[PATCH 1/5] internal: Refuse values exceeding range of 'unsigned int' in virCheckFlags
Peter Krempa
pkrempa at redhat.com
Tue Nov 22 13:02:54 UTC 2022
Historically our migration APIs declare 'unsigned long flags'. Since
it's baked into our API we can't change that but we can avoid
compatibility problems by preemptively refusing the extra range on
certain arches to prevent future surprise.
Modify the macro to verify that value passed inside 'flags' doesn't
exceed the range of 'unsigned int'.
Signed-off-by: Peter Krempa <pkrempa at redhat.com>
---
src/internal.h | 22 ++++++++++++++++++----
1 file changed, 18 insertions(+), 4 deletions(-)
diff --git a/src/internal.h b/src/internal.h
index 35cc22ee3d..9dc34a0bf5 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -269,10 +269,17 @@
*/
#define virCheckFlags(supported, retval) \
do { \
- unsigned long __unsuppflags = flags & ~(supported); \
+ unsigned int __uiflags = flags; \
+ unsigned int __unsuppflags = flags & ~(supported); \
+ if (__uiflags != flags) { \
+ virReportInvalidArg(flags, \
+ _("unsupported use of long flags in function %s"), \
+ __FUNCTION__); \
+ return retval; \
+ } \
if (__unsuppflags) { \
virReportInvalidArg(flags, \
- _("unsupported flags (0x%lx) in function %s"), \
+ _("unsupported flags (0x%x) in function %s"), \
__unsuppflags, __FUNCTION__); \
return retval; \
} \
@@ -291,10 +298,17 @@
*/
#define virCheckFlagsGoto(supported, label) \
do { \
- unsigned long __unsuppflags = flags & ~(supported); \
+ unsigned int __uiflags = flags; \
+ unsigned int __unsuppflags = flags & ~(supported); \
+ if (__uiflags != flags) { \
+ virReportInvalidArg(flags, \
+ _("unsupported use of long flags in function %s"), \
+ __FUNCTION__); \
+ goto label; \
+ } \
if (__unsuppflags) { \
virReportInvalidArg(flags, \
- _("unsupported flags (0x%lx) in function %s"), \
+ _("unsupported flags (0x%x) in function %s"), \
__unsuppflags, __FUNCTION__); \
goto label; \
} \
--
2.37.3
More information about the libvir-list
mailing list