[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] libxl: don't accept negative disk or partition indexes

Jan Beulich writes ("[Xen-devel] [PATCH] libxl: don't accept negative disk or 
partition indexes"):
> When obtained via sscanf(), they were checked against an upper bound
> only so far. By converting the local variables' types to "unsigned int"
> those bounds checks become sufficient (as a consequence the helper
> function's parameter types need to be adjusted too). It's not strictly
> necessary to also convert libxl__device_disk_dev_number()'s parameter
> types - the bounds checking done (now) guarantees that the values won't
> run into the negative range of "int" values.

IMO "unsigned int" is not a type that should be used for things which
are like mathematical integers, even if their range happens to include
only non-negative integers.  In C unsigned types have some very
surprising behaviours in comparisons and subtractions.

So I think the correct thing to do is to check that the values are
within sensible limits after sscanf returns.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.