When parsing the -smp option, check if the values (that can be anywhere
in the [0, UINT64_MAX] range) are in the int range before setting the
int globals smp_cpus, max_cpus, smp_cores, smp_threads.
Without this, it was posbible to make smp_cpus and max_cpus negative.
Signed-off-by: Eduardo Habkost <ehabk...@redhat.com>
---
vl.c | 31 ++++++++++++++++++++++++++-----
1 file changed, 26 insertions(+), 5 deletions(-)
diff --git a/vl.c b/vl.c
index 0c15608..0362f08 100644
--- a/vl.c
+++ b/vl.c
@@ -1393,10 +1393,11 @@ static void smp_parse(QemuOpts *opts)
{
if (opts) {
- unsigned cpus = qemu_opt_get_number(opts, "cpus", 0);
- unsigned sockets = qemu_opt_get_number(opts, "sockets", 0);
- unsigned cores = qemu_opt_get_number(opts, "cores", 0);
- unsigned threads = qemu_opt_get_number(opts, "threads", 0);
+ uint64_t cpus = qemu_opt_get_number(opts, "cpus", 0);
+ uint64_t sockets = qemu_opt_get_number(opts, "sockets", 0);
+ uint64_t cores = qemu_opt_get_number(opts, "cores", 0);
+ uint64_t threads = qemu_opt_get_number(opts, "threads", 0);
+ uint64_t maxcpus = qemu_opt_get_number(opts, "maxcpus", 0);
/* compute missing values, prefer sockets over cores over threads */
if (cpus == 0 || sockets == 0) {
@@ -1415,8 +1416,28 @@ static void smp_parse(QemuOpts *opts)
}
}
- max_cpus = qemu_opt_get_number(opts, "maxcpus", 0);
+ if (cpus > INT_MAX) {
+ fprintf(stderr, "smp: Invalid value for 'cpus': %" PRIu64 "\n",
+ cpus);
+ exit(1);
+ }
+ if (cores > INT_MAX) {
+ fprintf(stderr, "smp: Invalid value for 'cores': %" PRIu64 "\n",
+ cores);
+ exit(1);
+ }
+ if (threads > INT_MAX) {
+ fprintf(stderr, "smp: Invalid value for 'threads': %" PRIu64 "\n",
+ threads);
+ exit(1);
+ }
+ if (maxcpus > INT_MAX) {
+ fprintf(stderr, "smp: Invalid value for 'maxcpus': %" PRIu64 "\n",
+ maxcpus);
+ exit(1);
+ }
+ max_cpus = maxcpus;
smp_cpus = cpus;
smp_cores = cores > 0 ? cores : 1;
smp_threads = threads > 0 ? threads : 1;
--
1.9.0
