All of lore.kernel.org
 help / color / mirror / Atom feed
From: Daniel Kiper <daniel.kiper@oracle.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: Juergen Gross <JGross@suse.com>,
	sstabellini@kernel.org, andrew.cooper3@citrix.com,
	cardoe@cardoe.com, pgnet.dev@gmail.com, ning.sun@intel.com,
	david.vrabel@citrix.com, xen-devel@lists.xenproject.org,
	qiaowei.ren@intel.com, gang.wei@intel.com, fu.wei@linaro.org
Subject: Re: [PATCH v5 14/16] x86/boot: implement early command line parser in C
Date: Wed, 31 Aug 2016 21:31:36 +0200	[thread overview]
Message-ID: <20160831193136.GH5364@olila.local.net-space.pl> (raw)
In-Reply-To: <57C6F136020000780010A7C6@prv-mh.provo.novell.com>

On Wed, Aug 31, 2016 at 07:01:10AM -0600, Jan Beulich wrote:
> >>> On 30.08.16 at 21:58, <daniel.kiper@oracle.com> wrote:
> > On Thu, Aug 25, 2016 at 07:27:21AM -0600, Jan Beulich wrote:
> >> >>> On 20.08.16 at 00:43, <daniel.kiper@oracle.com> wrote:

[...]

> >> > +static unsigned int strtoui(const char *s, const char *stop, const char **next)
> >> > +{
> >> > +    char l;
> >> > +    unsigned int base = 10, ores = 0, res = 0;
> >> > +
> >> > +    if ( *s == '0' )
> >> > +      base = (tolower(*++s) == 'x') ? (++s, 16) : 8;
> >> > +
> >> > +    for ( ; *s != '\0'; ++s )
> >> > +    {
> >> > +        if ( stop && strchr(stop, *s) )
> >> > +            goto out;
> >> > +
> >> > +        if ( *s < '0' || (*s > '7' && base == 8) )
> >> > +        {
> >> > +            res = UINT_MAX;
> >> > +            goto out;
> >> > +        }
> >> > +
> >> > +        l = tolower(*s);
> >> > +
> >> > +        if ( *s > '9' && (base != 16 || l < 'a' || l > 'f') )
> >> > +        {
> >> > +            res = UINT_MAX;
> >> > +            goto out;
> >> > +        }
> >> > +
> >> > +        res *= base;
> >> > +        res += (l >= 'a') ? (l - 'a' + 10) : (*s - '0');
> >> > +
> >> > +        if ( ores > res )
> >> > +        {
> >> > +            res = UINT_MAX;
> >> > +            goto out;
> >> > +        }
> >>
> >> Without having spent time to try and find an example, it feels like this
> >> check won't catch all possible overflow conditions. If you care about
> >> overflow, please make sure you catch all cases.
> >
> > Hmmm.... How come? Could you give an example?
>
> Excuse me, but shouldn't you instead demonstrate the logic is
> correct? Or - consider what I had said - try to find an example
> yourself? It's not that difficult: With 16-bit word size
> 0x3333 * 10 = 0x1fffe, which truncates to 0xfffe and is hence
> larger than both inputs but still produced an overflow. This
> easily extends to 32- and 64-bit word size.

Oh, boy. I forgot about multiplication. I think that we can define
res as unsigned long and then check that it is < UINT_MAX.
If not then return UINT_MAX.

Daniel

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

  reply	other threads:[~2016-08-31 19:32 UTC|newest]

Thread overview: 70+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-08-19 22:43 [PATCH v5 00/16] x86: multiboot2 protocol support Daniel Kiper
2016-08-19 22:43 ` [PATCH v5 01/16] x86: allow EFI reboot method neither on EFI platforms Daniel Kiper
2016-08-25 11:19   ` Jan Beulich
2016-08-19 22:43 ` [PATCH v5 02/16] x86/boot: remove multiboot1_header_end from symbol table Daniel Kiper
2016-08-25 11:21   ` Jan Beulich
2016-08-30 14:27     ` Daniel Kiper
2016-08-30 15:11       ` Jan Beulich
2016-08-19 22:43 ` [PATCH v5 03/16] x86/boot: create *.lnk files with linker script Daniel Kiper
2016-08-25 11:28   ` Jan Beulich
2016-08-19 22:43 ` [PATCH v5 04/16] x86/boot/reloc: reduce assembly usage as much as possible Daniel Kiper
2016-08-25 11:29   ` Jan Beulich
2016-08-19 22:43 ` [PATCH v5 05/16] x86/boot: call reloc() using stdcall calling convention Daniel Kiper
2016-08-19 22:43 ` [PATCH v5 06/16] x86/boot/reloc: create generic alloc and copy functions Daniel Kiper
2016-08-25 11:34   ` Jan Beulich
2016-08-30 14:32     ` Daniel Kiper
2016-08-30 15:12       ` Jan Beulich
2016-08-31 15:13         ` Daniel Kiper
2016-08-31 15:25           ` Jan Beulich
2016-08-31 19:39             ` Daniel Kiper
2016-09-01  7:35               ` Jan Beulich
2016-09-06 15:33       ` Doug Goldstein
2016-08-19 22:43 ` [PATCH v5 07/16] x86/boot: use %ecx instead of %eax Daniel Kiper
2016-08-19 22:43 ` [PATCH v5 08/16] x86/boot/reloc: rename some variables and rearrange code a bit Daniel Kiper
2016-08-19 22:43 ` [PATCH v5 09/16] x86: add multiboot2 protocol support Daniel Kiper
2016-08-25 11:50   ` Jan Beulich
2016-08-30 14:41     ` Daniel Kiper
2016-08-30 15:14       ` Jan Beulich
2016-08-31 15:21         ` Daniel Kiper
2016-08-31 20:18   ` Andrew Cooper
2016-08-31 21:01     ` Daniel Kiper
2016-08-19 22:43 ` [PATCH v5 10/16] efi: create efi_enabled() Daniel Kiper
2016-08-25 12:16   ` Jan Beulich
2016-08-30 17:19     ` Daniel Kiper
2016-08-31 12:31       ` Jan Beulich
2016-08-19 22:43 ` [PATCH v5 11/16] efi: build xen.gz with EFI code Daniel Kiper
2016-08-25 12:23   ` Jan Beulich
2016-08-19 22:43 ` [PATCH v5 12/16] x86/efi: create new early memory allocator Daniel Kiper
2016-09-05 12:33   ` Jan Beulich
2016-09-07 12:05     ` Daniel Kiper
2016-09-07 14:01       ` Jan Beulich
2016-09-08  8:29         ` Daniel Kiper
2016-09-08  9:59           ` Jan Beulich
2016-08-19 22:43 ` [PATCH v5 13/16] x86: add multiboot2 protocol support for EFI platforms Daniel Kiper
2016-08-25 12:59   ` Jan Beulich
2016-08-30 19:32     ` Daniel Kiper
2016-08-31 12:49       ` Jan Beulich
2016-08-31 17:07         ` Daniel Kiper
2016-09-01  7:40           ` Jan Beulich
2016-09-01 20:37             ` Daniel Kiper
2016-08-19 22:43 ` [PATCH v5 14/16] x86/boot: implement early command line parser in C Daniel Kiper
2016-08-25 13:27   ` Jan Beulich
2016-08-30 19:58     ` Daniel Kiper
2016-08-31 13:01       ` Jan Beulich
2016-08-31 19:31         ` Daniel Kiper [this message]
2016-09-01  7:41           ` Jan Beulich
2016-09-01 20:43             ` Daniel Kiper
2016-08-19 22:43 ` [PATCH v5 15/16] x86: make Xen early boot code relocatable Daniel Kiper
2016-08-25 14:41   ` Jan Beulich
2016-08-31 14:59     ` Daniel Kiper
2016-08-31 15:46       ` Jan Beulich
2016-08-31 20:50         ` Daniel Kiper
2016-09-01  7:46           ` Jan Beulich
2016-09-01 21:19             ` Daniel Kiper
2016-09-02  6:58               ` Jan Beulich
2016-09-02  7:28                 ` Daniel Kiper
2016-08-19 22:43 ` [PATCH v5 16/16] x86: add multiboot2 protocol support for relocatable images Daniel Kiper
2016-08-22 10:10 ` [PATCH v5 00/16] x86: multiboot2 protocol support Jan Beulich
2016-08-30 14:15   ` Daniel Kiper
2016-08-30 15:09     ` Jan Beulich
2016-08-31 15:05       ` Daniel Kiper

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160831193136.GH5364@olila.local.net-space.pl \
    --to=daniel.kiper@oracle.com \
    --cc=JBeulich@suse.com \
    --cc=JGross@suse.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=cardoe@cardoe.com \
    --cc=david.vrabel@citrix.com \
    --cc=fu.wei@linaro.org \
    --cc=gang.wei@intel.com \
    --cc=ning.sun@intel.com \
    --cc=pgnet.dev@gmail.com \
    --cc=qiaowei.ren@intel.com \
    --cc=sstabellini@kernel.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.