From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59723) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XZN52-00062v-6u for qemu-devel@nongnu.org; Wed, 01 Oct 2014 12:48:49 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XZN4x-0005Nt-9W for qemu-devel@nongnu.org; Wed, 01 Oct 2014 12:48:44 -0400 Received: from mx1.redhat.com ([209.132.183.28]:2684) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XZN4x-0005Nn-0y for qemu-devel@nongnu.org; Wed, 01 Oct 2014 12:48:39 -0400 Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s91GmbPs006949 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Wed, 1 Oct 2014 12:48:38 -0400 Message-ID: <542C3064.7090907@redhat.com> Date: Wed, 01 Oct 2014 10:48:36 -0600 From: Eric Blake MIME-Version: 1.0 References: <1412181824-26936-1-git-send-email-armbru@redhat.com> In-Reply-To: <1412181824-26936-1-git-send-email-armbru@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="qNA5OVoEEgLEo4OaSsCqLwgX1hNat73lq" Subject: Re: [Qemu-devel] [PATCH] virtio-balloon: Tweak recent fix for integer overflow List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Markus Armbruster , qemu-devel@nongnu.org Cc: lcapitulino@redhat.com This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --qNA5OVoEEgLEo4OaSsCqLwgX1hNat73lq Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 10/01/2014 10:43 AM, Markus Armbruster wrote: > Commit 1f9296b avoids "other kinds of overflow" by limiting the > polling interval to UINT_MAX. The computations to protect are done in > 64 bits. This is indeed safe when unsigned is 32 bits, as it commonly > is. It isn't when unsigned is 64 bits. Purely theoretical; I'm not > aware of such a system. Limit it to UINT32_MAX instead. >=20 > Signed-off-by: Markus Armbruster > --- > hw/virtio/virtio-balloon.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Reviewed-by: Eric Blake Harmless sanity addition (I seriously doubt at this point that anyone would ever introduce a platform where 'int' is larger than 32 bits) >=20 > diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c > index b5cf7ca..7bfbb75 100644 > --- a/hw/virtio/virtio-balloon.c > +++ b/hw/virtio/virtio-balloon.c > @@ -170,7 +170,7 @@ static void balloon_stats_set_poll_interval(Object = *obj, struct Visitor *v, > return; > } > =20 > - if (value > UINT_MAX) { > + if (value > UINT32_MAX) { > error_setg(errp, "timer value is too big"); > return; > } >=20 --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --qNA5OVoEEgLEo4OaSsCqLwgX1hNat73lq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg iQEcBAEBCAAGBQJULDBkAAoJEKeha0olJ0Nq2eEH/Rppw6yMXASiVGHNjhCNu6Mi Cz+SMWA3N30bVQcivVutU0Tt9iX+1k8X40ktmBzc0h+bN9/d5hsG4TdFVKV5xR7f bYaeEfqCfCUej2Im6sEb6OSHHJDteNKufSVSk+NOu81D61OkKkXR6+cWPj5beRTm QTOj1eWcgGrv+Zg/4nI5AqzrsjY0yrdPBpj3Xe0XgT8gjFv14joD4aZ5/hRbPcXE YyiUX5JBvbnTqFdqhlyYuEw1iiSl7P9RUQgmSfllwI8WNPiYUQOwzPp0MkuQ5pTh TW3leyHn5fxrZCPUcHfxhzOrK6ZVV+NTOy7w8bv7TjolIjNvyNrWi7wbkH4TmKs= =EfO/ -----END PGP SIGNATURE----- --qNA5OVoEEgLEo4OaSsCqLwgX1hNat73lq--