From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:46587)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1ZUF2t-0004ic-JS
	for qemu-devel@nongnu.org; Tue, 25 Aug 2015 10:17:52 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1ZUF2p-0002xq-JO
	for qemu-devel@nongnu.org; Tue, 25 Aug 2015 10:17:51 -0400
Received: from mx1.redhat.com ([209.132.183.28]:55600)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1ZUF2p-0002xJ-EH
	for qemu-devel@nongnu.org; Tue, 25 Aug 2015 10:17:47 -0400
From: Markus Armbruster <armbru@redhat.com>
References: <1425478186-18894-1-git-send-email-ild@inbox.ru>
Date: Tue, 25 Aug 2015 16:17:43 +0200
In-Reply-To: <1425478186-18894-1-git-send-email-ild@inbox.ru> (Ildar Isaev's
	message of "Wed, 4 Mar 2015 17:09:46 +0300")
Message-ID: <87io83jvug.fsf@blackfin.pond.sub.org>
MIME-Version: 1.0
Content-Type: text/plain
Subject: Re: [Qemu-devel] [PATCH] include/hw: field 'offset' in struct
	Property should be ptrdiff_t as int causes overflow
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Ildar Isaev <ild@inbox.ru>
Cc: peter.maydell@linaro.org, qemu-devel@nongnu.org, aliguori@amazon.com, =?utf-8?Q?Andreas_F=C3=A4rber?= <afaerber@suse.de>

Stumbled over this while throwing away old mail.  Andreas, what do you
think?

Ildar Isaev <ild@inbox.ru> writes:

> 'offset' field in struct Property is calculated as a diff between two pointers (hw/core/qdev-properties.c:802)
>
> arrayprop->prop.offset = eltptr - (void *)dev;
>
> If offset is declared as int, this subtraction can cause type overflow
> thus leading to the fall of the subsequent assert (hw/core/qdev-properties.c:803)
>
> assert(qdev_get_prop_ptr(dev, &arrayprop->prop) == eltptr);
>
> So ptrdiff_t should be used instead
>
> Signed-off-by: Ildar Isaev <ild@inbox.ru>
> ---
>  include/hw/qdev-core.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
> index 4e673f9..f0e2a73 100644
> --- a/include/hw/qdev-core.h
> +++ b/include/hw/qdev-core.h
> @@ -224,7 +224,7 @@ struct BusState {
>  struct Property {
>      const char   *name;
>      PropertyInfo *info;
> -    int          offset;
> +    ptrdiff_t    offset;
>      uint8_t      bitnr;
>      uint8_t      qtype;
>      int64_t      defval;