[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] overflow of int ret: use ssize_t for ret
|
From: |
Peter Maydell |
|
Subject: |
Re: [Qemu-devel] [PATCH] overflow of int ret: use ssize_t for ret |
|
Date: |
Fri, 23 Nov 2012 14:15:43 +0000 |
On 23 November 2012 14:11, Stefan Hajnoczi <address@hidden> wrote:
> On Thu, Nov 22, 2012 at 10:07 AM, Stefan Priebe <address@hidden> wrote:
>> diff --git a/block/rbd.c b/block/rbd.c
>> index 5a0f79f..0384c6c 100644
>> --- a/block/rbd.c
>> +++ b/block/rbd.c
>> @@ -69,7 +69,7 @@ typedef enum {
>> typedef struct RBDAIOCB {
>> BlockDriverAIOCB common;
>> QEMUBH *bh;
>> - int ret;
>> + ssize_t ret;
>> QEMUIOVector *qiov;
>> char *bounce;
>> RBDAIOCmd cmd;
>> @@ -86,7 +86,7 @@ typedef struct RADOSCB {
>> int done;
>> int64_t size;
>> char *buf;
>> - int ret;
>> + ssize_t ret;
>> } RADOSCB;
>>
>> #define RBD_FD_READ 0
>
> I preferred your previous patch:
>
> ssize_t on 32-bit hosts has sizeof(ssize_t) == 4. In
> qemu_rbd_complete_aio() we may assign acb->ret = rcb->size. Here the
> size field is int64_t, so ssize_t ret would truncate the value.
The rcb size field should be a size_t: it is used for calling
rbd_aio_write and rbd_aio_read so if we've overflowed 32 bits
then we've already got a problem there.
-- PMM