On 01/22/2013 08:07 AM, John Ferlan wrote:
On 01/22/2013 09:31 AM, Peter Krempa wrote:
The count of vCPUs for a domain is extracted as a usingned long variable but is stored in a unsigned short. If the actual number was too large, a faulty number was stored.
+ if (count == 0 || (unsigned short) count != count) {
maxvcpus is a 'unsigned short' and count is an 'unsigned long', thus if def->maxvcpus != count after this point, then we have the overflow, right? Or would the compiler "adjust" that comparison behind our back on an if check?
For unsigned types, the C standard guarantees that overflow wraps around, and that casting a larger type down to a smaller type in order to compare the same number is required to tell you if overflow happened, at all optimization levels. This code is valid. For signed types, the C standard says overflow leads to unspecified behavior, so all bets are off. Thankfully, this isn't dealing with signed types.
ACK - I think what you've done is right, although perhaps someone with a bit more knowledge of what the compiler does could pipe in (I'm curious too).
I think the ACK stands. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org