[Libguestfs] [PATCH nbdkit 2/3] delay: Fix delay-close
Richard W.M. Jones
rjones at redhat.com
Thu Aug 12 21:21:03 UTC 2021
On Thu, Aug 12, 2021 at 03:50:34PM -0500, Eric Blake wrote:
> On Thu, Aug 12, 2021 at 03:43:56PM -0500, Eric Blake wrote:
> >
> > $ ./nbdkit -f memory 1 --filter=delay delay-read=1oopsms
> >
> > Oops - our use of sscanf didn't check for trailing garbage, and this
> > is behaving as delay-read=1ms.
> >
> > $ ./nbdkit -fv memory 1 --filter=delay delay-read=999999999999999999999ms
> >
> > Using gdb, I see that in glibc this results in the same as
> > delay-read=4294967295, but that behavior is unspecified by POSIX and
> > may result in other values on other platforms. Better would be
> > detecting overflow, but sscanf() cannot detect numeric overflow.
> >
> > Detecting trailing garbage could be done with sscanf(value, "%ums%n",
> > r, &n) == 1 followed by checking that n consumed strlen(value) bytes,
> > but detecting overflow really needs strtol() rather than sscanf.
> >
> > We have other filters and plugins that use sscanf. As long as their
> > inputs come from stable sources (such as scanning kernel /proc files)
> > or don't parse numbers, that is safe; but in general, use of sscanf to
> > parse user-provided data is risky.
>
> I'm wondering if we want to add
> int nbdkit_parse_int_suffix (const char *what, const char *str, char **suff, int *r);
>
> and friends, which sets *suff to the first unparsed byte in str on a
> successful integer prefix parse.
string + length parsing would also work in this case.
I don't have any particular preference.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org
More information about the Libguestfs
mailing list