The function qemu_strtoul() reads 'unsigned long' sized data,
which is larger than uint32_t on 64-bit machines.
Even though the snap_id field in the header is 32-bits, we must
accomodate the full size in qemu_strtoul().
This patch also adds more meaningful error handling to the
qemu_strtoul() call, and subsequent results.
Reported-by: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Jeff Cody <jc...@redhat.com>
---
block/sheepdog.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/block/sheepdog.c b/block/sheepdog.c
index 8739acc..418f6ba 100644
--- a/block/sheepdog.c
+++ b/block/sheepdog.c
@@ -2543,7 +2543,7 @@ static int sd_snapshot_delete(BlockDriverState *bs,
const char *name,
Error **errp)
{
- uint32_t snap_id = 0;
+ unsigned long snap_id = 0;
char snap_tag[SD_MAX_VDI_TAG_LEN];
Error *local_err = NULL;
int fd, ret;
@@ -2565,12 +2565,22 @@ static int sd_snapshot_delete(BlockDriverState *bs,
memset(buf, 0, sizeof(buf));
memset(snap_tag, 0, sizeof(snap_tag));
pstrcpy(buf, SD_MAX_VDI_LEN, s->name);
- if (qemu_strtoul(snapshot_id, NULL, 10, (unsigned long *)&snap_id)) {
- return -1;
+ ret = qemu_strtoul(snapshot_id, NULL, 10, &snap_id);
+ if (ret) {
+ error_setg_errno(errp, -ret, "Invalid snapshot ID: %s",
+ snapshot_id ? snapshot_id : "<null>");
+ return ret;
+ }
+
+ if (snap_id > UINT32_MAX) {
+ error_setg_errno(errp, EINVAL, "Snapshot ID numeric value %" PRId64
+ " exceeds Sheepdog maximum of %" PRId32, snap_id,
+ UINT32_MAX);
+ return -EINVAL;
}
if (snap_id) {
- hdr.snapid = snap_id;
+ hdr.snapid = (uint32_t) snap_id;
} else {
pstrcpy(snap_tag, sizeof(snap_tag), snapshot_id);
pstrcpy(buf + SD_MAX_VDI_LEN, SD_MAX_VDI_TAG_LEN, snap_tag);
--
1.9.3
