Luiz Capitulino <lcapitul...@redhat.com> writes:
> It's not checked currently, so something like:
>
> (qemu) balloon -100000000000001111114334234
> (qemu)
>
> Will just "work" (in this case the balloon command will get a random
> value).
>
> Fix it by checking if strtoul()/strtoull() overflowed.
>
> Signed-off-by: Luiz Capitulino <lcapitul...@redhat.com>
> ---
> monitor.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/monitor.c b/monitor.c
> index 8946a10..56ee971 100644
> --- a/monitor.c
> +++ b/monitor.c
> @@ -3120,10 +3120,17 @@ static int64_t expr_unary(Monitor *mon)
> n = 0;
> break;
> default:
> + errno = 0;
> #if TARGET_PHYS_ADDR_BITS > 32
> n = strtoull(pch, &p, 0);
> + if (n == ULLONG_MAX && errno == ERANGE) {
> + expr_error(mon, "number too large");
> + }
> #else
> n = strtoul(pch, &p, 0);
> + if (n == ULONG_MAX && errno == ERANGE) {
> + expr_error(mon, "number too large");
> + }
> #endif
> if (pch == p) {
> expr_error(mon, "invalid char in expression");
Roundabout way to do
+ errno = 0;
#if TARGET_PHYS_ADDR_BITS > 32
n = strtoull(pch, &p, 0);
#else
n = strtoul(pch, &p, 0);
#endif
+ if (errno == ERANGE) {
+ expr_error(mon, "number too large");
+ }
if (pch == p) {
expr_error(mon, "invalid char in expression");
