strtoul(l) might overflow, in which case it'll return '-1' and set the appropriate error code. So update the calls to strtoul(l) when parsing hex properties to avoid silent overflows.
Cc: Peter Maydell <peter.mayd...@linaro.org> Cc: Eric Blake <ebl...@redhat.com> Signed-off-by: Hannes Reinecke <h...@suse.de> --- hw/core/qdev-properties.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hw/core/qdev-properties.c b/hw/core/qdev-properties.c index dc8ae69..5a94c04 100644 --- a/hw/core/qdev-properties.c +++ b/hw/core/qdev-properties.c @@ -198,7 +198,10 @@ static int parse_hex8(DeviceState *dev, Property *prop, const char *str) return -EINVAL; } + errno = 0; *ptr = strtoul(str, &end, 16); + if (errno) + return -errno; if ((*end != '\0') || (end == str)) { return -EINVAL; } @@ -329,7 +332,10 @@ static int parse_hex32(DeviceState *dev, Property *prop, const char *str) return -EINVAL; } + errno = 0; *ptr = strtoul(str, &end, 16); + if (errno) + return -errno; if ((*end != '\0') || (end == str)) { return -EINVAL; } @@ -396,7 +402,10 @@ static int parse_hex64(DeviceState *dev, Property *prop, const char *str) return -EINVAL; } + errno = 0; *ptr = strtoull(str, &end, 16); + if (errno) + return -errno; if ((*end != '\0') || (end == str)) { return -EINVAL; } -- 1.8.1.4