diff mbox

[PULL,1/7] virtio-balloon: Tweak recent fix for integer overflow

Message ID 1414077590-18036-2-git-send-email-lcapitulino@redhat.com
State New
Headers show

Commit Message

Luiz Capitulino Oct. 23, 2014, 3:19 p.m. UTC 
From: Markus Armbruster <armbru@redhat.com>

Commit 1f9296b avoids "other kinds of overflow" by limiting the
polling interval to UINT_MAX.  The computations to protect are done in
64 bits.  This is indeed safe when unsigned is 32 bits, as it commonly
is.  It isn't when unsigned is 64 bits.  Purely theoretical; I'm not
aware of such a system.  Limit it to UINT32_MAX instead.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
---
 hw/virtio/virtio-balloon.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox

Patch

diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
index b5cf7ca..7bfbb75 100644
--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
@@ -170,7 +170,7 @@  static void balloon_stats_set_poll_interval(Object *obj, struct Visitor *v,
         return;
     }
 
-    if (value > UINT_MAX) {
+    if (value > UINT32_MAX) {
         error_setg(errp, "timer value is too big");
         return;
     }