| Message ID | 1412181824-26936-1-git-send-email-armbru@redhat.com |
|---|---|
| State | New |
| Headers | show |
On 10/01/2014 10:43 AM, Markus Armbruster wrote: > Commit 1f9296b avoids "other kinds of overflow" by limiting the > polling interval to UINT_MAX. The computations to protect are done in > 64 bits. This is indeed safe when unsigned is 32 bits, as it commonly > is. It isn't when unsigned is 64 bits. Purely theoretical; I'm not > aware of such a system. Limit it to UINT32_MAX instead. > > Signed-off-by: Markus Armbruster <armbru@redhat.com> > --- > hw/virtio/virtio-balloon.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Reviewed-by: Eric Blake <eblake@redhat.com> Harmless sanity addition (I seriously doubt at this point that anyone would ever introduce a platform where 'int' is larger than 32 bits) > > diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c > index b5cf7ca..7bfbb75 100644 > --- a/hw/virtio/virtio-balloon.c > +++ b/hw/virtio/virtio-balloon.c > @@ -170,7 +170,7 @@ static void balloon_stats_set_poll_interval(Object *obj, struct Visitor *v, > return; > } > > - if (value > UINT_MAX) { > + if (value > UINT32_MAX) { > error_setg(errp, "timer value is too big"); > return; > } >
On Wed, 1 Oct 2014 18:43:44 +0200 Markus Armbruster <armbru@redhat.com> wrote: > Commit 1f9296b avoids "other kinds of overflow" by limiting the > polling interval to UINT_MAX. The computations to protect are done in > 64 bits. This is indeed safe when unsigned is 32 bits, as it commonly > is. It isn't when unsigned is 64 bits. Purely theoretical; I'm not > aware of such a system. Limit it to UINT32_MAX instead. > > Signed-off-by: Markus Armbruster <armbru@redhat.com> Applied to the qmp branch, thanks. > --- > hw/virtio/virtio-balloon.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c > index b5cf7ca..7bfbb75 100644 > --- a/hw/virtio/virtio-balloon.c > +++ b/hw/virtio/virtio-balloon.c > @@ -170,7 +170,7 @@ static void balloon_stats_set_poll_interval(Object *obj, struct Visitor *v, > return; > } > > - if (value > UINT_MAX) { > + if (value > UINT32_MAX) { > error_setg(errp, "timer value is too big"); > return; > }
diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c index b5cf7ca..7bfbb75 100644 --- a/hw/virtio/virtio-balloon.c +++ b/hw/virtio/virtio-balloon.c @@ -170,7 +170,7 @@ static void balloon_stats_set_poll_interval(Object *obj, struct Visitor *v, return; } - if (value > UINT_MAX) { + if (value > UINT32_MAX) { error_setg(errp, "timer value is too big"); return; }
Commit 1f9296b avoids "other kinds of overflow" by limiting the polling interval to UINT_MAX. The computations to protect are done in 64 bits. This is indeed safe when unsigned is 32 bits, as it commonly is. It isn't when unsigned is 64 bits. Purely theoretical; I'm not aware of such a system. Limit it to UINT32_MAX instead. Signed-off-by: Markus Armbruster <armbru@redhat.com> --- hw/virtio/virtio-balloon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)