Re: [libvirt] [PATCH 1/2] conf: Check if number of vCPUs fits in the storage variable
On 01/22/2013 08:07 AM, John Ferlan wrote:
On 01/22/2013 09:31 AM, Peter Krempa wrote:
> The count of vCPUs for a domain is extracted as a usingned long variable
> but is stored in a unsigned short. If the actual number was too large,
> a faulty number was stored.
> + if (count == 0 || (unsigned short) count != count) {
maxvcpus is a 'unsigned short' and count is an 'unsigned long', thus if
def->maxvcpus != count after this point, then we have the overflow,
right? Or would the compiler "adjust" that comparison behind our back
on an if check?
For unsigned types, the C standard guarantees that overflow wraps
around, and that casting a larger type down to a smaller type in order
to compare the same number is required to tell you if overflow happened,
at all optimization levels. This code is valid.
For signed types, the C standard says overflow leads to unspecified
behavior, so all bets are off. Thankfully, this isn't dealing with
signed types.
ACK - I think what you've done is right, although perhaps someone
with a
bit more knowledge of what the compiler does could pipe in (I'm curious
too).
I think the ACK stands.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 621 bytes)