On Wednesday, 2021-02-03 at 14:18:27 +01, Paolo Bonzini wrote:
> get_image_size() returns an int64_t, which pci_add_option_rom() assigns
> to an "int" without any range checking. A 32-bit BAR could be up to
> 2 GiB in size, so reject anything above it. In order to accomodate
> a rounded-up size
get_image_size() returns an int64_t, which pci_add_option_rom() assigns
to an "int" without any range checking. A 32-bit BAR could be up to
2 GiB in size, so reject anything above it. In order to accomodate
a rounded-up size of 2 GiB, change pci_patch_ids's size argument
to unsigned.
Reviewed-by
