[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] libxl: don't accept negative disk or partition indexes

Jan Beulich writes ("[Xen-devel] [PATCH] libxl: don't accept negative disk or 
partition indexes"):
> When obtained via sscanf(), they were checked against an upper bound
> only so far. By converting the local variables' types to "unsigned int"
> those bounds checks become sufficient (as a consequence the helper
> function's parameter types need to be adjusted too). It's not strictly
> necessary to also convert libxl__device_disk_dev_number()'s parameter
> types - the bounds checking done (now) guarantees that the values won't
> run into the negative range of "int" values.

IMO "unsigned int" is not a type that should be used for things which
are like mathematical integers, even if their range happens to include
only non-negative integers.  In C unsigned types have some very
surprising behaviours in comparisons and subtractions.

So I think the correct thing to do is to check that the values are
within sensible limits after sscanf returns.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.