On Mon, 3 Dec 2018 at 14:39, Li Zhijian <[email protected]> wrote: > > Some address/memory APIs have different type between > 'hwaddr/target_ulong addr' and 'int len'. It is very unsafety, espcially > some APIs will be passed a non-int len by caller which might cause > overflow quietly. > Below is an potential overflow case: > dma_memory_read(uint32_t len) > -> dma_memory_rw(uint32_t len) > -> dma_memory_rw_relaxed(uint32_t len) > -> address_space_rw(int len) # len overflow > > CC: Paolo Bonzini <[email protected]> > CC: Peter Crosthwaite <[email protected]> > CC: Richard Henderson <[email protected]> > CC: Peter Maydell <[email protected]> > Signed-off-by: Li Zhijian <[email protected]> >
Reviewed-by: Peter Maydell <[email protected]> thanks -- PMM
