search for: nbdkit_parse_

...@@ -151,8 +152,11 @@ ssh_config (const char *key, const char *value) > } > > else if (strcmp (key, "timeout") == 0) { > - if (sscanf (value, "%ld", &timeout) != 1) { > - nbdkit_error ("cannot parse timeout: %s", value); > + if (nbdkit_parse_uint32_t ("timeout", value, &timeout) == -1) > + return -1; > + /* Because we have to cast it to long before calling the libssh API. */ > + if (timeout > LONG_MAX) { > + nbdkit_error ("timeout too large"); C17 5.2.4.2.1 requires 'long'...

On 9/23/19 12:52 PM, Richard W.M. Jones wrote: > On Mon, Sep 23, 2019 at 12:05:11PM -0500, Eric Blake wrote: >>> + int nbdkit_parse_long (const char *what, const char *str, long *r); >>> + int nbdkit_parse_unsigned_long (const char *what, >>> + const char *str, unsigned long *r); >> >> Do we really want to encourage the use of parse_long and >> parse_unsigned_lo...

...=head2 Parsing numbers > + > +There are several functions for parsing numbers. These all deal > +correctly with overflow, out of range and parse errors, and you should > +use them instead of unsafe functions like L<sscanf(3)>, L<atoi(3)> and > +similar. > + > + int nbdkit_parse_int (const char *what, const char *str, int *r); > + int nbdkit_parse_unsigned (const char *what, > + const char *str, unsigned *r); > + int nbdkit_parse_long (const char *what, const char *str, long *r); > + int nbdkit_parse_unsigned_long (const char *what, &g...

...rid of long, unsigned_long, size_t and ssize_t, but added int8_t and uint8_t. Rich. >From 375e286be27f563a9f1a886e29bdcfcebebfa81c Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" <rjones@redhat.com> Date: Sat, 21 Sep 2019 07:30:40 +0100 Subject: [PATCH] server: public: Add nbdkit_parse_* functions for safely parsing integers. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit sscanf is sadly not safe (because it doesn't handle integer overflow correctly), and strto*l functions are a pain to use correctly. Therefore add some functions to...

On Mon, Sep 23, 2019 at 12:05:11PM -0500, Eric Blake wrote: > > + int nbdkit_parse_long (const char *what, const char *str, long *r); > > + int nbdkit_parse_unsigned_long (const char *what, > > + const char *str, unsigned long *r); > > Do we really want to encourage the use of parse_long and > parse_unsigned_long? Those differ...

....name = "testundefined", > + .version = PACKAGE_VERSION, > + .open = undefined_open, > + .get_size = undefined_get_size, > + .pread = undefined_pread, > +}; Easiest might be adding a .config callback to test an nbdkit_parse_* function. -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org

On 3/24/20 3:12 PM, Eric Blake wrote: >> (For non-mingw platforms) this breaks the source API promises rather >> seriously, so if I understand your proposal correctly I don't think >> this is a good idea.  It's possibly something we can consider for >> internal plugins, or for the V3 API. > > How does it break API to request that someone link against a

...o-undefined. Plugins compiled without -lnbdkit (either because they predate the library, or because they specifically did not care about -no-undefined) should still be viable. > > I had a look into how we might implement libnbdkit.so. Some functions > are obviously self-contained (eg. nbdkit_parse_*, nbdkit_realpath, > nbdkit_debug, nbdkit_error, nbdkit_*extents). > > Unfortunately some functions depend themselves on internals > of the server: > > * nbdkit_nanosleep, nbdkit_export_name, nbdkit_peer_name call > threadlocal_get_conn > * nbdkit_set_error calls t...

...PARSING COMMAND LINE PARAMETERS +=head2 Parsing numbers + +There are several functions for parsing numbers. These all deal +correctly with overflow, out of range and parse errors, and you should +use them instead of unsafe functions like L<sscanf(3)>, L<atoi(3)> and +similar. + + int nbdkit_parse_int (const char *what, const char *str, int *r); + int nbdkit_parse_unsigned (const char *what, + const char *str, unsigned *r); + int nbdkit_parse_long (const char *what, const char *str, long *r); + int nbdkit_parse_unsigned_long (const char *what, +...

...nf("%d") cannot detect overflow; should this use strtol with errno > checking instead? AIUI glibc does detect overflow, but it's the C17/POSIX standards which don't mandate it? I had a longer email here where I was going to suggest replacing all use of sscanf/strtoul with new nbdkit_parse_* functions, but we would need a lot of them and they still wouldn't cover all the clever uses we make of sscanf, eg: https://github.com/libguestfs/nbdkit/blob/cfbbe17ee21a9a47a96a5ac7f4321d20ed90cad9/filters/error/error.c#L134 So I still think the right way to solve this is to fix C2x / POS...

...iled without -lnbdkit (either because > they predate the library, or because they specifically did not care > about -no-undefined) should still be viable. > > > > >I had a look into how we might implement libnbdkit.so. Some functions > >are obviously self-contained (eg. nbdkit_parse_*, nbdkit_realpath, > >nbdkit_debug, nbdkit_error, nbdkit_*extents). > > > >Unfortunately some functions depend themselves on internals > >of the server: > > > > * nbdkit_nanosleep, nbdkit_export_name, nbdkit_peer_name call > > threadlocal_get_conn >...

...PI break) or would it still be possible to compile without this? I guess as long as plugins do not start using -no-undefined then it would still work, so it wouldn't be a source API break. I had a look into how we might implement libnbdkit.so. Some functions are obviously self-contained (eg. nbdkit_parse_*, nbdkit_realpath, nbdkit_debug, nbdkit_error, nbdkit_*extents). Unfortunately some functions depend themselves on internals of the server: * nbdkit_nanosleep, nbdkit_export_name, nbdkit_peer_name call threadlocal_get_conn * nbdkit_set_error calls threadlocal_set_error * nbdkit_shutdown mus...

On 9/19/19 10:26 AM, Richard W.M. Jones wrote: > This filter can be used to transparently reopen/retry when a plugin > fails. The connection is closed and reopened which for most plugins > causes them to attempt to reconnect to their source. > > For example if doing a long or slow SSH copy: > > nbdkit -U - ssh host=remote /var/tmp/test.iso \ > --run 'qemu-img

This creates libnbdkit.so as discussed in the following thread: https://www.redhat.com/archives/libguestfs/2020-March/thread.html#00203 test-delay-shutdown.sh fails for unclear reasons. This series starts by reverting "tests: Don't strand hung nbdkit processes" which is because several other tests fail randomly unless I revert this patch. I didn't investigate this yet so it