Hi
----- Original Message -----
> On 15.09.2015 18:07, marcandre.lur...@redhat.com wrote:
> > From: Marc-André Lureau <marcandre.lur...@redhat.com>
> >
> > ivshmem_read() only reads sizeof(long) from the input buffer. Accepting
> > more could lead to fifo8 abort() on 32bit systems if fifo is not empty.
> >
> > Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com>
> > ---
> > hw/misc/ivshmem.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
> > index cc76989..fb53b3f 100644
> > --- a/hw/misc/ivshmem.c
> > +++ b/hw/misc/ivshmem.c
> > @@ -272,7 +272,7 @@ static void ivshmem_receive(void *opaque, const uint8_t
> > *buf, int size)
> >
> > static int ivshmem_can_receive(void * opaque)
> > {
> > - return 8;
> > + return sizeof(long);
> > }
> >
>
> Is the right fix this one, or should ivshmem_read() not rely on sizeof(long)?
See my answer to Paolo:
http://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg05341.html
>
> > static void ivshmem_event(void *opaque, int event)
> >
>
> Ciao,
>
> Claudio
>
>
