From patchwork Wed Oct 1 16:43:44 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Markus Armbruster X-Patchwork-Id: 395602 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 5605814016A for ; Thu, 2 Oct 2014 02:44:17 +1000 (EST) Received: from localhost ([::1]:56722 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XZN0h-0004Cl-Fw for incoming@patchwork.ozlabs.org; Wed, 01 Oct 2014 12:44:15 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58493) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XZN0M-0003tL-Ly for qemu-devel@nongnu.org; Wed, 01 Oct 2014 12:44:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XZN0G-0003JC-6o for qemu-devel@nongnu.org; Wed, 01 Oct 2014 12:43:54 -0400 Received: from mx1.redhat.com ([209.132.183.28]:2812) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XZN0F-0003Ix-VT for qemu-devel@nongnu.org; Wed, 01 Oct 2014 12:43:48 -0400 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s91Ghldp013430 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Wed, 1 Oct 2014 12:43:47 -0400 Received: from blackfin.pond.sub.org (ovpn-116-61.ams2.redhat.com [10.36.116.61]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s91GhjcV006957 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 1 Oct 2014 12:43:46 -0400 Received: by blackfin.pond.sub.org (Postfix, from userid 1000) id C92D43042B70; Wed, 1 Oct 2014 18:43:44 +0200 (CEST) From: Markus Armbruster To: qemu-devel@nongnu.org Date: Wed, 1 Oct 2014 18:43:44 +0200 Message-Id: <1412181824-26936-1-git-send-email-armbru@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 209.132.183.28 Cc: lcapitulino@redhat.com Subject: [Qemu-devel] [PATCH] virtio-balloon: Tweak recent fix for integer overflow X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Commit 1f9296b avoids "other kinds of overflow" by limiting the polling interval to UINT_MAX. The computations to protect are done in 64 bits. This is indeed safe when unsigned is 32 bits, as it commonly is. It isn't when unsigned is 64 bits. Purely theoretical; I'm not aware of such a system. Limit it to UINT32_MAX instead. Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake --- hw/virtio/virtio-balloon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c index b5cf7ca..7bfbb75 100644 --- a/hw/virtio/virtio-balloon.c +++ b/hw/virtio/virtio-balloon.c @@ -170,7 +170,7 @@ static void balloon_stats_set_poll_interval(Object *obj, struct Visitor *v, return; } - if (value > UINT_MAX) { + if (value > UINT32_MAX) { error_setg(errp, "timer value is too big"); return; }