]> git.proxmox.com Git - mirror_qemu.git/commit
projects / mirror_qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b86d01b) | patch
unify len and addr type for memory/address APIs
authorLi Zhijian <lizhijian@cn.fujitsu.com>
Thu, 17 Jan 2019 12:49:01 +0000 (20:49 +0800)
committerPaolo Bonzini <pbonzini@redhat.com>
Tue, 5 Feb 2019 15:50:18 +0000 (16:50 +0100)
commit0c249ff71c094c0e009e2ccaef5237af3610b0fb
tree855e1f40abe9e930f66749b83ab3a2831992c546tree
parentb86d01ba47cfe3fc7505924ca2804f370383ad97commit | diff
unify len and addr type for memory/address APIs

Some address/memory APIs have different type between
'hwaddr/target_ulong addr' and 'int len'. It is very unsafe, especially
some APIs will be passed a non-int len by caller which might cause
overflow quietly.
Below is an potential overflow case:
    dma_memory_read(uint32_t len)
      -> dma_memory_rw(uint32_t len)
        -> dma_memory_rw_relaxed(uint32_t len)
          -> address_space_rw(int len) # len overflow

CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Peter Crosthwaite <crosthwaite.peter@gmail.com>
CC: Richard Henderson <rth@twiddle.net>
CC: Peter Maydell <peter.maydell@linaro.org>
CC: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
exec.c diff | blob | blame | history
include/exec/cpu-all.h diff | blob | blame | history
include/exec/cpu-common.h diff | blob | blame | history
include/exec/memory.h diff | blob | blame | history
QEMU mirror