Commit 45009a30 authored by Markus Armbruster's avatar Markus Armbruster Committed by Anthony Liguori
Browse files

x86/cpuid: Tighten parsing of tsc_freq=FREQ



cpu_x86_find_by_name() uses strtosz_suffix_unit(), but screws up the
error checking.  It detects some failures, but not all.  Undetected
failures result in a zero tsc_khz value (error value -1 divided by
1000), which means "no tsc_freq set".

To reproduce, try "-cpu qemu64,tsc_freq=9999999T".
strtosz_suffix_unit() fails, because the value overflows int64_t,
Signed-off-by: default avatarMarkus Armbruster <armbru@redhat.com>
Signed-off-by: default avatarAnthony Liguori <aliguori@us.ibm.com>
parent 961b42b9
......@@ -711,7 +711,7 @@ static int cpu_x86_find_by_name(x86_def_t *x86_cpu_def, const char *cpu_model)
tsc_freq = strtosz_suffix_unit(val, &err,
STRTOSZ_DEFSUFFIX_B, 1000);
if (!*val || *err) {
if (tsc_freq < 0 || *err) {
fprintf(stderr, "bad numerical value %s\n", val);
goto error;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment