Re: [Xen-devel] [PATCH v3] libxl_set_memory_target: retain the same maxmem offset on top of the current target

Stefano Stabellini Wed, 25 Feb 2015 07:20:46 -0800

On Mon, 2 Feb 2015, Ian Campbell wrote:
> On Thu, 2015-01-29 at 15:08 +0000, Stefano Stabellini wrote:
> > @@ -4775,6 +4781,14 @@ retry_transaction:
> >              new_target_memkb = current_target_memkb + target_memkb;
> >      } else
> >          new_target_memkb = target_memkb - videoram;
> > +
> > +    if (new_target_memkb <= 0) {
> > +        LIBXL__LOG(ctx, LIBXL__LOG_ERROR,
> > +                "cannot set memory target to 0 or less than 0.\n");
> 
> 
> new_target_memkb is uint32 so it can't be less than zero.


I'll remove the check


> In fact, there looks to be some under/overflow bugs hidden in this
> function. e.g. in "new_target_memkb = target_memkb" (since target is
> signed)

That assignment is only done when !relative, in that case target_memkb
should be a positive integer.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH v3] libxl_set_memory_target: retain the same maxmem offset on top of the current target

Reply via email to