| Message ID | 1456771254-17511-29-git-send-email-armbru@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Mon, Feb 29, 2016 at 7:40 PM, Markus Armbruster <armbru@redhat.com> wrote: > If size_t is narrower than 64 bits, passing uint64_t ivshmem_size to > mmap() truncates. Reject such sizes. > > Signed-off-by: Markus Armbruster <armbru@redhat.com> > --- Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> > hw/misc/ivshmem.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c > index fb8a4f7..8d54fa9 100644 > --- a/hw/misc/ivshmem.c > +++ b/hw/misc/ivshmem.c > @@ -87,7 +87,7 @@ typedef struct IVShmemState { > */ > MemoryRegion bar; > MemoryRegion ivshmem; > - uint64_t ivshmem_size; /* size of shared memory region */ > + size_t ivshmem_size; /* size of shared memory region */ > uint32_t ivshmem_64bit; > > Peer *peers; > @@ -361,7 +361,7 @@ static int check_shm_size(IVShmemState *s, int fd, Error **errp) > > if (s->ivshmem_size > buf.st_size) { > error_setg(errp, "Requested memory size greater" > - " than shared object size (%" PRIu64 " > %" PRIu64")", > + " than shared object size (%zu > %" PRIu64")", > s->ivshmem_size, (uint64_t)buf.st_size); > return -1; > } else { > @@ -861,7 +861,8 @@ static void pci_ivshmem_realize(PCIDevice *dev, Error **errp) > } else { > char *end; > int64_t size = qemu_strtosz(s->sizearg, &end); > - if (size < 0 || *end != '\0' || !is_power_of_2(size)) { > + if (size < 0 || (size_t)size != size || *end != '\0' > + || !is_power_of_2(size)) { > error_setg(errp, "Invalid size %s", s->sizearg); > return; > } > -- > 2.4.3 > >
diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c index fb8a4f7..8d54fa9 100644 --- a/hw/misc/ivshmem.c +++ b/hw/misc/ivshmem.c @@ -87,7 +87,7 @@ typedef struct IVShmemState { */ MemoryRegion bar; MemoryRegion ivshmem; - uint64_t ivshmem_size; /* size of shared memory region */ + size_t ivshmem_size; /* size of shared memory region */ uint32_t ivshmem_64bit; Peer *peers; @@ -361,7 +361,7 @@ static int check_shm_size(IVShmemState *s, int fd, Error **errp) if (s->ivshmem_size > buf.st_size) { error_setg(errp, "Requested memory size greater" - " than shared object size (%" PRIu64 " > %" PRIu64")", + " than shared object size (%zu > %" PRIu64")", s->ivshmem_size, (uint64_t)buf.st_size); return -1; } else { @@ -861,7 +861,8 @@ static void pci_ivshmem_realize(PCIDevice *dev, Error **errp) } else { char *end; int64_t size = qemu_strtosz(s->sizearg, &end); - if (size < 0 || *end != '\0' || !is_power_of_2(size)) { + if (size < 0 || (size_t)size != size || *end != '\0' + || !is_power_of_2(size)) { error_setg(errp, "Invalid size %s", s->sizearg); return; }
If size_t is narrower than 64 bits, passing uint64_t ivshmem_size to mmap() truncates. Reject such sizes. Signed-off-by: Markus Armbruster <armbru@redhat.com> --- hw/misc/ivshmem.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)