If the period is too big, the 'delta * period' product result
might overflow, resulting in a negative number, then the
next_event ends before the last_event. This is buggy, as there
is no forward progress. Assert this can not happen.
Signed-off-by: Philippe Mathieu-Daudé <phi...@redhat.com>
---
hw/core/ptimer.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/core/ptimer.c b/hw/core/ptimer.c
index d58e2dfdb0..88085d4c81 100644
--- a/hw/core/ptimer.c
+++ b/hw/core/ptimer.c
@@ -125,6 +125,9 @@ static void ptimer_reload(ptimer_state *s, int delta_adjust)
s->last_event = s->next_event;
s->next_event = s->last_event + delta * period;
+ /* Verify forward progress */
+ g_assert(s->next_event > s->last_event);
+
if (period_frac) {
s->next_event += ((int64_t)period_frac * delta) >> 32;
}
--
2.20.1
