Re: [Libvir] PATCH 1/4: QEMU driver char device support
On Thu, Apr 24, 2008 at 10:01:29PM +0200, Jim Meyering wrote:
"Daniel P. Berrange" <berrange(a)redhat.com> wrote:
> static const char needle[] = "char device redirected to";
> char *tmp;
>
> - if (!(tmp = strstr(haystack, needle)))
> + /* First look for our magic string */
> + if (!(tmp = strstr(haystack + *offset, needle)))
> return -1;
>
> + /* Grab all the trailing data */
> strncpy(path, tmp+sizeof(needle), pathmax-1);
That should be sizeof(needle)-1.
Otherwise, if someone nasty gave you input ending with
"char device redirected to", the strncpy above would start
reading just past the NUL at the end of "haystack".
Fixed this.
> path[pathmax-1] = '\0';
>
> - while (*path) {
> - /*
> - * The monitor path ends at first whitespace char
> - * so lets search for it & NULL terminate it there
> - */
> - if (isspace(*path)) {
> - *path = '\0';
> + /*
> + * And look for first whitespace character and nul terminate
> + * to mark end of the pty path
> + */
> + tmp = path;
> + while (*tmp) {
> + if (isspace(*tmp)) {
Since "tmp" has type "char", this causes trouble in an environment
where "char" is a signed type. When *tmp is larger than 127, it gets
sign-extended, and isspace can misbehave on the large negative number
(isspace is not defined for such values). Instead, do it like this:
if (isspace(*(unsigned char *)tmp)) {
or better, using the to_uchar function (from coreutils):
if (isspace(to_uchar(tmp))) {
Fixed this when merging with your to_uchar() changes.
Dan.
--
|: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|