On 01/29/21 20:28, Paolo Bonzini wrote:
> get_image_size() returns an int64_t, which pci_add_option_rom() assigns
> to an "int" without any range checking. A 32-bit BAR could be up to
> 2 GiB in size, so reject anything above it. In order to accomodate
> a rounded-up size of 2 GiB, change pci_pat
On 1/29/21 8:28 PM, Paolo Bonzini wrote:
> get_image_size() returns an int64_t, which pci_add_option_rom() assigns
> to an "int" without any range checking. A 32-bit BAR could be up to
> 2 GiB in size, so reject anything above it. In order to accomodate
> a rounded-up size of 2 GiB, change pci_pa
On Fri, Jan 29, 2021 at 08:28:37PM +0100, Paolo Bonzini wrote:
> get_image_size() returns an int64_t, which pci_add_option_rom() assigns
> to an "int" without any range checking. A 32-bit BAR could be up to
> 2 GiB in size, so reject anything above it. In order to accomodate
> a rounded-up size o
get_image_size() returns an int64_t, which pci_add_option_rom() assigns
to an "int" without any range checking. A 32-bit BAR could be up to
2 GiB in size, so reject anything above it. In order to accomodate
a rounded-up size of 2 GiB, change pci_patch_ids's size argument
to unsigned.
Signed-off-
