From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Subject: [PATCH 1/2] i should be uint32_t rather than int
Date: Mon, 10 Sep 2012 19:06:22 +0100
Message-ID: <1347300383-9089-1-git-send-email-stefano.stabellini@eu.citrix.com>
References: <alpine.DEB.2.02.1209101842150.15568@kaball.uk.xensource.com>
Mime-Version: 1.0
Content-Type: text/plain
Return-path: <qemu-devel-bounces+gceq-qemu-devel=gmane.org@nongnu.org>
In-Reply-To: <alpine.DEB.2.02.1209101842150.15568@kaball.uk.xensource.com>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+gceq-qemu-devel=gmane.org@nongnu.org
Sender: qemu-devel-bounces+gceq-qemu-devel=gmane.org@nongnu.org
To: xen-devel@lists.xensource.com
Cc: dongxiao.xu@intel.com, Ian.Jackson@eu.citrix.com, qemu-devel@nongnu.org, Stefano Stabellini <stefano.stabellini@eu.citrix.com>
List-Id: xen-devel@lists.xenproject.org

The current code compare i (int) with req->count (uint32_t) in a for
loop, risking an infinite loop if req->count is equal to UINT_MAX.

Also i is only used in comparisons or multiplications with unsigned
integers.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
---
 i386-dm/helper2.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/i386-dm/helper2.c b/i386-dm/helper2.c
index c6d049c..8f2a893 100644
--- a/i386-dm/helper2.c
+++ b/i386-dm/helper2.c
@@ -351,7 +351,8 @@ static inline void write_physical(uint64_t addr, unsigned long size, void *val)
 
 static void cpu_ioreq_pio(CPUState *env, ioreq_t *req)
 {
-    int i, sign;
+    uint32_t i;
+    int sign;
 
     sign = req->df ? -1 : 1;
 
@@ -386,7 +387,8 @@ static void cpu_ioreq_pio(CPUState *env, ioreq_t *req)
 
 static void cpu_ioreq_move(CPUState *env, ioreq_t *req)
 {
-    int i, sign;
+    uint32_t i;
+    int sign;
 
     sign = req->df ? -1 : 1;
 
-- 
1.7.2.5