x86/cpuid: Tighten parsing of tsc_freq=FREQ

cpu_x86_find_by_name() uses strtosz_suffix_unit(), but screws up the
error checking.  It detects some failures, but not all.  Undetected
failures result in a zero tsc_khz value (error value -1 divided by
1000), which means "no tsc_freq set".

To reproduce, try "-cpu qemu64,tsc_freq=9999999T".
strtosz_suffix_unit() fails, because the value overflows int64_t,

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

diff --git a/target-i386/cpuid.c b/target-i386/cpuid.c
index 9fc9769edd867f7a068736cd132229c2b9bc190b..0b3af9060ce5c6149a168662051477b6781ed3fd 100644 (file)
--- a/target-i386/cpuid.c
+++ b/target-i386/cpuid.c
@@ -711,7 +711,7 @@ static int cpu_x86_find_by_name(x86_def_t *x86_cpu_def, const char *cpu_model)
 
                 tsc_freq = strtosz_suffix_unit(val, &err,
                                                STRTOSZ_DEFSUFFIX_B, 1000);
-                if (!*val || *err) {
+                if (tsc_freq < 0 || *err) {
                     fprintf(stderr, "bad numerical value %s\n", val);
                     goto error;
                 }