Re: [Qemu-devel] [PATCH RFC v7 5/7] qemu-iotests: s390x: fix test 049

[Max Reitz]

On 23.04.2015 04:42, Xiao Guang Chen wrote:
> From: Bo Tu <address@hidden>

Hm, why is Bo Tu the patch author, but doesn't have an S-o-b in the 
commit message?

> when creating an image qemu-img enable us specifying the size of the
> image using -o size=xx options. But when we specify an invalid size
> such as a negtive size then different platform gives different result.
>
> parse_option_size() function in util/qemu-option.c will be called to
> parse the size, a cast was called in the function to cast the input
> (saved as a double in the function) size to an unsigned int64 value,
> when the input is a negtive value or exceeds the maximum of uint64, then
> the result is undefined.
>
> Language spec 6.3.1.4 Real floating and integers:
> the result of this assignment/cast is undefined if the float is not
> in the open interval (-1, U<type>_MAX+1).

Thank you for pointing to the specific section. I guess there are always 
new things to discover in C...

> Signed-off-by: Xiao Guang Chen <address@hidden>
> ---
>   tests/qemu-iotests/049.out | 10 ++++------
>   util/qemu-option.c         |  5 +++++
>   2 files changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/tests/qemu-iotests/049.out b/tests/qemu-iotests/049.out
> index 9f93666..75d90b2 100644
> --- a/tests/qemu-iotests/049.out
> +++ b/tests/qemu-iotests/049.out
> @@ -95,17 +95,15 @@ qemu-img create -f qcow2 TEST_DIR/t.qcow2 -- -1024
>   qemu-img: Image size must be less than 8 EiB!
>   
>   qemu-img create -f qcow2 -o size=-1024 TEST_DIR/t.qcow2
> -qemu-img: qcow2 doesn't support shrinking images yet
> -qemu-img: TEST_DIR/t.qcow2: Could not resize image: Operation not supported
> -Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=-1024 encryption=off 
> cluster_size=65536 lazy_refcounts=off refcount_bits=16
> +qemu-img: Parameter 'size' expects a positive number and must not exceeds the 
> maximum UINT64
> +qemu-img: TEST_DIR/t.qcow2: Invalid options for file format 'qcow2'
>   
>   qemu-img create -f qcow2 TEST_DIR/t.qcow2 -- -1k
>   qemu-img: Image size must be less than 8 EiB!
>   
>   qemu-img create -f qcow2 -o size=-1k TEST_DIR/t.qcow2
> -qemu-img: qcow2 doesn't support shrinking images yet
> -qemu-img: TEST_DIR/t.qcow2: Could not resize image: Operation not supported
> -Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=-1024 encryption=off 
> cluster_size=65536 lazy_refcounts=off refcount_bits=16
> +qemu-img: Parameter 'size' expects a positive number and must not exceeds the 
> maximum UINT64
> +qemu-img: TEST_DIR/t.qcow2: Invalid options for file format 'qcow2'
>   
>   qemu-img create -f qcow2 TEST_DIR/t.qcow2 -- 1kilobyte
>   qemu-img: Invalid image size specified! You may use k, M, G, T, P or E 
> suffixes for
> diff --git a/util/qemu-option.c b/util/qemu-option.c
> index fda4e5f..1c50fa4 100644
> --- a/util/qemu-option.c
> +++ b/util/qemu-option.c
> @@ -179,6 +179,11 @@ void parse_option_size(const char *name, const char *value,
>   
>       if (value != NULL) {
>           sizef = strtod(value, &postfix);
> +        if (sizef < 0 || sizef > UINT64_MAX) {
> +            error_set(errp, QERR_INVALID_PARAMETER_VALUE, name, "a positive "
> +                       "number and must not exceeds the maximum UINT64");

I think Markus would like to see these error macros not getting used 
anymore, so I think it should be dropped and the full string should be 
given here. I'll let him do the arguing, though. :-)

If you keep the macro, I'd propose "a non-negative number below 2^64" 
(or actually give the decimal value of UINT64_MAX, using 'a non-negative 
number not exceeding "%" PRIu64, UINT64_MAX'). Remember that 0 is not 
positive, but still a valid choice.

If you drop the macro, I'd propose error_setg(errp, "'%s' must be a 
non-negative number below 2^64", name) or, like it is now, 
error_setg(errp, "Parameter '%s' expects a non-negative number below 
2^64", name).

Max

> +            return;
> +        }
>           switch (*postfix) {
>           case 'T':
>               sizef *= 1024;