On Wed, May 26, 2010 at 12:28:13PM +0200, Kevin Wolf wrote: > scanf calls must not use PRI constants, they have probably the wrong size and > corrupt memory. We could replace them by SCN ones, but strtol is simpler than > scanf here anyway. While at it, also fix the parsers to reject garbage after > the number ("4096xyz" was accepted before). > > Signed-off-by: Kevin Wolf <kw...@redhat.com> > --- > hw/qdev-properties.c | 50 > +++++++++++++++++++++++++++++++++++--------------- > 1 files changed, 35 insertions(+), 15 deletions(-) > > diff --git a/hw/qdev-properties.c b/hw/qdev-properties.c > index 9ffdba7..9a61ca2 100644 > --- a/hw/qdev-properties.c > +++ b/hw/qdev-properties.c > @@ -68,12 +68,14 @@ PropertyInfo qdev_prop_bit = { > static int parse_uint8(DeviceState *dev, Property *prop, const char *str) > { > uint8_t *ptr = qdev_get_prop_ptr(dev, prop); > - const char *fmt; > + char *end; > > /* accept both hex and decimal */ > - fmt = strncasecmp(str, "0x",2) == 0 ? "%" PRIx8 : "%" PRIu8; > - if (sscanf(str, fmt, ptr) != 1) > + *ptr = strtoul(str, &end, 0); > + if (end != str + strlen(str)) { > return -EINVAL; > + }
I think you can avoid the O(n) operation here & in the other cases with a test like this: if ((end == str) || (*end != '\0')) return -EINVAL Regards, Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|