[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2 11/11] chardev: FDChardev::max_size be unsign
|
From: |
Paolo Bonzini |
|
Subject: |
Re: [Qemu-devel] [PATCH v2 11/11] chardev: FDChardev::max_size be unsigned |
|
Date: |
Fri, 12 Oct 2018 10:05:28 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0 |
On 12/10/2018 02:22, Philippe Mathieu-Daudé wrote:
> Suggested-by: Paolo Bonzini <address@hidden>
> Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
> ---
> chardev/char-fd.c | 2 +-
> include/chardev/char-fd.h | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/chardev/char-fd.c b/chardev/char-fd.c
> index bb426fa4b1..900da2f935 100644
> --- a/chardev/char-fd.c
> +++ b/chardev/char-fd.c
> @@ -43,7 +43,7 @@ static gboolean fd_chr_read(QIOChannel *chan, GIOCondition
> cond, void *opaque)
> {
> Chardev *chr = CHARDEV(opaque);
> FDChardev *s = FD_CHARDEV(opaque);
> - int len;
> + size_t len;
> uint8_t buf[CHR_READ_BUF_LEN];
> ssize_t ret;
>
> diff --git a/include/chardev/char-fd.h b/include/chardev/char-fd.h
> index e7c2b176f9..36c6b89cee 100644
> --- a/include/chardev/char-fd.h
> +++ b/include/chardev/char-fd.h
> @@ -31,7 +31,7 @@ typedef struct FDChardev {
> Chardev parent;
>
> QIOChannel *ioc_in, *ioc_out;
> - int max_size;
> + size_t max_size;
> } FDChardev;
>
> #define TYPE_CHARDEV_FD "chardev-fd"
>
This shouldn't be just for max_size, it should be for all variables that
are set in the *_read_poll functions (those that you touch in patch 3).
These variables are than used very little, basically only in a
len = MAX(s->max_size, sizeof(buf))
statement, so this switch is safe. However, the order of the patches
should be first 4, then this one (the assertion shows that the switch to
unsigned is safe), then 5-6-9-10, then 7-8. If you convert
implementations before users, the users could in principle overflow
"int" when passing an arguments or storing its value.
All this of course should be documented in commit messages, which are a
bit... scant in this series. :) I'm usually okay with very short commit
messages when the changes are spread across many commits (in that case,
I usually document what all the repetitive changes are in the patches
before and/or after those changes), but in this case you are leaving out
completely the "why" for the changes, and that's not really a good idea.
Finally, can you please include a patch to adjust the assertions in the
USB smartcard code, as mentioned in my original reply to Prasad?
Thanks,
Paolo
- [Qemu-devel] [PATCH v2 03/11] chardev: Simplify IOWatchPoll::fd_can_read as a GSourceFunc, (continued)
- [Qemu-devel] [PATCH v2 03/11] chardev: Simplify IOWatchPoll::fd_can_read as a GSourceFunc, Philippe Mathieu-Daudé, 2018/10/11
- [Qemu-devel] [PATCH v2 04/11] chardev: Assert backend's chr_can_read() is positive, Philippe Mathieu-Daudé, 2018/10/11
- [Qemu-devel] [PATCH v2 05/11] chardev: Let chr_sync_read() use unsigned type, Philippe Mathieu-Daudé, 2018/10/11
- [Qemu-devel] [PATCH v2 06/11] chardev: Let chr_write use unsigned type, Philippe Mathieu-Daudé, 2018/10/11
- [Qemu-devel] [PATCH v2 07/11] chardev: Let IOReadHandler use unsigned type, Philippe Mathieu-Daudé, 2018/10/11
- [Qemu-devel] [PATCH v2 09/11] chardev: Let qemu_chr_fe_* use unsigned type, Philippe Mathieu-Daudé, 2018/10/11
- [Qemu-devel] [PATCH v2 08/11] chardev: Let IOCanReadHandler use unsigned type, Philippe Mathieu-Daudé, 2018/10/11
- [Qemu-devel] [PATCH v2 10/11] chardev: Let qemu_chr_be_* use unsigned type, Philippe Mathieu-Daudé, 2018/10/11
- [Qemu-devel] [PATCH v2 11/11] chardev: FDChardev::max_size be unsigned, Philippe Mathieu-Daudé, 2018/10/11
- Re: [Qemu-devel] [PATCH v2 11/11] chardev: FDChardev::max_size be unsigned,
Paolo Bonzini <=
- Re: [Qemu-devel] [PATCH v2 00/11] chardev: Convert IO handlers to use unsigned type, Daniel P . Berrangé, 2018/10/12