On 01/22/2013 08:07 AM, John Ferlan wrote:
> On 01/22/2013 09:31 AM, Peter Krempa wrote:
>> The count of vCPUs for a domain is extracted as a usingned long variable
>> but is stored in a unsigned short. If the actual number was too large,
>> a faulty number was stored.
>> + if (count == 0 || (unsigned short) count != count) {
>
> maxvcpus is a 'unsigned short' and count is an 'unsigned long', thus if
> def->maxvcpus != count after this point, then we have the overflow,
> right? Or would the compiler "adjust" that comparison behind our back
> on an if check?
For unsigned types, the C standard guarantees that overflow wraps
around, and that casting a larger type down to a smaller type in order
to compare the same number is required to tell you if overflow happened,
at all optimization levels. This code is valid.
For signed types, the C standard says overflow leads to unspecified
behavior, so all bets are off. Thankfully, this isn't dealing with
signed types.
> ACK - I think what you've done is right, although perhaps someone with a
> bit more knowledge of what the compiler does could pipe in (I'm curious
> too).
I think the ACK stands.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list