On 10/01/2014 10:43 AM, Markus Armbruster wrote:
> Commit 1f9296b avoids "other kinds of overflow" by limiting the
> polling interval to UINT_MAX.  The computations to protect are done in
> 64 bits.  This is indeed safe when unsigned is 32 bits, as it commonly
> is.  It isn't when unsigned is 64 bits.  Purely theoretical; I'm not
> aware of such a system.  Limit it to UINT32_MAX instead.
> 
> Signed-off-by: Markus Armbruster <armbru@redhat.com>
> ---
>  hw/virtio/virtio-balloon.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Eric Blake <eblake@redhat.com>

Harmless sanity addition (I seriously doubt at this point that anyone
would ever introduce a platform where 'int' is larger than 32 bits)

> 
> diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
> index b5cf7ca..7bfbb75 100644
> --- a/hw/virtio/virtio-balloon.c
> +++ b/hw/virtio/virtio-balloon.c
> @@ -170,7 +170,7 @@ static void balloon_stats_set_poll_interval(Object *obj, struct Visitor *v,
>          return;
>      }
>  
> -    if (value > UINT_MAX) {
> +    if (value > UINT32_MAX) {
>          error_setg(errp, "timer value is too big");
>          return;
>      }
> 

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org