On 01/22/2013 08:07 AM, John Ferlan wrote: > On 01/22/2013 09:31 AM, Peter Krempa wrote: >> The count of vCPUs for a domain is extracted as a usingned long variable >> but is stored in a unsigned short. If the actual number was too large, >> a faulty number was stored. >> + if (count == 0 || (unsigned short) count != count) { > > maxvcpus is a 'unsigned short' and count is an 'unsigned long', thus if > def->maxvcpus != count after this point, then we have the overflow, > right? Or would the compiler "adjust" that comparison behind our back > on an if check? For unsigned types, the C standard guarantees that overflow wraps around, and that casting a larger type down to a smaller type in order to compare the same number is required to tell you if overflow happened, at all optimization levels. This code is valid. For signed types, the C standard says overflow leads to unspecified behavior, so all bets are off. Thankfully, this isn't dealing with signed types. > ACK - I think what you've done is right, although perhaps someone with a > bit more knowledge of what the compiler does could pipe in (I'm curious > too). I think the ACK stands. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list