On 08/03/2011 12:15 AM, malc wrote:
On Tue, 2 Aug 2011, Avi Kivity wrote:
> When trying to map an alias of a ram region, where the alias starts at
> address A and we map it into address B, and A> B, we had an arithmetic
> underflow. Because we use unsigned arithmetic, the underflow converted
> into a large number which failed addrrange_intersects() tests.
>
> The concrete example which triggered this was cirrus vga mapping
> the framebuffer at offsets 0xc0000-0xc7fff (relative to the start of
> the framebuffer) into offsets 0xa0000 (relative to system addres space
> start).
>
> With our favorite analogy of a windowing system, this is equivalent to
> dragging a subwindow off the left edge of the screen, and failing to clip
> it into its parent window which is on screen.
>
> Fix by switching to signed arithmetic.
http://stackoverflow.com/questions/3679047/integer-overflow-in-c-standards-and-compilers
In other words UB land
No UB land.
Previously, we did something like 0x1000U - 0x2000U = 0xFFFF0000U, later
checking that 0xFFFF0000U < 0U and failing.
Now, we do something like 0x1000 - 0x2000 = -0x1000, later checking that
-0x1000 < 0, and suceeding.
In no case was there undefined behaviour involved. Unsigned underflow
is defined (and produced bad results for this case), Signed underflow
isn't defined (but doesn't occur in this case).
--
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
