We call strtoull(3) to parse a string to int. the range we can accept
with our local variable "int64_t n" is (-9223372036854775808 ~
9223372036854775807), but strtoull(3) can return (0 ~
18446744073709551615UL).
So when we pass a int from HMP within the range of 9223372036854775808 ~
18446744073709551615, it's safely converted and implicitly casted to
int64_t, so n is assigned a negative value, silently, which is
incorrect. We can verify this by
(HMP) block_set_io_throttle ide0-hd0 999999999999999999 0 0 0 0 0
(HMP) block_set_io_throttle ide0-hd0 9999999999999999999 0 0 0 0 0
bps and iops values must be 0 or greater
(HMP) block_set_io_throttle ide0-hd0 99999999999999999999 0 0 0 0 0
number too large
The first command succeeds, the second is reporting a negative value
error, the third command has correct prompt.
Fix it by calling strtoll instead, which will report ERANGE as expected.
(HMP) block_set_io_throttle ide0-hd0 999999999999999999 0 0 0 0 0
(HMP) block_set_io_throttle ide0-hd0 9999999999999999999 0 0 0 0 0
number too large
(HMP) block_set_io_throttle ide0-hd0 99999999999999999999 0 0 0 0 0
number too large
Signed-off-by: Fam Zheng <f...@redhat.com>
---
monitor.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/monitor.c b/monitor.c
index 5dc0aa9..7bfb469 100644
--- a/monitor.c
+++ b/monitor.c
@@ -3286,7 +3286,7 @@ static int64_t expr_unary(Monitor *mon)
break;
default:
errno = 0;
- n = strtoull(pch, &p, 0);
+ n = strtoll(pch, &p, 0);
if (errno == ERANGE) {
expr_error(mon, "number too large");
}
--
1.8.3.4
