[Libguestfs] [PATCH nbdkit 2/3] delay: Fix delay-close
Eric Blake
eblake at redhat.com
Thu Aug 12 20:50:34 UTC 2021
On Thu, Aug 12, 2021 at 03:43:56PM -0500, Eric Blake wrote:
>
> $ ./nbdkit -f memory 1 --filter=delay delay-read=1oopsms
>
> Oops - our use of sscanf didn't check for trailing garbage, and this
> is behaving as delay-read=1ms.
>
> $ ./nbdkit -fv memory 1 --filter=delay delay-read=999999999999999999999ms
>
> Using gdb, I see that in glibc this results in the same as
> delay-read=4294967295, but that behavior is unspecified by POSIX and
> may result in other values on other platforms. Better would be
> detecting overflow, but sscanf() cannot detect numeric overflow.
>
> Detecting trailing garbage could be done with sscanf(value, "%ums%n",
> r, &n) == 1 followed by checking that n consumed strlen(value) bytes,
> but detecting overflow really needs strtol() rather than sscanf.
>
> We have other filters and plugins that use sscanf. As long as their
> inputs come from stable sources (such as scanning kernel /proc files)
> or don't parse numbers, that is safe; but in general, use of sscanf to
> parse user-provided data is risky.
I'm wondering if we want to add
int nbdkit_parse_int_suffix (const char *what, const char *str, char **suff, int *r);
and friends, which sets *suff to the first unparsed byte in str on a
successful integer prefix parse.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
More information about the Libguestfs
mailing list