[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] ad63c5: qstring: Fix qstring_from_substr() no
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] ad63c5: qstring: Fix qstring_from_substr() not to provoke ... |
|
Date: |
Mon, 30 Jul 2018 02:24:26 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: ad63c549ecd4af4a22a675a815edeb06b0e7bb6e
https://github.com/qemu/qemu/commit/ad63c549ecd4af4a22a675a815edeb06b0e7bb6e
Author: liujunjie <address@hidden>
Date: 2018-07-28 (Sat, 28 Jul 2018)
Changed paths:
M include/qapi/qmp/qstring.h
M qobject/qstring.c
Log Message:
-----------
qstring: Fix qstring_from_substr() not to provoke int overflow
qstring_from_substr() parameters @start and @end are of type int.
blkdebug_parse_filename(), blkverify_parse_filename(), nbd_parse_uri(),
and qstring_from_str() pass @end values of type size_t or ptrdiff_t.
Values exceeding INT_MAX get truncated, with possibly disastrous
results.
Such huge substrings seem unlikely, but we found one in a core dump,
where "info tlb" executed via QMP's human-monitor-command apparently
produced 35 GiB of output.
Fix by changing the parameters size_t.
Signed-off-by: liujunjie <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Markus Armbruster <address@hidden>
Signed-off-by: Markus Armbruster <address@hidden>
Commit: b65ab77b3afadd7bb3051b341a5258ff7fb9d246
https://github.com/qemu/qemu/commit/b65ab77b3afadd7bb3051b341a5258ff7fb9d246
Author: Markus Armbruster <address@hidden>
Date: 2018-07-28 (Sat, 28 Jul 2018)
Changed paths:
M qobject/qstring.c
Log Message:
-----------
qstring: Assert size calculations don't overflow
Signed-off-by: Markus Armbruster <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Commit: ba891d68b4ff17faaea3d3a8bfd82af3eed0a134
https://github.com/qemu/qemu/commit/ba891d68b4ff17faaea3d3a8bfd82af3eed0a134
Author: Markus Armbruster <address@hidden>
Date: 2018-07-28 (Sat, 28 Jul 2018)
Changed paths:
M block/blkdebug.c
M block/blkverify.c
M block/nbd.c
M qobject/qstring.c
M tests/check-qobject.c
M tests/check-qstring.c
Log Message:
-----------
qstring: Move qstring_from_substr()'s @end one to the right
qstring_from_substr() takes the index of the substring's first and
last character. qstring_from_substr(s, 0, SIZE_MAX) denotes an empty
substring. Awkward.
Shift the end index one to the right. This simplifies both
qstring_from_substr() and its callers.
Signed-off-by: Markus Armbruster <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Message-Id: <address@hidden>
Commit: 6d9dd5fb9d0e9f4a174f53a0e20a39fbe809c71e
https://github.com/qemu/qemu/commit/6d9dd5fb9d0e9f4a174f53a0e20a39fbe809c71e
Author: Peter Maydell <address@hidden>
Date: 2018-07-30 (Mon, 30 Jul 2018)
Changed paths:
M block/blkdebug.c
M block/blkverify.c
M block/nbd.c
M include/qapi/qmp/qstring.h
M qobject/qstring.c
M tests/check-qobject.c
M tests/check-qstring.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/armbru/tags/pull-qobject-2018-07-27-v2'
into staging
QObject patches for 2018-07-27 (3.0.0-rc3)
# gpg: Signature made Sat 28 Jul 2018 08:10:39 BST
# gpg: using RSA key 3870B400EB918653
# gpg: Good signature from "Markus Armbruster <address@hidden>"
# gpg: aka "Markus Armbruster <address@hidden>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653
* remotes/armbru/tags/pull-qobject-2018-07-27-v2:
qstring: Move qstring_from_substr()'s @end one to the right
qstring: Assert size calculations don't overflow
qstring: Fix qstring_from_substr() not to provoke int overflow
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/18a398f6a39d...6d9dd5fb9d0e
**NOTE:** This service has been marked for deprecation:
https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] ad63c5: qstring: Fix qstring_from_substr() not to provoke ...,
GitHub <=