diff mbox series

[v4,1/3] util/main-loop: Fix maximum number of wait objects for win32

Message ID 20221019102015.2441622-1-bmeng.cn@gmail.com (mailing list archive)
State New, archived
Headers show
Series [v4,1/3] util/main-loop: Fix maximum number of wait objects for win32 | expand

Commit Message

Bin Meng Oct. 19, 2022, 10:20 a.m. UTC 
From: Bin Meng <bin.meng@windriver.com>

The maximum number of wait objects for win32 should be
MAXIMUM_WAIT_OBJECTS, not MAXIMUM_WAIT_OBJECTS + 1.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
---

Changes in v4:
- make the out of bounds access protection explicit

Changes in v3:
- move the check of adding the same HANDLE twice to a separete patch

Changes in v2:
- fix the logic in qemu_add_wait_object() to avoid adding
  the same HANDLE twice

 util/main-loop.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

Comments

Bin Meng Oct. 25, 2022, 4:41 p.m. UTC | #1 
On Wed, Oct 19, 2022 at 6:20 PM Bin Meng <bmeng.cn@gmail.com> wrote:
>
> From: Bin Meng <bin.meng@windriver.com>
>
> The maximum number of wait objects for win32 should be
> MAXIMUM_WAIT_OBJECTS, not MAXIMUM_WAIT_OBJECTS + 1.
>
> Signed-off-by: Bin Meng <bin.meng@windriver.com>
> ---
>
> Changes in v4:
> - make the out of bounds access protection explicit
>
> Changes in v3:
> - move the check of adding the same HANDLE twice to a separete patch
>
> Changes in v2:
> - fix the logic in qemu_add_wait_object() to avoid adding
>   the same HANDLE twice
>
>  util/main-loop.c | 10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)
>

Ping?
Bin Meng Nov. 1, 2022, 1:14 a.m. UTC | #2 
Hi Daniel,

On Wed, Oct 26, 2022 at 12:41 AM Bin Meng <bmeng.cn@gmail.com> wrote:
>
> On Wed, Oct 19, 2022 at 6:20 PM Bin Meng <bmeng.cn@gmail.com> wrote:
> >
> > From: Bin Meng <bin.meng@windriver.com>
> >
> > The maximum number of wait objects for win32 should be
> > MAXIMUM_WAIT_OBJECTS, not MAXIMUM_WAIT_OBJECTS + 1.
> >
> > Signed-off-by: Bin Meng <bin.meng@windriver.com>
> > ---
> >
> > Changes in v4:
> > - make the out of bounds access protection explicit
> >
> > Changes in v3:
> > - move the check of adding the same HANDLE twice to a separete patch
> >
> > Changes in v2:
> > - fix the logic in qemu_add_wait_object() to avoid adding
> >   the same HANDLE twice
> >
> >  util/main-loop.c | 10 +++++-----
> >  1 file changed, 5 insertions(+), 5 deletions(-)
> >
>
> Ping?

Would you queue this series? Thanks!

Regards,
Bin
Daniel P. Berrangé Nov. 1, 2022, 12:03 p.m. UTC | #3 
On Tue, Nov 01, 2022 at 09:14:55AM +0800, Bin Meng wrote:
> Hi Daniel,
> 
> On Wed, Oct 26, 2022 at 12:41 AM Bin Meng <bmeng.cn@gmail.com> wrote:
> >
> > On Wed, Oct 19, 2022 at 6:20 PM Bin Meng <bmeng.cn@gmail.com> wrote:
> > >
> > > From: Bin Meng <bin.meng@windriver.com>
> > >
> > > The maximum number of wait objects for win32 should be
> > > MAXIMUM_WAIT_OBJECTS, not MAXIMUM_WAIT_OBJECTS + 1.
> > >
> > > Signed-off-by: Bin Meng <bin.meng@windriver.com>
> > > ---
> > >
> > > Changes in v4:
> > > - make the out of bounds access protection explicit
> > >
> > > Changes in v3:
> > > - move the check of adding the same HANDLE twice to a separete patch
> > >
> > > Changes in v2:
> > > - fix the logic in qemu_add_wait_object() to avoid adding
> > >   the same HANDLE twice
> > >
> > >  util/main-loop.c | 10 +++++-----
> > >  1 file changed, 5 insertions(+), 5 deletions(-)
> > >
> >
> > Ping?
> 
> Would you queue this series? Thanks!

The main loop is not my area as maintainer - it would normally be
Paolo IIRC.

With regards,
Daniel
Bin Meng Nov. 1, 2022, 1:06 p.m. UTC | #4 
On Tue, Nov 1, 2022 at 8:03 PM Daniel P. Berrangé <berrange@redhat.com> wrote:
>
> On Tue, Nov 01, 2022 at 09:14:55AM +0800, Bin Meng wrote:
> > Hi Daniel,
> >
> > On Wed, Oct 26, 2022 at 12:41 AM Bin Meng <bmeng.cn@gmail.com> wrote:
> > >
> > > On Wed, Oct 19, 2022 at 6:20 PM Bin Meng <bmeng.cn@gmail.com> wrote:
> > > >
> > > > From: Bin Meng <bin.meng@windriver.com>
> > > >
> > > > The maximum number of wait objects for win32 should be
> > > > MAXIMUM_WAIT_OBJECTS, not MAXIMUM_WAIT_OBJECTS + 1.
> > > >
> > > > Signed-off-by: Bin Meng <bin.meng@windriver.com>
> > > > ---
> > > >
> > > > Changes in v4:
> > > > - make the out of bounds access protection explicit
> > > >
> > > > Changes in v3:
> > > > - move the check of adding the same HANDLE twice to a separete patch
> > > >
> > > > Changes in v2:
> > > > - fix the logic in qemu_add_wait_object() to avoid adding
> > > >   the same HANDLE twice
> > > >
> > > >  util/main-loop.c | 10 +++++-----
> > > >  1 file changed, 5 insertions(+), 5 deletions(-)
> > > >
> > >
> > > Ping?
> >
> > Would you queue this series? Thanks!
>
> The main loop is not my area as maintainer - it would normally be
> Paolo IIRC.
>

Thanks, but Paolo has been silent since day 1 ...

Regards,
Bin
Philippe Mathieu-Daudé Nov. 1, 2022, 1:40 p.m. UTC | #5 
On 19/10/22 12:20, Bin Meng wrote:
> From: Bin Meng <bin.meng@windriver.com>
> 
> The maximum number of wait objects for win32 should be
> MAXIMUM_WAIT_OBJECTS, not MAXIMUM_WAIT_OBJECTS + 1.
> 
> Signed-off-by: Bin Meng <bin.meng@windriver.com>
> ---
> 
> Changes in v4:
> - make the out of bounds access protection explicit
> 
> Changes in v3:
> - move the check of adding the same HANDLE twice to a separete patch
> 
> Changes in v2:
> - fix the logic in qemu_add_wait_object() to avoid adding
>    the same HANDLE twice
> 
>   util/main-loop.c | 10 +++++-----
>   1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/util/main-loop.c b/util/main-loop.c
> index f00a25451b..de38876064 100644
> --- a/util/main-loop.c
> +++ b/util/main-loop.c
> @@ -363,10 +363,10 @@ void qemu_del_polling_cb(PollingFunc *func, void *opaque)
>   /* Wait objects support */
>   typedef struct WaitObjects {
>       int num;
> -    int revents[MAXIMUM_WAIT_OBJECTS + 1];
> -    HANDLE events[MAXIMUM_WAIT_OBJECTS + 1];
> -    WaitObjectFunc *func[MAXIMUM_WAIT_OBJECTS + 1];
> -    void *opaque[MAXIMUM_WAIT_OBJECTS + 1];
> +    int revents[MAXIMUM_WAIT_OBJECTS];
> +    HANDLE events[MAXIMUM_WAIT_OBJECTS];
> +    WaitObjectFunc *func[MAXIMUM_WAIT_OBJECTS];
> +    void *opaque[MAXIMUM_WAIT_OBJECTS];
>   } WaitObjects;
>   
>   static WaitObjects wait_objects = {0};
> @@ -395,7 +395,7 @@ void qemu_del_wait_object(HANDLE handle, WaitObjectFunc *func, void *opaque)
>           if (w->events[i] == handle) {
>               found = 1;
>           }
> -        if (found) {
> +        if (found && i < (MAXIMUM_WAIT_OBJECTS - 1)) {

Matter of style, I find this form easier to review (same logic than
what follows):

            if (found && i + 1 < MAXIMUM_WAIT_OBJECTS) {

>               w->events[i] = w->events[i + 1];
>               w->func[i] = w->func[i + 1];
>               w->opaque[i] = w->opaque[i + 1];

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
diff mbox series

Patch

diff --git a/util/main-loop.c b/util/main-loop.c
index f00a25451b..de38876064 100644
--- a/util/main-loop.c
+++ b/util/main-loop.c
@@ -363,10 +363,10 @@  void qemu_del_polling_cb(PollingFunc *func, void *opaque)
 /* Wait objects support */
 typedef struct WaitObjects {
     int num;
-    int revents[MAXIMUM_WAIT_OBJECTS + 1];
-    HANDLE events[MAXIMUM_WAIT_OBJECTS + 1];
-    WaitObjectFunc *func[MAXIMUM_WAIT_OBJECTS + 1];
-    void *opaque[MAXIMUM_WAIT_OBJECTS + 1];
+    int revents[MAXIMUM_WAIT_OBJECTS];
+    HANDLE events[MAXIMUM_WAIT_OBJECTS];
+    WaitObjectFunc *func[MAXIMUM_WAIT_OBJECTS];
+    void *opaque[MAXIMUM_WAIT_OBJECTS];
 } WaitObjects;
 
 static WaitObjects wait_objects = {0};
@@ -395,7 +395,7 @@  void qemu_del_wait_object(HANDLE handle, WaitObjectFunc *func, void *opaque)
         if (w->events[i] == handle) {
             found = 1;
         }
-        if (found) {
+        if (found && i < (MAXIMUM_WAIT_OBJECTS - 1)) {
             w->events[i] = w->events[i + 1];
             w->func[i] = w->func[i + 1];
             w->opaque[i] = w->opaque[i + 1];