| Message ID | 20220805145617.952881-1-bmeng.cn@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [1/2] util/main-loop: Fix maximum number of wait objects for win32 | expand |
On Fri, Aug 5, 2022 at 10:56 PM Bin Meng <bmeng.cn@gmail.com> wrote: > > From: Bin Meng <bin.meng@windriver.com> > > The maximum number of wait objects for win32 should be > MAXIMUM_WAIT_OBJECTS, not MAXIMUM_WAIT_OBJECTS + 1. > > Signed-off-by: Bin Meng <bin.meng@windriver.com> > --- > > util/main-loop.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > Ping?
On Mon, Aug 8, 2022 at 5:56 PM Bin Meng <bmeng.cn@gmail.com> wrote: > On Fri, Aug 5, 2022 at 10:56 PM Bin Meng <bmeng.cn@gmail.com> wrote: > > > > From: Bin Meng <bin.meng@windriver.com> > > > > The maximum number of wait objects for win32 should be > > MAXIMUM_WAIT_OBJECTS, not MAXIMUM_WAIT_OBJECTS + 1. > > > > Signed-off-by: Bin Meng <bin.meng@windriver.com> > > --- > > > > util/main-loop.c | 8 ++++---- > > 1 file changed, 4 insertions(+), 4 deletions(-) > > > > Ping? Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> NB: qemu_del_wait_object() seems dubious in case the same handle is added more than once with qemu_add_wait_object().
Hi On Fri, Aug 5, 2022 at 6:57 PM Bin Meng <bmeng.cn@gmail.com> wrote: > From: Bin Meng <bin.meng@windriver.com> > > The maximum number of wait objects for win32 should be > MAXIMUM_WAIT_OBJECTS, not MAXIMUM_WAIT_OBJECTS + 1. > > Signed-off-by: Bin Meng <bin.meng@windriver.com> > Nack, if wait_objects.num reaches MAXIMUM_WAIT_OBJECTS, then qemu_del_wait_object() will iterate up to it, and then the branch "if (found)" will access the arrays at position i+1 == MAXIMUM_WAIT_OBJECTS. Note that the add functions should probably learn to avoid adding the same HANDLE twice, otherwise del is a bit broken. --- > > util/main-loop.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/util/main-loop.c b/util/main-loop.c > index f00a25451b..f15d8e7d12 100644 > --- a/util/main-loop.c > +++ b/util/main-loop.c > @@ -363,10 +363,10 @@ void qemu_del_polling_cb(PollingFunc *func, void > *opaque) > /* Wait objects support */ > typedef struct WaitObjects { > int num; > - int revents[MAXIMUM_WAIT_OBJECTS + 1]; > - HANDLE events[MAXIMUM_WAIT_OBJECTS + 1]; > - WaitObjectFunc *func[MAXIMUM_WAIT_OBJECTS + 1]; > - void *opaque[MAXIMUM_WAIT_OBJECTS + 1]; > + int revents[MAXIMUM_WAIT_OBJECTS]; > + HANDLE events[MAXIMUM_WAIT_OBJECTS]; > + WaitObjectFunc *func[MAXIMUM_WAIT_OBJECTS]; > + void *opaque[MAXIMUM_WAIT_OBJECTS]; > } WaitObjects; > > static WaitObjects wait_objects = {0}; > -- > 2.34.1 > > >
On Tue, Aug 9, 2022 at 9:15 PM Marc-André Lureau <marcandre.lureau@gmail.com> wrote: > > Hi > > On Fri, Aug 5, 2022 at 6:57 PM Bin Meng <bmeng.cn@gmail.com> wrote: >> >> From: Bin Meng <bin.meng@windriver.com> >> >> The maximum number of wait objects for win32 should be >> MAXIMUM_WAIT_OBJECTS, not MAXIMUM_WAIT_OBJECTS + 1. >> >> Signed-off-by: Bin Meng <bin.meng@windriver.com> > > > Nack, > > if wait_objects.num reaches MAXIMUM_WAIT_OBJECTS, > > then qemu_del_wait_object() will iterate up to it, and then the branch "if (found)" will access the arrays at position i+1 == MAXIMUM_WAIT_OBJECTS. > > Note that the add functions should probably learn to avoid adding the same HANDLE twice, otherwise del is a bit broken. > Thanks for the review. Will fix in v2. Regards, Bin
diff --git a/util/main-loop.c b/util/main-loop.c index f00a25451b..f15d8e7d12 100644 --- a/util/main-loop.c +++ b/util/main-loop.c @@ -363,10 +363,10 @@ void qemu_del_polling_cb(PollingFunc *func, void *opaque) /* Wait objects support */ typedef struct WaitObjects { int num; - int revents[MAXIMUM_WAIT_OBJECTS + 1]; - HANDLE events[MAXIMUM_WAIT_OBJECTS + 1]; - WaitObjectFunc *func[MAXIMUM_WAIT_OBJECTS + 1]; - void *opaque[MAXIMUM_WAIT_OBJECTS + 1]; + int revents[MAXIMUM_WAIT_OBJECTS]; + HANDLE events[MAXIMUM_WAIT_OBJECTS]; + WaitObjectFunc *func[MAXIMUM_WAIT_OBJECTS]; + void *opaque[MAXIMUM_WAIT_OBJECTS]; } WaitObjects; static WaitObjects wait_objects = {0};