> > From: Chen Hanxiao <chenhanxiao@xxxxxxxxx> > > Vendor ID 0000 is not a valid ID [1] > But we could pass it from cmd: > usbredirserver :abcd > Which will cause a 0000 vendor id. > > This patch will check this senario. > > [1]: http://www.linux-usb.org/usb.ids > > Signed-off-by: Chen Hanxiao <chenhanxiao@xxxxxxxxx> > --- > v2.1: > fix a copy-paste error > v2: > add range check of vid/pid > > usbredirserver/usbredirserver.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/usbredirserver/usbredirserver.c > b/usbredirserver/usbredirserver.c > index 5a4adc5..56f91ec 100644 > --- a/usbredirserver/usbredirserver.c > +++ b/usbredirserver/usbredirserver.c > @@ -259,11 +259,13 @@ int main(int argc, char *argv[]) > invalid_usb_device_id(argv[optind], argv[0]); > } > usbvendor = strtol(argv[optind], &endptr, 16); > - if (*endptr != ':') { > + if (*endptr != ':' || usbvendor <= 0 > + || usbvendor > 0xffff) { > invalid_usb_device_id(argv[optind], argv[0]); > } > usbproduct = strtol(delim + 1, &endptr, 16); > - if (*endptr != '\0') { > + if (*endptr != '\0' || usbproduct < 0 > + || usbproduct > 0xffff) { > invalid_usb_device_id(argv[optind], argv[0]); > } > } All other ifs in the code are split like if (*endptr != '\0' || usbproduct < 0 || usbproduct > 0xffff) { not if (*endptr != '\0' || usbproduct < 0 || usbproduct > 0xffff) { (looks really consistent). I honestly don't think if (*endptr != '\0' || usbproduct < 0 || usbproduct > 0xffff) { is too long. Frediano _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel