On 1/29/21 8:28 PM, Paolo Bonzini wrote: > get_image_size() returns an int64_t, which pci_add_option_rom() assigns > to an "int" without any range checking. A 32-bit BAR could be up to > 2 GiB in size, so reject anything above it. In order to accomodate > a rounded-up size of 2 GiB, change pci_patch_ids's size argument > to unsigned. > > Signed-off-by: Paolo Bonzini <pbonz...@redhat.com> > --- > hw/pci/pci.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-)
Reviewed-by: Philippe Mathieu-Daudé <phi...@redhat.com>
