Historically our migration APIs declare 'unsigned long flags'. Since
it's baked into our API we can't change that but we can avoid
compatibility problems by preemptively refusing the extra range on
certain arches to prevent future surprise.
Modify the macro to verify that value passed inside 'flags' doesn't
exceed the range of 'unsigned int'.
Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
src/internal.h | 22 ++++++++++++++++++----
1 file changed, 18 insertions(+), 4 deletions(-)
diff --git a/src/internal.h b/src/internal.h
index 35cc22ee3d..9dc34a0bf5 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -269,10 +269,17 @@
*/
#define virCheckFlags(supported, retval) \
do { \
- unsigned long __unsuppflags = flags & ~(supported); \
+ unsigned int __uiflags = flags; \
+ unsigned int __unsuppflags = flags & ~(supported); \
+ if (__uiflags != flags) { \
+ virReportInvalidArg(flags, \
+ _("unsupported use of long flags in function %s"), \
+ __FUNCTION__); \
+ return retval; \
+ } \
if (__unsuppflags) { \
virReportInvalidArg(flags, \
- _("unsupported flags (0x%lx) in function %s"), \
+ _("unsupported flags (0x%x) in function %s"), \
__unsuppflags, __FUNCTION__); \
return retval; \
} \
@@ -291,10 +298,17 @@
*/
#define virCheckFlagsGoto(supported, label) \
do { \
- unsigned long __unsuppflags = flags & ~(supported); \
+ unsigned int __uiflags = flags; \
+ unsigned int __unsuppflags = flags & ~(supported); \
+ if (__uiflags != flags) { \
+ virReportInvalidArg(flags, \
+ _("unsupported use of long flags in function %s"), \
+ __FUNCTION__); \
+ goto label; \
+ } \
if (__unsuppflags) { \
virReportInvalidArg(flags, \
- _("unsupported flags (0x%lx) in function %s"), \
+ _("unsupported flags (0x%x) in function %s"), \
__unsuppflags, __FUNCTION__); \
goto label; \
} \
--
2.37.3
