internal: Refuse values exceeding range of 'unsigned int' in virCheckFlags

Historically our migration APIs declare 'unsigned long flags'. Since it's baked into our API we can't change that but we can avoid compatibility problems by preemptively refusing the extra range on certain arches to prevent future surprise. Modify the macro to verify that value passed inside 'flags' doesn't exceed the range of 'unsigned int'. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-07-06 18:05:45 +00:00 · 2022-11-22 11:44:50 +01:00 · 2022-11-22 11:44:50 +01:00 · bfc188e82c
commit bfc188e82c
parent 35e36f9e29
1 changed files with 18 additions and 4 deletions
--- a/src/internal.h
+++ b/src/internal.h
@ -269,10 +269,17 @@
 */
 #define virCheckFlags(supported, retval) \
    do { \
-        unsigned long __unsuppflags = flags & ~(supported); \
+        unsigned int __uiflags = flags; \
+        unsigned int __unsuppflags = flags & ~(supported); \
+        if (__uiflags != flags) { \
+            virReportInvalidArg(flags, \
+                                _("unsupported use of long flags in function %s"), \
+                                __FUNCTION__); \
+            return retval; \
+        } \
        if (__unsuppflags) { \
            virReportInvalidArg(flags, \
-                                _("unsupported flags (0x%lx) in function %s"), \
+                                _("unsupported flags (0x%x) in function %s"), \
                                __unsuppflags, __FUNCTION__); \
            return retval; \
        } \
@ -291,10 +298,17 @@
 */
 #define virCheckFlagsGoto(supported, label) \
    do { \
-        unsigned long __unsuppflags = flags & ~(supported); \
+        unsigned int __uiflags = flags; \
+        unsigned int __unsuppflags = flags & ~(supported); \
+        if (__uiflags != flags) { \
+            virReportInvalidArg(flags, \
+                                _("unsupported use of long flags in function %s"), \
+                                __FUNCTION__); \
+            goto label; \
+        } \
        if (__unsuppflags) { \
            virReportInvalidArg(flags, \
-                                _("unsupported flags (0x%lx) in function %s"), \
+                                _("unsupported flags (0x%x) in function %s"), \
                                __unsuppflags, __FUNCTION__); \
            goto label; \
        } \