From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:45833)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1XTtEx-0003sr-SS
	for qemu-devel@nongnu.org; Tue, 16 Sep 2014 09:56:24 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1XTtEs-0006vL-Up
	for qemu-devel@nongnu.org; Tue, 16 Sep 2014 09:56:19 -0400
Message-ID: <5418416E.7010300@redhat.com>
Date: Tue, 16 Sep 2014 07:55:58 -0600
From: Eric Blake <eblake@redhat.com>
MIME-Version: 1.0
References: <20140916093950.4339b5b9@redhat.com>
In-Reply-To: <20140916093950.4339b5b9@redhat.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="D6CjIQQxFTSPQFPDTrT1Wj7XajA9VVlTB"
Subject: Re: [Qemu-devel] [PATCH v2] virtio-balloon: fix integer overflow in
 memory stats feature
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Luiz Capitulino <lcapitulino@redhat.com>, qemu-devel <qemu-devel@nongnu.org>
Cc: qemu-stable@nongnu.org, armbru@redhat.com

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--D6CjIQQxFTSPQFPDTrT1Wj7XajA9VVlTB
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 09/16/2014 07:39 AM, Luiz Capitulino wrote:
> When a QMP client changes the polling interval time by setting
> the guest-stats-polling-interval property, the interval value
> is stored and manipulated as an int64_t variable.
>=20
> However, the balloon_stats_change_timer() function, which is
> used to set the actual timer with the interval value, takes
> an int instead, causing an overflow for big interval values.
>=20
> This commit fix this bug by changing balloon_stats_change_timer()
> to take an int64_t and also it limits the polling interval value
> to UINT_MAX to avoid other kinds of overflow.
>=20
> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
> ---
>  hw/virtio/virtio-balloon.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)

Reviewed-by: Eric Blake <eblake@redhat.com>

--=20
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--D6CjIQQxFTSPQFPDTrT1Wj7XajA9VVlTB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg

iQEcBAEBCAAGBQJUGEFuAAoJEKeha0olJ0NqhsIH/Rn7IKkwPB/w/rMSAi5KeRTB
VPaMO14tndK7i5nu0lTY2w0DlOFLXglT3fUpYvJ9ONCALHbd4Hc8IdKNUnByTDv3
T6dvPZG9YQE8qE+upc4ZOYYB5T2U9h3J9GI8HMMaa0Q2fxOlTG57dwMnhGX6hdQh
s8piGgV+jDA6ZITNZx3zP+gINsIYNRyzJahre8qv/3OlAoODJryk8upZwigqUJmc
d10VJ8wkOXXkySljAP8WQLrm37rqtUlOrPJXpw4A2ZygFTFe8Sowe7oh98FTXf1U
m5avWIrAEZ9OpULG3VaCqZx7ZhCFqPhPlO+RtKTL3N7qcJn7YC2E5Zo9/30WEfc=
=u4xf
-----END PGP SIGNATURE-----

--D6CjIQQxFTSPQFPDTrT1Wj7XajA9VVlTB--