On 28/07/2015 02:32, Marc-André Lureau wrote:
> From: Marc-André Lureau <marcandre.lur...@gmail.com>
>
> ivshmem_read() only reads sizeof(long) from the input buffer. Accepting
> more could lead to fifo8 abort() on x86 if it's not empty.
>
> Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com>
> ---
> hw/misc/ivshmem.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
> index cc76989..fb53b3f 100644
> --- a/hw/misc/ivshmem.c
> +++ b/hw/misc/ivshmem.c
> @@ -272,7 +272,7 @@ static void ivshmem_receive(void *opaque, const uint8_t
> *buf, int size)
>
> static int ivshmem_can_receive(void * opaque)
> {
> - return 8;
> + return sizeof(long);
> }
>
> static void ivshmem_event(void *opaque, int event)
> -- 2.4.3
I would prefer to change all longs to uint64_t, to avoid a dependency on
the host long size. Even better one could have uint32_t for the id plus
a flags value that for now would always be zero.
Paolo
