From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:45064)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1XSNjq-00079c-Ry
	for qemu-devel@nongnu.org; Fri, 12 Sep 2014 06:06:06 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1XSNjk-0004ot-7c
	for qemu-devel@nongnu.org; Fri, 12 Sep 2014 06:05:58 -0400
Received: from mx1.redhat.com ([209.132.183.28]:29353)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1XSNjj-0004og-Vp
	for qemu-devel@nongnu.org; Fri, 12 Sep 2014 06:05:52 -0400
Message-ID: <5412C579.2010808@redhat.com>
Date: Fri, 12 Sep 2014 12:05:45 +0200
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <1404899590-24973-1-git-send-email-pbonzini@redhat.com>	<1404899590-24973-11-git-send-email-pbonzini@redhat.com>
	<CAETRQWk_nD=F4pVNvNmk0cnpFKQXd8J7wRB74uD5LcM6QaUCjQ@mail.gmail.com>
In-Reply-To: <CAETRQWk_nD=F4pVNvNmk0cnpFKQXd8J7wRB74uD5LcM6QaUCjQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH 10/10] aio-win32: add support for sockets
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: TeLeMan <geleman@gmail.com>
Cc: qemu-devel <qemu-devel@nongnu.org>

Il 12/09/2014 03:39, TeLeMan ha scritto:
> On Wed, Jul 9, 2014 at 5:53 PM, Paolo Bonzini <pbonzini@redhat.com> wrote:
>> diff --git a/aio-win32.c b/aio-win32.c
>> index 4542270..61e3d2d 100644
>> --- a/aio-win32.c
>> +++ b/aio-win32.c
>> +    bool was_dispatching, progress, have_select_revents, first;
> have_select_revents has no initial value.

Good catch here...

> 
>> @@ -183,6 +318,7 @@ bool aio_poll(AioContext *ctx, bool blocking)
>>
>>      /* wait until next event */
>>      while (count > 0) {
>> +        HANDLE event;
>>          int ret;
>>
>>          timeout = blocking
>> @@ -196,13 +332,17 @@ bool aio_poll(AioContext *ctx, bool blocking)
>>          first = false;
>>
>>          /* if we have any signaled events, dispatch event */
>> -        if ((DWORD) (ret - WAIT_OBJECT_0) >= count) {
>> +        event = NULL;
>> +        if ((DWORD) (ret - WAIT_OBJECT_0) < count) {
>> +            event = events[ret - WAIT_OBJECT_0];
>> +        } else if (!have_select_revents) {
> 
> when (ret - WAIT_OBJECT_0) >= count and have_select_revents is true,
> the following events[ret - WAIT_OBJECT_0] will be overflowed.

... this instead is not a problem, ret - WAIT_OBJECT_0 can be at most
equal to count, and events[] is declared with MAXIMUM_WAIT_OBJECTS + 1
places.  So the

	events[ret - WAIT_OBJECT_0] = events[--count];

is equal to

	events[count] = events[count - 1];
	--count;

and this is harmless.

Paolo

>>              break;
>>          }
>>
>> +        have_select_revents = false;
>>          blocking = false;
>>
>> -        progress |= aio_dispatch_handlers(ctx, events[ret - WAIT_OBJECT_0]);
>> +        progress |= aio_dispatch_handlers(ctx, event);
>>
>>          /* Try again, but only call each handler once.  */
>>          events[ret - WAIT_OBJECT_0] = events[--count];