Re: [PATCH 1/2] util/main-loop: Fix maximum number of wait objects for win32

[Marc-André Lureau]

Hi

On Fri, Aug 5, 2022 at 6:57 PM Bin Meng <bmeng.cn@gmail.com> wrote:

From: Bin Meng <bin.meng@windriver.com>

The maximum number of wait objects for win32 should be
MAXIMUM_WAIT_OBJECTS, not MAXIMUM_WAIT_OBJECTS + 1.

Signed-off-by: Bin Meng <bin.meng@windriver.com>

Nack,

if wait_objects.num reaches MAXIMUM_WAIT_OBJECTS,

then qemu_del_wait_object() will iterate up to it, and then the branch "if (found)" will access the arrays at position i+1 == MAXIMUM_WAIT_OBJECTS.

Note that the add functions should probably learn to avoid adding the same HANDLE twice, otherwise del is a bit broken.

---

 util/main-loop.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/util/main-loop.c b/util/main-loop.c
index f00a25451b..f15d8e7d12 100644
--- a/util/main-loop.c
+++ b/util/main-loop.c
@@ -363,10 +363,10 @@ void qemu_del_polling_cb(PollingFunc *func, void *opaque)
 /* Wait objects support */
 typedef struct WaitObjects {
     int num;
-    int revents[MAXIMUM_WAIT_OBJECTS + 1];
-    HANDLE events[MAXIMUM_WAIT_OBJECTS + 1];
-    WaitObjectFunc *func[MAXIMUM_WAIT_OBJECTS + 1];
-    void *opaque[MAXIMUM_WAIT_OBJECTS + 1];
+    int revents[MAXIMUM_WAIT_OBJECTS];
+    HANDLE events[MAXIMUM_WAIT_OBJECTS];
+    WaitObjectFunc *func[MAXIMUM_WAIT_OBJECTS];
+    void *opaque[MAXIMUM_WAIT_OBJECTS];
 } WaitObjects;

 static WaitObjects wait_objects = {0};
--
2.34.1

--

Marc-André Lureau