On Tue, Nov 15, 2016 at 11:47:32PM +0100, Max Reitz wrote: > An hbitmap's granularity may be anything from 0 to 63, so when shifting > constants by its value, they should not be plain ints. > > Even having changed the types, hbitmap_serialization_granularity() still > tries to shift 64 to the right by the granularity. This operation is > undefined if the granularity is greater than 57. Adding an assertion is > fine for now, because serializing is done only in tests so far, but this > means that only bitmaps with a granularity below 58 can be serialized > and we should thus add a hbitmap_is_serializable() function later. > > One of the two places touched in this patch uses > QEMU_ALIGN_UP(x, 1 << y). We can use ROUND_UP() there, since the second > parameter is obviously a power of two. > > Signed-off-by: Max Reitz <[email protected]> > --- > v2: > - Fix the same issue in hbitmap_truncate() [Stefan] > - Use ROUND_UP() instead of QEMU_ALIGN_UP() there (because we can) > - Add an assertion to hbitmap_serialization_granularity() guaranteeing > that the shift doesn't overflow; we can guarantee this so far because > the only place where serialization functions are used in is the > hbitmap test > (I'll send a follow-up patch to allow users to check whether a certain > bitmap can be (de-)serialized) > --- > util/hbitmap.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-)
Reviewed-by: Stefan Hajnoczi <[email protected]>
signature.asc
Description: PGP signature
