On 12/3/18 8:48 AM, Li Zhijian wrote: > Some address/memory APIs have different type between > 'hwaddr/target_ulong addr' and 'int len'. It is very unsafety, espcially > some APIs will be passed a non-int len by caller which might cause > overflow quietly. > Below is an potential overflow case: > dma_memory_read(uint32_t len) > -> dma_memory_rw(uint32_t len) > -> dma_memory_rw_relaxed(uint32_t len) > -> address_space_rw(int len) # len overflow > > CC: Paolo Bonzini <[email protected]> > CC: Peter Crosthwaite <[email protected]> > CC: Richard Henderson <[email protected]> > CC: Peter Maydell <[email protected]> > Signed-off-by: Li Zhijian <[email protected]> > > --- > V3: use the same type between len and addr(Peter Maydell) > rebase code basing on > https://patchew.org/QEMU/[email protected]/ > --- > exec.c | 47 > +++++++++++++++++++++++------------------------ > include/exec/cpu-all.h | 2 +- > include/exec/cpu-common.h | 8 ++++---- > include/exec/memory.h | 22 +++++++++++----------- > 4 files changed, 39 insertions(+), 40 deletions(-)
Reviewed-by: Richard Henderson <[email protected]> r~
