From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50938) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YT9zq-0004JY-1K for qemu-devel@nongnu.org; Wed, 04 Mar 2015 09:10:01 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YT9zl-00041h-Jb for qemu-devel@nongnu.org; Wed, 04 Mar 2015 09:09:57 -0500 Received: from [213.243.91.10] (port=50372 helo=mlogin6.smware.local) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YT9zl-00041K-CN for qemu-devel@nongnu.org; Wed, 04 Mar 2015 09:09:53 -0500 From: Ildar Isaev Date: Wed, 4 Mar 2015 17:09:46 +0300 Message-Id: <1425478186-18894-1-git-send-email-ild@inbox.ru> Subject: [Qemu-devel] [PATCH] include/hw: field 'offset' in struct Property should be ptrdiff_t as int causes overflow List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, Ildar Isaev , aliguori@amazon.com 'offset' field in struct Property is calculated as a diff between two pointers (hw/core/qdev-properties.c:802) arrayprop->prop.offset = eltptr - (void *)dev; If offset is declared as int, this subtraction can cause type overflow thus leading to the fall of the subsequent assert (hw/core/qdev-properties.c:803) assert(qdev_get_prop_ptr(dev, &arrayprop->prop) == eltptr); So ptrdiff_t should be used instead Signed-off-by: Ildar Isaev --- include/hw/qdev-core.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h index 4e673f9..f0e2a73 100644 --- a/include/hw/qdev-core.h +++ b/include/hw/qdev-core.h @@ -224,7 +224,7 @@ struct BusState { struct Property { const char *name; PropertyInfo *info; - int offset; + ptrdiff_t offset; uint8_t bitnr; uint8_t qtype; int64_t defval; -- 1.9.3