On Tue, Sep 10, 2024 at 07:41:38AM +0200, Stefan Weil wrote: > GitHub's CodeQL reports four critical errors which are fixed by this commit: > > Unsigned difference expression compared to zero > > An expression (u - v > 0) with unsigned values u, v is only false if u == v, > so all changed expressions did not work as expected. > > Signed-off-by: Stefan Weil <s...@weilnetz.de> > --- > > I don't know what effect the errors will have. > Please check whether the fix should be backported to existing versions of > QEMU. > > And I think that it might be a good idea to add the security check to > https://github.com/qemu/qemu, too. The critical errors here and in > net/colo-compare.c > were not reported by other static code analyzers as far as I know. > Paolo, if desired, I can send a patch for CodeQL.
I hope Paolo can see these lines. Patch queued, thanks. -- Peter Xu
