[Qemu-devel] [PATCH] include/hw: field 'offset' in struct Property should be ptrdiff_t as int causes overflow

Ildar Isaev Wed, 04 Mar 2015 06:57:37 -0800

'offset' field in struct Property is calculated as a diff between two pointers 
(hw/core/qdev-properties.c:802)


arrayprop->prop.offset = eltptr - (void *)dev;

If offset is declared as int, this subtraction can cause type overflow
thus leading to the fall of the subsequent assert 
(hw/core/qdev-properties.c:803)

assert(qdev_get_prop_ptr(dev, &arrayprop->prop) == eltptr);

So ptrdiff_t should be used instead

Signed-off-by: Ildar Isaev <i...@inbox.ru>
---
 include/hw/qdev-core.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
index 4e673f9..f0e2a73 100644
--- a/include/hw/qdev-core.h
+++ b/include/hw/qdev-core.h
@@ -224,7 +224,7 @@ struct BusState {
 struct Property {
     const char   *name;
     PropertyInfo *info;
-    int          offset;
+    ptrdiff_t    offset;
     uint8_t      bitnr;
     uint8_t      qtype;
     int64_t      defval;
-- 
1.9.3

[Qemu-devel] [PATCH] include/hw: field 'offset' in struct Property should be ptrdiff_t as int causes overflow

Reply via email to