On Tue, 2 Aug 2011, Avi Kivity wrote: > When trying to map an alias of a ram region, where the alias starts at > address A and we map it into address B, and A > B, we had an arithmetic > underflow. Because we use unsigned arithmetic, the underflow converted > into a large number which failed addrrange_intersects() tests. > > The concrete example which triggered this was cirrus vga mapping > the framebuffer at offsets 0xc0000-0xc7fff (relative to the start of > the framebuffer) into offsets 0xa0000 (relative to system addres space > start). > > With our favorite analogy of a windowing system, this is equivalent to > dragging a subwindow off the left edge of the screen, and failing to clip > it into its parent window which is on screen. > > Fix by switching to signed arithmetic. http://stackoverflow.com/questions/3679047/integer-overflow-in-c-standards-and-compilers In other words UB land [..snip..] -- mailto:av1474@xxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
