->length); qstring->string[qstring->length] = 0; - return qstring; } @@ -62,13 +64,15 @@ QString *qstring_from_substr(const char *str, int start, int end) */ QString *qstring_from_str(const char *str) { - return qstring_from_substr(str, 0, strlen(str) - 1); + return qstring_from_substr(str, 0, strlen(str)); } static void capacity_increase(QString *qstring, size_t len) { if (qstring->capacity < (qstring->length + len)) { + assert(len <= SIZE_MAX - qstring->capacity); qstring->capacity += len; + assert(qstring->capacity <= SIZE_MAX / 2); qstring->capacity *= 2; /* use exponential growth */ qstring->string = g_realloc(qstring->string, qstring->capacity + 1); diff --git a/tests/check-qobject.c b/tests/check-qobject.c index 16ccbde82c..593c3a0618 100644 --- a/tests/check-qobject.c +++ b/tests/check-qobject.c @@ -154,7 +154,7 @@ static void qobject_is_equal_string_test(void) str_case = qstring_from_str("Foo"); /* Should yield "foo" */ - str_built = qstring_from_substr("form", 0, 1); + str_built = qstring_from_substr("form", 0, 2); qstring_append_chr(str_built, 'o'); check_unequal(str_base, str_whitespace_0, str_whitespace_1, diff --git a/tests/check-qstring.c b/tests/check-qstring.c index f11a7a8605..2d079921e3 100644 --- a/tests/check-qstring.c +++ b/tests/check-qstring.c @@ -66,7 +66,7 @@ static void qstring_from_substr_test(void) { QString *qs; - qs = qstring_from_substr("virtualization", 3, 9); + qs = qstring_from_substr("virtualization", 3, 10); g_assert(qs != NULL); g_assert(strcmp(qstring_get_str(qs), "tualiza") == 0); |