From bfc188e82c3059585fa564a18d76dc70ce6e903d Mon Sep 17 00:00:00 2001
From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 22 Nov 2022 11:44:50 +0100
Subject: [PATCH] internal: Refuse values exceeding range of 'unsigned int' in
 virCheckFlags
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Historically our migration APIs declare 'unsigned long flags'. Since
it's baked into our API we can't change that but we can avoid
compatibility problems by preemptively refusing the extra range on
certain arches to prevent future surprise.

Modify the macro to verify that value passed inside 'flags' doesn't
exceed the range of 'unsigned int'.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: JÃ¡n Tomko <jtomko@redhat.com>
---
 src/internal.h | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/src/internal.h b/src/internal.h
index 35cc22ee3d..9dc34a0bf5 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -269,10 +269,17 @@
  */
 #define virCheckFlags(supported, retval) \
     do { \
-        unsigned long __unsuppflags = flags & ~(supported); \
+        unsigned int __uiflags = flags; \
+        unsigned int __unsuppflags = flags & ~(supported); \
+        if (__uiflags != flags) { \
+            virReportInvalidArg(flags, \
+                                _("unsupported use of long flags in function %s"), \
+                                __FUNCTION__); \
+            return retval; \
+        } \
         if (__unsuppflags) { \
             virReportInvalidArg(flags, \
-                                _("unsupported flags (0x%lx) in function %s"), \
+                                _("unsupported flags (0x%x) in function %s"), \
                                 __unsuppflags, __FUNCTION__); \
             return retval; \
         } \
@@ -291,10 +298,17 @@
  */
 #define virCheckFlagsGoto(supported, label) \
     do { \
-        unsigned long __unsuppflags = flags & ~(supported); \
+        unsigned int __uiflags = flags; \
+        unsigned int __unsuppflags = flags & ~(supported); \
+        if (__uiflags != flags) { \
+            virReportInvalidArg(flags, \
+                                _("unsupported use of long flags in function %s"), \
+                                __FUNCTION__); \
+            goto label; \
+        } \
         if (__unsuppflags) { \
             virReportInvalidArg(flags, \
-                                _("unsupported flags (0x%lx) in function %s"), \
+                                _("unsupported flags (0x%x) in function %s"), \
                                 __unsuppflags, __FUNCTION__); \
             goto label; \
         } \
-- 
2.47.2