strtoul(l) might overflow, in which case it'll return '-1' and set
the appropriate error code. So update the calls to strtoul(l) when
parsing hex properties to avoid silent overflows.
Cc: Peter Maydell <peter.mayd...@linaro.org>
Cc: Eric Blake <ebl...@redhat.com>
Signed-off-by: Hannes Reinecke <h...@suse.de>
---
hw/core/qdev-properties.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/hw/core/qdev-properties.c b/hw/core/qdev-properties.c
index dc8ae69..5a94c04 100644
--- a/hw/core/qdev-properties.c
+++ b/hw/core/qdev-properties.c
@@ -198,7 +198,10 @@ static int parse_hex8(DeviceState *dev, Property *prop,
const char *str)
return -EINVAL;
}
+ errno = 0;
*ptr = strtoul(str, &end, 16);
+ if (errno)
+ return -errno;
if ((*end != '\0') || (end == str)) {
return -EINVAL;
}
@@ -329,7 +332,10 @@ static int parse_hex32(DeviceState *dev, Property *prop,
const char *str)
return -EINVAL;
}
+ errno = 0;
*ptr = strtoul(str, &end, 16);
+ if (errno)
+ return -errno;
if ((*end != '\0') || (end == str)) {
return -EINVAL;
}
@@ -396,7 +402,10 @@ static int parse_hex64(DeviceState *dev, Property *prop,
const char *str)
return -EINVAL;
}
+ errno = 0;
*ptr = strtoull(str, &end, 16);
+ if (errno)
+ return -errno;
if ((*end != '\0') || (end == str)) {
return -EINVAL;
}
--
1.8.1.4
