From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1OB52Y-0002pD-W3
	for qemu-devel@nongnu.org; Sun, 09 May 2010 07:51:23 -0400
Received: from [140.186.70.92] (port=32792 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1OB52W-0002nc-67
	for qemu-devel@nongnu.org; Sun, 09 May 2010 07:51:22 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <avi@redhat.com>) id 1OB52U-0002X3-PD
	for qemu-devel@nongnu.org; Sun, 09 May 2010 07:51:20 -0400
Received: from mx1.redhat.com ([209.132.183.28]:47226)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <avi@redhat.com>) id 1OB52U-0002Wr-Ht
	for qemu-devel@nongnu.org; Sun, 09 May 2010 07:51:18 -0400
From: Avi Kivity <avi@redhat.com>
Date: Sun,  9 May 2010 14:51:13 +0300
Message-Id: <1273405873-15953-1-git-send-email-avi@redhat.com>
Subject: [Qemu-devel] [PATCH] Fix overflow in i440fx_init()
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <anthony@codemonkey.ws>, qemu-devel@nongnu.org

The ram_size parameter can be larger than an int, so it may be truncated.

Fix by using the correct type.

Signed-off-by: Avi Kivity <avi@redhat.com>
---
 hw/pc.h       |    2 +-
 hw/piix_pci.c |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/pc.h b/hw/pc.h
index e57821a..4898b37 100644
--- a/hw/pc.h
+++ b/hw/pc.h
@@ -115,7 +115,7 @@ int pcspk_audio_init(qemu_irq *pic);
 struct PCII440FXState;
 typedef struct PCII440FXState PCII440FXState;
 
-PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix_devfn, qemu_irq *pic, int ram_size);
+PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix_devfn, qemu_irq *pic, ram_addr_t ram_size);
 void i440fx_set_smm(PCII440FXState *d, int val);
 void i440fx_init_memory_mappings(PCII440FXState *d);
 
diff --git a/hw/piix_pci.c b/hw/piix_pci.c
index 625fc1c..2e44b78 100644
--- a/hw/piix_pci.c
+++ b/hw/piix_pci.c
@@ -220,7 +220,7 @@ static int i440fx_initfn(PCIDevice *dev)
 
 static PIIX3State *piix3_dev;
 
-PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix3_devfn, qemu_irq *pic, int ram_size)
+PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix3_devfn, qemu_irq *pic, ram_addr_t ram_size)
 {
     DeviceState *dev;
     PCIBus *b;
-- 
1.7.0.4