Re: [PATCH v3 1/3] util/main-loop: Fix maximum number of wait objects fo

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 1/3] util/main-loop: Fix maximum number of wait objects fo

From:	Daniel P . Berrangé
Subject:	Re: [PATCH v3 1/3] util/main-loop: Fix maximum number of wait objects for win32
Date:	Wed, 19 Oct 2022 09:41:49 +0100
User-agent:	Mutt/2.2.7 (2022-08-07)

On Wed, Aug 24, 2022 at 04:52:29PM +0800, Bin Meng wrote:
> From: Bin Meng <bin.meng@windriver.com>
> 
> The maximum number of wait objects for win32 should be
> MAXIMUM_WAIT_OBJECTS, not MAXIMUM_WAIT_OBJECTS + 1.
> 
> Signed-off-by: Bin Meng <bin.meng@windriver.com>
> ---
> 
> Changes in v3:
> - move the check of adding the same HANDLE twice to a separete patch
> 
> Changes in v2:
> - fix the logic in qemu_add_wait_object() to avoid adding
>   the same HANDLE twice
> 
>  util/main-loop.c | 11 +++++++----
>  1 file changed, 7 insertions(+), 4 deletions(-)
> 
> diff --git a/util/main-loop.c b/util/main-loop.c
> index f00a25451b..cb018dc33c 100644
> --- a/util/main-loop.c
> +++ b/util/main-loop.c
> @@ -363,10 +363,10 @@ void qemu_del_polling_cb(PollingFunc *func, void 
> *opaque)
>  /* Wait objects support */
>  typedef struct WaitObjects {
>      int num;
> -    int revents[MAXIMUM_WAIT_OBJECTS + 1];
> -    HANDLE events[MAXIMUM_WAIT_OBJECTS + 1];
> -    WaitObjectFunc *func[MAXIMUM_WAIT_OBJECTS + 1];
> -    void *opaque[MAXIMUM_WAIT_OBJECTS + 1];
> +    int revents[MAXIMUM_WAIT_OBJECTS];
> +    HANDLE events[MAXIMUM_WAIT_OBJECTS];
> +    WaitObjectFunc *func[MAXIMUM_WAIT_OBJECTS];
> +    void *opaque[MAXIMUM_WAIT_OBJECTS];
>  } WaitObjects;
>  
>  static WaitObjects wait_objects = {0};
> @@ -395,6 +395,9 @@ void qemu_del_wait_object(HANDLE handle, WaitObjectFunc 
> *func, void *opaque)
>          if (w->events[i] == handle) {
>              found = 1;
>          }
> +        if (i == MAXIMUM_WAIT_OBJECTS - 1) {
> +            break;
> +        }

Took me a while to realize this was protecting the body
of the next if from out of bounds access. Can we redo
this to make it explicit:

>          if (found) {

   if (found &&
       i < (MAXIMUM_WAIT_OBJECTS - 1)) {

>              w->events[i] = w->events[i + 1];
>              w->func[i] = w->func[i + 1];

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH v3 1/3] util/main-loop: Fix maximum number of wait objects for win32, Bin Meng, 2022/10/02
- Re: [PATCH v3 1/3] util/main-loop: Fix maximum number of wait objects for win32, Bin Meng, 2022/10/11
  - Re: [PATCH v3 1/3] util/main-loop: Fix maximum number of wait objects for win32, Bin Meng, 2022/10/19
- Re: [PATCH v3 1/3] util/main-loop: Fix maximum number of wait objects for win32, Daniel P . Berrangé <=

Prev by Date: Re: [PATCH v3 3/3] util/aio-win32: Correct the event array size in aio_poll()
Next by Date: Re: [PATCH v10 6/9] s390x/cpu topology: add topology-disable machine property
Previous by thread: Re: [PATCH v3 1/3] util/main-loop: Fix maximum number of wait objects for win32
Next by thread: Re: [PATCH v1 1/7] contrib/gitdm: add Simon to individual contributors
Index(es):
- Date
- Thread