diff options
| author | Li Zhijian <lizhijian@cn.fujitsu.com> | 2019-01-17 20:49:01 +0800 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2019-02-05 16:50:18 +0100 |
| commit | 0c249ff71c094c0e009e2ccaef5237af3610b0fb (patch) | |
| tree | 855e1f40abe9e930f66749b83ab3a2831992c546 /include/exec/cpu-all.h | |
| parent | b86d01ba47cfe3fc7505924ca2804f370383ad97 (diff) | |
unify len and addr type for memory/address APIs
Some address/memory APIs have different type between
'hwaddr/target_ulong addr' and 'int len'. It is very unsafe, especially
some APIs will be passed a non-int len by caller which might cause
overflow quietly.
Below is an potential overflow case:
dma_memory_read(uint32_t len)
-> dma_memory_rw(uint32_t len)
-> dma_memory_rw_relaxed(uint32_t len)
-> address_space_rw(int len) # len overflow
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Peter Crosthwaite <crosthwaite.peter@gmail.com>
CC: Richard Henderson <rth@twiddle.net>
CC: Peter Maydell <peter.maydell@linaro.org>
CC: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'include/exec/cpu-all.h')
| -rw-r--r-- | include/exec/cpu-all.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h index 117d2fbbca..b16c9ec513 100644 --- a/include/exec/cpu-all.h +++ b/include/exec/cpu-all.h @@ -367,7 +367,7 @@ void dump_opcount_info(FILE *f, fprintf_function cpu_fprintf); #endif /* !CONFIG_USER_ONLY */ int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr, - uint8_t *buf, int len, int is_write); + uint8_t *buf, target_ulong len, int is_write); int cpu_exec(CPUState *cpu); |